1045 matches found
CVE-2023-44126 Call management - Implicit intents disclose telephony data such as phone numbers, call states, contacts
The vulnerability is that the Call management "com.android.server.telecom" app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers,...
CVE-2023-44125
CVE-2023-44125 affects the Personalized service app (com.lge.abba). The issue is use of implicit PendingIntents without PendingIntent.FLAG_IMMUTABLE, which could enable an attacker’s app (with access to notifications) to hijack intents, intercept them, and then obtain permissions to content provi...
CVE-2023-44124 Screen recording - Theft of arbitrary files with system privilege
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...
CVE-2023-44124
The CVE-2023-44124 issue affects the Screen recording app (com.lge.gametools.gamerecorder). The root cause is that the app launches implicit intents that can be intercepted by other apps on the device, and the returned data goes to onActivityResult, enabling theft of arbitrary files. The app stor...
CVE-2023-44124 Screen recording - Theft of arbitrary files with system privilege
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording "com.lge.gametools.gamerecorder" app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be...
CVE-2023-44122 LockScreenSettings - Theft arbitrary files with system privilege
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings "com.lge.lockscreensettings" app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be...
PT-2023-29116 · Unknown · Lockscreensettings
Name of the Vulnerable Software and Affected Versions: LockScreenSettings affected versions not specified Description: The issue is related to the theft of arbitrary files with system privilege in the LockScreenSettings app. The main problem is that the app launches implicit intents that can be...
[SECURITY] [DLA 3580-1] libapache-mod-jk security update
Debian LTS Advisory DLA-3580-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany September 24, 2023 https://wiki.debian.org/LTS Package : libapache-mod-jk Version : 1:1.2.46-1+deb10u2 CVE ID : CVE-2023-41081 Debian Bug : 1051956 The modjk component of Apache Tomcat...
CVE-2023-31014
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial ...
CVE-2023-31014
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial ...
Design/Logic Flaw
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial ...
CVE-2023-31014
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial ...
CVE-2023-31014
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial ...
NVIDIA GeForce Now Security Vulnerability
NVIDIA GeForce Now NVIDIA GeForce Now,NVIDIA GeForce Now is an open cloud gaming platform from NVIDIA, USA. NVIDIA GeForce A security vulnerability exists in NVIDIA GeForce that stems from a flaw in the game launcher component, where a malicious application on the same device can handle the...
CVE-2023-41081
A vulnerability was found in Apache Tomcat Connectors modjk. Affected versions of this package are vulnerable to information exposure in the modjk component. This flaw allows an attacker to exploit the implicit mapping functionality, resulting in the unintended exposure of the status worker and...
SUSE CVE-2023-4421
The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...
DEBIAN-CVE-2023-41081
Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...
CVE-2023-41081
Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...
Authentication flaw
Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...
UBUNTU-CVE-2023-41081
Important: Authentication Bypass CVE-2023-41081 The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an...