Lucene search
K

221 matches found

Cvelist
Cvelist
added 2023/10/25 2:12 p.m.28 views

CVE-2023-41960

The vulnerability allows an unprivilegeduntrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself...

7.1CVSS6.9AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2023/10/25 2:12 p.m.34 views

CVE-2023-41960

The CVE-2023-41960 entry describes an issue where an unprivileged third-party application can interact with a content-provider unsafely exposed by the Android Agent application, potentially allowing modification of sensitive settings in the Android Client. Affected component: Android Agent’s cont...

7.1CVSS4AI score0.00185EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-28192 · Unknown · Android Agent

Name of the Vulnerable Software and Affected Versions: Android Agent application affected versions not specified Description: The issue allows an unprivileged untrusted third-party application to interact with a content-provider unsafely exposed by the Android Agent application. This could...

7.1CVSS3.6AI score0.00185EPSS
Exploits0References3
CVE
CVE
added 2023/09/27 2:10 p.m.41 views

CVE-2023-44129

Summary: CVE-2023-44129 affects LG-patched Android Messaging (com.android.mms) via the exported activity com.android.mms.ui.QClipIntentReceiverActivity. An attacker can trigger the activity, broadcast the action com.lge.message.action.QCLIP, and send their own data with Intent.FLAG_GRANT_*; the p...

3.6CVSS4AI score0.00094EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/09/06 4:15 a.m.4 views

CVE-2023-30725

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References1
NVD
NVD
added 2023/09/06 4:15 a.m.23 views

CVE-2023-30725

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider...

5.5CVSS5.4AI score0.0016EPSS
Exploits0References1
Prion
Prion
added 2023/09/06 4:15 a.m.19 views

Authentication flaw

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider...

1.7CVSS5.6AI score0.0016EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/06 3:12 a.m.31 views

CVE-2023-30725

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider...

5.1CVSS5.8AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.5 views

SAMSUNG Galaxy Store Security Breach

SAMSUNG Galaxy Store is an application store by Samsung South Korea. A security vulnerability exists in SAMSUNG Galaxy Store version 4.5.56.6, which stems from an incorrect incoming intent filtering issue that allows a local attacker to access the Privileged Content Provider with Galaxy Store...

6.8CVSS6.5AI score0.00144EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.2 views

SUSE CVE-2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password...

5CVSS6.6AI score0.0085EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/05 12:0 a.m.5 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices Knox VPN module prior to SMR Aug-2022 Release 1, which stems from a vulnerability in the use ...

4CVSS5.1AI score0.00109EPSS
Exploits0References2
OSV
OSV
added 2022/08/01 12:0 a.m.17 views

ASB-A-203229608

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...

7.1CVSS3.5AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2021/12/15 7:15 p.m.3 views

CVE-2021-0799

In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-1976479...

7.8CVSS7.2AI score0.0012EPSS
Exploits0References1
Prion
Prion
added 2021/12/15 7:15 p.m.20 views

Design/Logic Flaw

In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-1976479...

7.2CVSS7.6AI score0.0012EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/15 6:5 p.m.24 views

CVE-2021-0799

In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-1976479...

7.9AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2021/11/05 3:15 a.m.28 views

CVE-2021-25506

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service...

5.5CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/05 2:3 a.m.26 views

CVE-2021-25506

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service...

4CVSS5.7AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2021/11/01 12:0 a.m.32 views

ASB-A-197647956

In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.0012EPSS
Exploits0References2
OSV
OSV
added 2021/10/06 6:15 p.m.3 views

CVE-2021-25499

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store...

5.5CVSS5.8AI score0.00209EPSS
Exploits0References1
NVD
NVD
added 2021/10/06 6:15 p.m.17 views

CVE-2021-25499

Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store...

7.1CVSS0.00209EPSS
Exploits0References1
Rows per page
Query Builder