Lucene search
+L

126 matches found

Prion
Prion
added 2022/01/10 2:12 p.m.17 views

Authorization

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READPRIVILEGEDPHONESTATE permission...

2.1CVSS4.1AI score0.00102EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/07 10:39 p.m.105 views

CVE-2022-22272

CVE-2022-22272 affects TelephonyManager in Samsung/Android prior to the SMR Jan-2022 Release 1. The issue is improper authorization that allows an attacker to obtain the IMSI without READ_PRIVILEGED_PHONE_STATE permission. Root cause is insufficient access control in TelephonyManager’s handling o...

4CVSS4.1AI score0.00102EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/07 10:39 p.m.33 views

CVE-2022-22272

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READPRIVILEGEDPHONESTATE permission...

4CVSS4.6AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/01/07 12:0 a.m.6 views

PT-2022-15318 · Unknown · Telephonymanager

Name of the Vulnerable Software and Affected Versions: TelephonyManager versions prior to SMR Jan-2022 Release 1 Description: The issue is related to improper authorization in TelephonyManager, allowing attackers to obtain the IMSI without the required READ PRIVILEGED PHONE STATE permission...

4CVSS3.8AI score0.00102EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/07 12:0 a.m.40 views

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2022-08457)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in a component of Huawei HarmonyOS. An attacker can exploit the vulnerability to bypass the necessary privileges to gain acce...

5.3CVSS5.4AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2021/09/09 7:15 p.m.29 views

CVE-2021-25451

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data...

4.3CVSS0.00229EPSS
Exploits0References1
Prion
Prion
added 2021/09/09 7:15 p.m.15 views

Code injection

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data...

4.3CVSS4.1AI score0.00229EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/09 6:3 p.m.49 views

CVE-2021-25451

CVE-2021-25451 affects Android’s NetworkPolicyManagerService where a PendingIntent hijack can lead to exposure of IMSI data. The vulnerability is local, requiring user interaction, with a low-moderate CVSS (3.3 on 3.1, base score 3.3; confidentiality impact: Low). Root cause stated: manipulation ...

4.3CVSS4.1AI score0.00229EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/09 6:3 p.m.29 views

CVE-2021-25451

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data...

3.3CVSS4.3AI score0.00229EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2021/08/16 3:12 p.m.102 views

100m T-Mobile Customer Records Purportedly Up for Sale

A threat actor is selling what they claim to be 30 million T-Mobile customers’ Social Security and driver license numbers on an underground web forum. The collection is a subset of the purported 100 million records contained in stolen databases. The seller told Motherboard – which first reported...

6.7AI score
Exploits0References10
CNVD
CNVD
added 2021/04/30 12:0 a.m.14 views

Unspecified Vulnerability in Samsung SMR (CNVD-2021-45731)

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR APR-2021 Release 1, which can be exploited by a local attacker to access IMSI values via an untrusted application...

4CVSS6.6AI score0.00106EPSS
Exploits0References1
NVD
NVD
added 2021/04/09 6:15 p.m.30 views

CVE-2021-25358

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...

4CVSS0.00106EPSS
Exploits0References2
OSV
OSV
added 2021/04/09 6:15 p.m.4 views

CVE-2021-25358

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...

3.3CVSS5.8AI score0.00106EPSS
Exploits0References2
Prion
Prion
added 2021/04/09 6:15 p.m.26 views

Input validation

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...

2.1CVSS4AI score0.00106EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/04/09 5:34 p.m.63 views

CVE-2021-25358

CVE-2021-25358 affects Samsung SMR (system patch package). Before SMR APR-2021 Release 1, IMSI values could be stored in an improper path, enabling local attackers to access IMSI values via untrusted applications. Vulnerability is localized to affected SMR components; root cause is improper stora...

4CVSS4AI score0.00106EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/09 5:34 p.m.32 views

CVE-2021-25358

A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications...

4CVSS4.5AI score0.00106EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/09 12:0 a.m.6 views

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR APR-2021 Release 1, which can be exploited by a local attacker to access IMSI values via an untrusted application...

4CVSS5.6AI score0.00106EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2020/12/16 2:0 p.m.37 views

New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service DoS attacks to deprive subscribers of...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/11/24 5:36 p.m.20 views

Baidu Mobile Apps in Google Play Leak Sensitive Data

Multiple Android mobile apps found in Google Play, including Baidu Search Box and Baidu Maps, were found by researchers to be leaking data that could be used to track users – even if they switch devices. The apps have each been downloaded millions of times, according to Palo Alto Unit 42...

6.9AI score
Exploits0References3
Schneier on Security
Schneier on Security
added 2020/10/26 11:53 a.m.44 views

IMSI-Catchers from Canada

Gizmodo is reporting that Harris Corp. is no longer selling Stingray IMSI-catchers and, presumably, its follow-on models Hailstorm and Crossbow to local governments: L3Harris Technologies, formerly known as the Harris Corporation, notified police agencies last year that it planned to discontinue...

0.3AI score
Exploits0
Rows per page
Query Builder