222 matches found
CVE-2023-40132
In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
CVE-2023-40132
CVE-2023-40132 affects Google Android through RingtoneManager.setActualDefaultRingtoneUri. The vulnerability arises from a missing permission check when accessing content providers, allowing a local escalation of privilege by bypassing read permissions. Impact is described as local privilege esca...
Google Android 安全漏洞
Google Android is a Linux-based operating system from the American company Google. Google Android suffers from an elevation of privilege vulnerability that stems from a lack of privilege checking and can be exploited to bypass the read permission of a content provider. An attacker can exploit the...
CVE-2024-12993
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
CVE-2024-12993
The CVE-2024-12993 entry describes a vulnerability in Infinix devices stemming from a pre-loaded app com.rlk.weathers that exposes an unsecured content provider. An attacker can communicate with this provider to reveal the user’s location without any privileges (local attack; no user interaction ...
CVE-2024-12993 Location information exposure in Infinix Weather app
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
CVE-2024-12993 Location information exposure in Infinix Weather app
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
Transsion Holdings Infinix Mobile devices 安全漏洞
Transsion Holdings Infinix Mobile devices are a range of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which stems from the pre-installed com.rlk.weathers application exposing an unprotected content...
PT-2024-17855 · Infinix · Infinix Mobile
Name of the Vulnerable Software and Affected Versions: Infinix devices affected versions not specified Description: The issue concerns a pre-loaded application com.rlk.weathers that exposes an unsecured content provider, allowing an attacker to communicate with the provider and reveal the user's...
Malicious code in @nc-tools/namp-cms-content-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 498a73345341328298539519a1ab07df6fb5c55c82721a0ddc259b3d2c534e07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-41828
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider...
CVE-2023-41828
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider...
CVE-2023-41828
The CVE-2023-41828 vulnerability affects the Motorola Phone application, describing an implicit intent export flaw that could allow unauthorized access to a non-exported content provider. The issue is scoped as Local attack, requiring user interaction, with a MEDIUM base score (CVSS 3.1: 4.4) and...
CVE-2023-41828
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider...
Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory. "The implications of...
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code...
CVE-2023-21295
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21295
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Design/Logic Flaw
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21295
CVE-2023-21295 affects Google Android’s SliceManagerService. The root cause is a missing null check in the content provider check, enabling local information disclosure without additional privileges and with no user interaction required. Connected sources (e.g., Red Hat, CNVD, NVD, CNNVD, and And...