CVE-2024-38425 Improper Authorization in Performance

Information disclosure while sending implicit broadcast containing APP launch information...

PT-2024-26091

Name of the Vulnerable Software and Affected Versions Sound Assistant versions prior to 6.1.0.9 Description The issue concerns the use of implicit intent for sensitive communication in Sound Assistant, allowing local attackers to obtain sensitive information. Recommendations For versions prior to...

PT-2024-26092 · Samsung · Samsung Internet

Name of the Vulnerable Software and Affected Versions: Samsung Internet versions prior to 26.0.3.1 Description: The issue concerns the use of implicit intent for sensitive communication in translation, allowing local attackers to obtain sensitive information. User interaction is required to trigg...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from an information disclosure when sending an implicit broadcast containing app launch information...

PT-2024-27996 · Qualcomm · Snapdragon +22

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns information disclosure when sending an implicit broadcast that contains app launch details. This implies a potential leak of sensitiv...

GHSA-4CRF-28C7-V4GR Openshift Console insufficient entropy vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...

PT-2024-37678 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...

Red Hat OpenShift 安全特征问题漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that stems from the OAuth2 protocol being vulnerable to cross-site request forge...

CVE-2024-42476

CVE-2024-42476 affects the Nim OAuth library prior to v0.11. The Authorization Code and Implicit flows rely on the state parameter to prevent CSRF, but when compiled with certain flags the state check can be bypassed. Version 0.11 fixes this by using a proper state validation (regular if or doAss...

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-42476 oauth CSRF vulnerability

In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...

CVE-2024-34636

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information...

CVE-2024-34636

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information...

CVE-2024-34636

CVE-2024-34636 concerns Samsung Email prior to version 6.1.94.2, where use of implicit intents for sensitive communication may allow local attackers to obtain sensitive information. Connected sources (Red Hat advisory RH:CVE-2024-34636 and other vulnerability records) corroborate the same descrip...

CVE-2024-34636

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information...

CVE-2024-34636

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices version 6.1.94.2, which stemmed from a use-implicit-intent issue contained in th...

PT-2024-26054 · Samsung · Samsung Email

Name of the Vulnerable Software and Affected Versions: Samsung Email versions prior to 6.1.94.2 Description: The issue concerns the use of implicit intent for sensitive communication in Samsung Email, allowing local attackers to obtain sensitive information. Recommendations: For versions prior to...

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

CVE-2024-34602

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability...