EUVD-2015-3890

Malware in sbrugna...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Sep-2025 Release 1, which stems from improper broadcast receiver inten...

CVE-2023-38297

An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of com.factory.mmigroup versionCode='3', versionName='2.1...

CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...

CVE-2023-38292

Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy versionCode='2', versionName='v11.0.1.0.0201.0' that allows local third-party apps to programmatically perform a factory reset due to inadequate acces...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

CVE-2023-38294

The CVE-2023-38294 issue affects Itel Vision 3 Turbo devices with a pre-installed vulnerable app com.transsion.autotest.factory (versionCode 7, versionName 1.8.0(220310_1027)). The root cause is inadequate access control in this component, enabling local third‑party apps to execute arbitrary shel...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

CVE-2023-38293

Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...

CVE-2023-38292

Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy versionCode='2', versionName='v11.0.1.0.0201.0' that allows local third-party apps to programmatically perform a factory reset due to inadequate acces...

CVE-2023-38293

CVE-2023-38293 concerns Nokia C200/C100 devices with a pre-installed com.tracfone.tfstatus app. It allows local third-party apps to inject and execute arbitrary AT commands in the radio context by exploiting two input/injection techniques via a broadcast to com.tracfone.tfstatus/.TFStatus, with n...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

Hardcoded credentials

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

CVE-2023-41372

The CVE-2023-41372 issue affects the Android Client application. It allows an unprivileged third‑party app to arbitrarily modify the client’s server settings, causing the device to connect to an attacker‑controlled malicious server. Root cause: forging a valid broadcast intent encrypted with a ha...

PT-2023-27933 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue allows an unprivileged third-party application to arbitrarily modify the server settings of the Android Client application, causing it to connect to a malicious...

Design/Logic Flaw

In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

ASB-A-234442700

In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-36868

Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices version 3.5.51, which originates from an improper access control vulnerability in...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices version 2.2.11.22081151, which stems from Waterplugin's GalaxyStoreBridgePageLinker...