34 matches found
ASB-A-142125338
In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2020-0061
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
Information disclosure
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2020-0061
CVE-2020-0061 pertains to Pixel Recorder on Android, where a permissions bypass can allow arbitrary apps to record audio, leading to local information disclosure without extra execution privileges. The vulnerability affects the Android System component as listed in the Pixel Update Bulletin (Syst...
CVE-2018-14992
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm versionCode=1510500200, versionName=1.5.0.40171122 has an exposed interface...
CVE-2017-13873
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary...
Samsung Mobile Device Design Vulnerabilities
Samsung mobile devices are smart mobile devices released by Samsung in South Korea.Android N is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. A security vulnerability exists in Samsung mobile devices using the Android N 7.x version, whi...
Design/Logic Flaw
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses...
CVE-2016-4086
Huawei HiSuite In China before 4.0.4.301 and Out of China before 4.0.4.204ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors...
CVE-2016-4086
Huawei HiSuite In China before 4.0.4.301 and Out of China before 4.0.4.204ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors...
Code injection
Huawei HiSuite In China before 4.0.4.301 and Out of China before 4.0.4.204ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors...
CVE-2016-4086
CVE-2016-4086 affects Huawei HiSuite (China: before 4.0.4.301; outside China: before 4.0.4.204_ove). The vulnerability is described as a permission control flaw in HiSuite that allows an unauthenticated attacker on the local network (LAN) to remotely install arbitrary apps on a connected Huawei p...
The vulnerability of the iOS operating system allows attackers to bypass event handlers and modify events of arbitrary applications.
The vulnerability of the XPC Services software interface in the LaunchServices component of the iOS operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass event handler restrictions and modify events of arbitrary application...
CVE-2014-1276
CVE-2014-1276 affects Apple iOS prior to 7.1 via the IOKit HID Event interface. The vulnerability allows a crafted app to monitor user actions across arbitrary apps by accessing an IOKit framework interface, due to insufficient access controls in IOKit. Apple addressed this in iOS 7.1 (patch link...