Lucene search
+L

222 matches found

OSV
OSV
added 2025/01/21 11:15 p.m.5 views

CVE-2023-40132

In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.8CVSS5.9AI score0.00083EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 11:4 p.m.762 views

CVE-2023-40132

CVE-2023-40132 affects Google Android through RingtoneManager.setActualDefaultRingtoneUri. The vulnerability arises from a missing permission check when accessing content providers, allowing a local escalation of privilege by bypassing read permissions. Impact is described as local privilege esca...

7.8CVSS7.1AI score0.00083EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based operating system from the American company Google. Google Android suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking and can be exploited to bypass the read permission of a content provider. An attacker can exploit the...

7.8CVSS6.5AI score0.00083EPSS
Exploits0References1
NVD
NVD
added 2024/12/30 11:15 a.m.27 views

CVE-2024-12993

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...

4.8CVSS0.00242EPSS
Exploits0References2
CVE
CVE
added 2024/12/30 11:1 a.m.58 views

CVE-2024-12993

The CVE-2024-12993 entry describes a vulnerability in Infinix devices stemming from a pre-loaded app com.rlk.weathers that exposes an unsecured content provider. An attacker can communicate with this provider to reveal the user’s location without any privileges (local attack; no user interaction ...

4.8CVSS6.6AI score0.00242EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/30 11:1 a.m.31 views

CVE-2024-12993 Location information exposure in Infinix Weather app

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...

4.8CVSS0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/30 11:1 a.m.5 views

CVE-2024-12993 Location information exposure in Infinix Weather app

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...

4.8CVSS7AI score0.00242EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/30 12:0 a.m.4 views

Transsion Holdings Infinix Mobile devices 安全漏洞

Transsion Holdings Infinix Mobile devices are a range of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which stems from the pre-installed com.rlk.weathers application exposing an unprotected content...

4.8CVSS6.6AI score0.00242EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.6 views

PT-2024-17855 · Infinix · Infinix Mobile

Name of the Vulnerable Software and Affected Versions: Infinix devices affected versions not specified Description: The issue concerns a pre-loaded application com.rlk.weathers that exposes an unsecured content provider, allowing an attacker to communicate with the provider and reveal the user's...

4.8CVSS7AI score0.00242EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/08/07 11:53 p.m.2 views

Malicious code in @nc-tools/namp-cms-content-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 498a73345341328298539519a1ab07df6fb5c55c82721a0ddc259b3d2c534e07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
NVD
NVD
added 2024/05/03 2:15 p.m.12 views

CVE-2023-41828

An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider...

4.4CVSS4.6AI score0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/03 2:6 p.m.15 views

CVE-2023-41828

An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider...

4.4CVSS6.8AI score0.00163EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:6 p.m.63 views

CVE-2023-41828

The CVE-2023-41828 vulnerability affects the Motorola Phone application, describing an implicit intent export flaw that could allow unauthorized access to a non-exported content provider. The issue is scoped as Local attack, requiring user interaction, with a MEDIUM base score (CVSS 3.1: 4.4) and...

4.4CVSS6.7AI score0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/03 2:6 p.m.26 views

CVE-2023-41828

An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider...

4.4CVSS5AI score0.00163EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/05/02 2:22 p.m.11 views

Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of...

7.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2024/05/01 6:0 p.m.17 views

“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps

Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...

7.5AI score
Exploits0
NVD
NVD
added 2023/10/30 5:15 p.m.38 views

CVE-2023-21295

In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.2AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2023/10/30 5:15 p.m.9 views

CVE-2023-21295

In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00105EPSS
Exploits0References1
Prion
Prion
added 2023/10/30 5:15 p.m.19 views

Design/Logic Flaw

In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

1.7CVSS5.8AI score0.00105EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/30 4:18 p.m.56 views

CVE-2023-21295

CVE-2023-21295 affects Google Android’s SliceManagerService. The root cause is a missing null check in the content provider check, enabling local information disclosure without additional privileges and with no user interaction required. Connected sources (e.g., Red Hat, CNVD, NVD, CNNVD, and And...

5.5CVSS5.2AI score0.00105EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder