Lucene search
K

11 matches found

CVE
CVE
added 2026/02/04 6:14 a.m.15 views

CVE-2026-20985

Samsung Members app (versions before 5.6.00.11) contains an input validation flaw that allows remote attackers to connect arbitrary URLs and launch arbitrary activities with Samsung Members privileges. Trigger requires user interaction. Impact is elevated privileges within the Samsung Members con...

7CVSS5.6AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.5 views

CVE-2025-22432

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

6.7CVSS6.8AI score0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/08 4:56 p.m.4 views

CVE-2025-22432

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

6.4AI score0.00093EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/06 6:13 a.m.5 views

CVE-2025-21079

Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability...

8.1CVSS6.9AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.5 views

CVE-2023-21256

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS7AI score0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/15 7:15 p.m.3 views

CVE-2023-21138

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for...

7.8CVSS6.1AI score0.00083EPSS
Exploits0References2
Prion
Prion
added 2023/06/15 7:15 p.m.16 views

Input validation

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for...

4.3CVSS7.6AI score0.00083EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.5 views

PT-2023-17930 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-11 through Android-13 Description: The issue is related to improper input validation in the onNullBinding method of CallRedirectionProcessor.java, which can lead to a long-lived connection. This could result in local...

7.8CVSS6.7AI score0.00083EPSS
Exploits0References3
OSV
OSV
added 2023/06/01 12:0 a.m.36 views

ASB-A-273260090

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00083EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.3 views

PT-2023-17749 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12L through Android-13 Description: The issue is related to improper input validation in the launchDeepLinkIntentToRight function of SettingsHomepageActivity.java. This could allow the launch of arbitrary activities,...

8.8CVSS8.4AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 2020/04/07 4:15 p.m.2 views

CVE-2017-18669

An issue was discovered on Samsung mobile devices with N7.x software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 June 2017...

7.5CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder