CVE-2023-39384

Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally...

Huawei HarmonyOS Input Method Module Authorization Issue Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an authorization issue vulnerability that stems from insufficient privilege checks in the Input Method module. An attacker can...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an authorization issue vulnerability that stems from insufficient privilege checks in the Input Method module. An attacker can...

CVE-2023-21192

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Google Pixel 输入验证错误漏洞

Google Pixel is a smartphone from Google, an American company. Google Pixel suffers from a security vulnerability that originates in setInputMethodWithSubtypeIdLocked in InputMethodManagerService.java, which may bypass notifications to hide preferences due to improper input validation, which coul...

PT-2023-17980 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: The issue is related to improper input validation in the setInputMethodWithSubtypeIdLocked function of InputMethodManagerService.java. This could lead to local escalation of privilege with no additional...

June 28, 2023—KB5027292 (OS Build 22000.2124) Preview

June 28, 2023—KB5027292 OS Build 22000.2124 Preview 3/28/23 IMPORTANT Starting in April 2023, optional, non-security preview updates will release on the fourth Tuesday of the month. For more information, see Windows monthly updates explained. For information about Windows update terminology, see...

PUB-A-227207653

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

K70949911: Glib vulnerability CVE-2019-14822

Security Advisory Description A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrok...

SUSE CVE-2009-4112

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands...

SUSE CVE-2013-4509

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen...

SUSE CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

SUSE CVE-2017-7752

A use-after-free vulnerability during specific user interactions with the input method editor IME in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox 54, Firefox...

SUSE CVE-2019-14822

A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is usi...

January 26, 2023—KB5022360 (OS Build 22621.1194) Preview

January 26, 2023—KB5022360 OS Build 22621.1194 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

[SECURITY] Fedora 37 Update: librime-1.7.3-3.fc37

Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...

[SECURITY] Fedora 36 Update: librime-1.7.3-2.fc36

Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...

Fedora: Security Advisory for librime (FEDORA-2022-5d37367673)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OESA-2022-2022 libX11 security update

The libX11-devel package contains libraries and header files for libX11. Security Fixes: A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function XFreeX11XCBStructure of the file xcbdisp.c. The manipulation of the argument dpy leads to memory leak. ...

CVE-2022-20394

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...