2494 matches found
Design/Logic Flaw
Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...
CVE-2023-42579
Improper usage of insecure protocol i.e. HTTP in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using Man-in-the-Middl...
CVE-2023-42552
Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...
CVE-2023-42545
Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data...
Design/Logic Flaw
Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...
CVE-2023-42552
The CVE-2023-42552 entry concerns Samsung Firewall application on Android with an implicit intent hijacking flaw that lets a third-party tamper the firewall database. Affected versions are: Android 11 prior to 12.1.00.24, Android 12 prior to 13.1.00.16, and Android 13 prior to 14.1.00.7. Root cau...
CVE-2023-42552
Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall...
CVE-2023-42545
Summary: CVE-2023-42545 concerns the Android Phone application using an implicit intent for sensitive communication, enabling potential access to location data. Affected software/versions (from provided details): Android 11 prior to 12.7.20.12; Android 12 includes 13.1.48 and 13.5.28; Android 13 ...
CVE-2023-42545
Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data...
CVE-2023-42545
Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data...
Rocky Linux 8 : wpa_supplicant (RLSA-2021:1686)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1686 advisory. - In p2pcopyclientinfo of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target...
Rocky Linux 9 : flac (RLSA-2022:8078)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8078 advisory. - In appendtoverifyfifointerleaved of streamencoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local informatio...
CVE-2023-30730
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file...
CVE-2023-30730
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file...
CVE-2023-30730
The CVE-2023-30730 issue is an implicit intent hijacking vulnerability in the Samsung Camera app across Android 11–13: Camera prior to 11.0.16.43 (Android 11), 12.0.07.53–12.1.03.10 (Android 12), and 13.0.01.43–13.1.00.83 (Android 13) can allow a local attacker to access specific files. Root caus...
CVE-2023-30730
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file...
Android Manifest Misconfiguration Leading to Task Hijacking
Description Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. This vulnerability applies to all Android versions before Android 11. Steps To Reproduce: 1. Victim installs malicious app 1. Victim starts...
Amazon Linux 2 : flac (ALAS-2023-2106)
The version of flac installed on the remote host is prior to 1.3.0-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2106 advisory. An out-of-bounds write vulnerability was found in libFlak. The vulnerability occurs due to a missing bounds check. This flaw allows a...
CVE-2023-21138
In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for...
CVE-2023-21144
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...