475 matches found
PT-2024-18712 · Samsung · Samsung Mobile Devices
Name of the Vulnerable Software and Affected Versions: Samsung Mobile Devices versions prior to SMR Jan-2024 Release 1 Description: The issue is related to improper access control in the Notification service, allowing a local attacker to access notification data. Recommendations: For versions pri...
PT-2023-26248 · Fortanix +1 · Fortanix Enclaveos Confidential Computing Manager (Ccm) Platform +1
Name of the Vulnerable Software and Affected Versions: Fortanix EnclaveOS Confidential Computing Manager CCM Platform versions prior to 3.32 for Intel SGX Description: An issue was discovered in the Fortanix EnclaveOS Confidential Computing Manager CCM Platform, which relates to a lack of...
SUSE CVE-2023-49344
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present...
DEBIAN-CVE-2023-49342
Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...
CVE-2023-42573
PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data...
CVE-2023-42675
In imsservice, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...
PT-2023-28560 · Unisoc (Shanghai) Technologies Co. +1 · Sc7731E/Sc9832E/Sc9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000 +1
Name of the Vulnerable Software and Affected Versions: Telecom service affected versions not specified Description: The issue concerns a missing permission check that could allow writing permission usage records of an app. This may lead to local information disclosure without requiring additional...
CVE-2023-42539
PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data...
PT-2023-28405 · Samsung · Samsung Health
Name of the Vulnerable Software and Affected Versions: Samsung Health versions prior to 6.25 Description: The issue allows local attackers to access data through PendingIntent hijacking in the ChallengeNotificationManager. Recommendations: For versions prior to 6.25, update to version 6.25 or lat...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Zilight Zhanrui UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in the dm service, leading to the disclosure of local information...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in validationtools, leading to the disclosure of local information...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in validationtools, leading to the disclosure of local information...
UNISOC Chipsets Security Vulnerability
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in validationtools, leading to the disclosure of local information...
ASB-A-289242655
In multiple locations, there is a possible way for apps to access cross-user message data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21314
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...
Information disclosure
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-18169 · Google · Android
Name of the Vulnerable Software and Affected Versions: TelecomServiceImpl.java affected versions not specified Description: The issue is related to a missing permission check in the registerPhoneAccount function of TelecomServiceImpl.java, which could lead to local information disclosure. This...
Google Pixel Security Breach
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that stems from a TBD component privilege bypass that has a possible way to access location information. This could lead to the disclosure of local information that requires system...
CVE-2023-35675
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...
UBUNTU-CVE-2023-35683
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...