45 matches found
CVE-2018-14066
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READSMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo...
EUVD-2009-2446
Malware in sbrugna...
EUVD-2018-5988
Malware in sbrugna...
EUVD-2019-6367
Malware in sbrugna...
EUVD-2019-6386
Malware in sbrugna...
EUVD-2019-6362
Malware in sbrugna...
EUVD-2024-51251
Malicious code in bioql PyPI...
EUVD-2024-33513
Malicious code in bioql PyPI...
CVE-2024-12993
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
CVE-2024-10576
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact th...
CVE-2019-15385
The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...
CVE-2019-15361
The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device t...
CVE-2019-15366
The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...
CVE-2024-12993
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
CVE-2024-12993
The CVE-2024-12993 entry describes a vulnerability in Infinix devices stemming from a pre-loaded app com.rlk.weathers that exposes an unsecured content provider. An attacker can communicate with this provider to reveal the user’s location without any privileges (local attack; no user interaction ...
CVE-2024-12993 Location information exposure in Infinix Weather app
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
CVE-2024-12993 Location information exposure in Infinix Weather app
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We...
PT-2024-17855 · Infinix · Infinix Mobile
Name of the Vulnerable Software and Affected Versions: Infinix devices affected versions not specified Description: The issue concerns a pre-loaded application com.rlk.weathers that exposes an unsecured content provider, allowing an attacker to communicate with the provider and reveal the user's...
Transsion Holdings Infinix Mobile devices 安全漏洞
Transsion Holdings Infinix Mobile devices are a range of mobile devices from Transsion Holdings, a Chinese company. A security vulnerability exists in the Transsion Holdings Infinix Mobile devices, which stems from the pre-installed com.rlk.weathers application exposing an unprotected content...
CVE-2024-10576
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact th...