EUVD-2018-6866

Malware in sbrugna...

EUVD-2019-13202

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-0424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission...

CVE-2022-20438

In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259920...

CVE-2022-20241

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-20440

In Messaging, There has unauthorized broadcast, this could cause Local Deny of Service.Product: AndroidVersions: Android SoCAndroid ID: A-242259918...

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks

Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance...

CVE-2023-44129

The vulnerability is that the Messaging "com.android.mms" app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a...

PT-2022-14664 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue concerns an unauthorized broadcast in the Messaging component of Android, potentially leading to a Local Deny of Service. Recommendations: At the moment, there is no information...

Input validation

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

Google Android 输入验证错误漏洞

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that results from improper input validation in messaging. An attacker could use this vulnerability to obtain sensitive information...

PT-2021-6395 · Google · Aosp Sms/Mms

Name of the Vulnerable Software and Affected Versions: Visual Voice Mail VVM application through 2022-02-24 for Android Description: The issue is related to insufficient protection of service data in the Visual Voice Mail VVM application for Android. An attacker can exploit this by temporarily...

CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

DEBIAN-CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Design/Logic Flaw

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

CVE-2019-11730

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

CVE-2017-0476

A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged...