17 matches found
CVE-2026-21017
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...
EUVD-2026-34796
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...
EUVD-2025-30892
Malicious code in bioql PyPI...
CVE-2025-10184
CVE-2025-10184 (OnePlus OxygenOS Telephony provider permission bypass) affects OnePlus OxygenOS on multiple devices, via three content providers: com.android.providers.telephony.PushMessageProvider, PushShopProvider and ServiceNumberProvider. Root cause: missing write permissions on these provide...
CVE-2025-10184 OnePlus OxygenOS Telephony provider permission bypass
The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...
CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (FIXED as of October 11, 2025)
Overview Rapid7 has identified a permission bypass vulnerability in multiple versions of OnePlus OxygenOS installed on its Android smartphones, across multiple devices. It is expected that a wider range of devices than those tested are affected. When leveraged, the vulnerability allows any...
PT-2025-39169
Name of the Vulnerable Software and Affected Versions OnePlus OxygenOS versions 12 through 15 Description A critical security issue exists in OnePlus devices running OxygenOS 12 through 15. This flaw allows any installed application to read SMS/MMS data and metadata from the system Telephony...
CVE-2022-39906
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information...
PT-2022-27802 · Unknown · Sectelephonyprovider
Name of the Vulnerable Software and Affected Versions: TelephonyProvider affected versions not specified Description: The issue concerns a problem in the TelephonyProvider module related to obtaining values, which could impact data confidentiality upon successful exploitation. Recommendations: At...
CVE-2022-39906
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information...
CVE-2022-33688
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log...
CVE-2022-33688
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log...
SAMSUNG Mobile devices 日志信息泄露漏洞
Samsung SecTelephonyProvider is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI.An information disclosure vulnerability exists in Samsung SecTelephonyProvider, which stems from a lack of protection for EventType in...
CVE-2020-25062
An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 July 2020...
CVE-2020-0035
In query of TelephonyProvider.java, there is a possible access to SIM card info due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
CVE-2019-2117
In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation...
Unprotected VOIP Server Exposed Millions of SMS Messages, Call Logs
A California-based Voice-Over-IP VoIP services provider VOIPO has accidentally left tens of gigabytes of its customer data, containing millions of call logs, SMS/MMS messages, and plaintext internal system credentials, publicly accessible to anyone without authentication. VOIPo is one of a leadin...