Lucene search
+L

11 matches found

Github Security Blog
Github Security Blog
added 2025/08/23 3:30 a.m.8 views

Liferay Portal JSONWS API endpoint shares sensitive information

Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin...

7.7CVSS5.8AI score0.00296EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/10/30 5:15 p.m.3 views

CVE-2023-21354

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00085EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.5 views

PT-2023-18111 · Google · Android

Name of the Vulnerable Software and Affected Versions: Settings affected versions not specified Description: The issue allows an attacker to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure...

5.5CVSS5AI score0.00101EPSS
Exploits0References4
OSV
OSV
added 2022/08/12 3:15 p.m.5 views

CVE-2022-20316

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

3.3CVSS5.9AI score0.00095EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.5 views

CVE-2022-20324

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.1AI score0.00098EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.6 views

CVE-2022-20316

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

3.3CVSS5.9AI score0.00095EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.7 views

CVE-2022-20277

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.1AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/11 3:15 p.m.5 views

CVE-2022-20242

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.1AI score0.00091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/30 4:15 p.m.3 views

CVE-2021-39791

In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.2AI score0.00104EPSS
Exploits0References2
OSV
OSV
added 2021/12/15 7:15 p.m.6 views

CVE-2021-1014

In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us...

5.5CVSS5.9AI score0.00111EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2011/12/21 4:52 p.m.1 views

Backdoor in Android for No-Permissions Reverse Shell

Backdoor in Android for No-Permissions Reverse Shell Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes. Thomas...

7.7AI score
Exploits0
Rows per page
Query Builder