62 matches found
CVE-2023-21336
CVE-2023-21336 concerns an information disclosure vulnerability in Android’s Input Method, where side-channel information can reveal whether an app is installed without query permissions. The issue is described as a local information disclosure with no extra execution privileges required, and exp...
CVE-2023-21336
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21338
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...
CVE-2023-21336
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21338
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...
CVE-2023-21338
CVE-2023-21338 affects Android’s Input Method. The issue is a side-channel information disclosure that lets an app determine whether another app is installed without query permissions, enabling local elevation of privilege with no additional execution privileges required. The Android 14 security ...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by the disclosure of side channel information in the input method. The vulnerability can be exploited by an attacker to obtain sensitive...
PT-2023-18114 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: In the Input Method, there is a possible way to determine whether an app is installed without query permissions due to side channel information disclosure. This could lead to local...
PT-2023-18113 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local...
CVE-2023-39384
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2023-39384
Vulnerability of incomplete permission verification in the input method module. Successful exploitation of this vulnerability may cause features to perform abnormally...
PT-2023-17980 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: The issue is related to improper input validation in the setInputMethodWithSubtypeIdLocked function of InputMethodManagerService.java. This could lead to local escalation of privilege with no additional...
[SECURITY] Fedora 37 Update: librime-1.7.3-3.fc37
Rime Input Method Engine Library Support for shape-based and phonetic-based input methods, including those for Chinese dialects. A selected dictionary in Traditional Chinese, powered by opencc for Simplified Chinese output...
OESA-2022-2022 libX11 security update
The libX11-devel package contains libraries and header files for libX11. Security Fixes: A vulnerability was found in X.org libX11 and classified as problematic. This issue affects the function XFreeX11XCBStructure of the file xcbdisp.c. The manipulation of the argument dpy leads to memory leak. ...
ibus bug fix update
An update is available for ibus. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Intelligent Input Bus IBus is an input method framework for multilingual inp...
ALBA-2021:4533 ibus bug fix update
The Intelligent Input Bus IBus is an input method framework for multilingual input in Unix-like operating systems. Bug fix: Previously, in GNOME Wayland desktop in AlmaLinux 8.5, the IBus emoji candidate pop-up was used with IBus UI and the selected candidate could not inserted into the target...
ROS-2-633
2.633 Vulnerability in X.Org Server and libX11 CVE-2020-14347, CVE-2020-14344 1. Vulnerability Description: CVE-2020-14347 - Lack of memory initialization when allocating buffers for pixmaps using the AllocatePixmap call can cause the X client to leak the memory contents from the heap when the X...
libX11: Heap overflow in the X input method client
A flaw was found in libX11. An integer overflow leading to a heap-buffer overflow occurs when setuid programs call XIM client functions while running with elevated privileges. The highest threat from this vulnerability are to data confidentiality and integrity as well as system vulnerability...
March 25, 2021—KB5000850 (OS Build 18363.1474) Preview
March 25, 2021—KB5000850 OS Build 18363.1474 Preview 2/16/21 IMPORTANT As part of the end of support for Adobe Flash, KB4577586 is now available as an optional update from Windows Update WU and Windows Server Update Services WSUS. Installing KB4577586 will remove Adobe Flash Player permanently fr...
Medium: ibus
Issue Overview: A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the...