CVE-2023-30737

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent...

CVE-2023-30734

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent...

CVE-2023-30734

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent...

PT-2023-22940 · Samsung · Samsung Health

Name of the Vulnerable Software and Affected Versions: Samsung Health versions prior to 6.24.3.007 Description: The issue is related to improper access control, allowing attackers to access sensitive information via implicit intent. Recommendations: For versions prior to 6.24.3.007, update to...

CVE-2023-44127

he vulnerability is that the Call management "com.android.server.telecom" app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers...

CVE-2023-44127

he vulnerability is that the Call management "com.android.server.telecom" app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers...

CVE-2023-44126

The vulnerability is that the Call management "com.android.server.telecom" app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...

CVE-2023-44126

The vulnerability is that the Call management "com.android.server.telecom" app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...

CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44124

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

CVE-2023-44122

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

Design/Logic Flaw

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

Design/Logic Flaw

The vulnerability is that the Call management "com.android.server.telecom" app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...

Design/Logic Flaw

The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...

Design/Logic Flaw

The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...

Design/Logic Flaw

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

Design/Logic Flaw

he vulnerability is that the Call management "com.android.server.telecom" app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers...

CVE-2023-44127

CVE-2023-44127 involves LG-patched call management (com.android.server.telecom). The issue is that it launches implicit intents which disclose sensitive data (e.g., contact details and phone numbers) to all third-party apps on the same device. Exploitation details are not provided in the document...

CVE-2023-44127 Call management - Implicit activity intents disclose contact details and phone numbers

he vulnerability is that the Call management "com.android.server.telecom" app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers...

CVE-2023-44127 Call management - Implicit activity intents disclose contact details and phone numbers

he vulnerability is that the Call management "com.android.server.telecom" app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers...