Lucene search
K

3145 matches found

Prion
Prion
added 2019/11/14 5:15 p.m.19 views

Design/Logic Flaw

The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification vi...

2.1CVSS4AI score0.00277EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.15 views

Design/Logic Flaw

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other...

2.1CVSS5.3AI score0.00305EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.13 views

Authorization

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...

2.1CVSS5.3AI score0.00285EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.11 views

Authorization

The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device t...

2.1CVSS5.3AI score0.00285EPSS
Exploits0References1
Prion
Prion
added 2019/11/14 5:15 p.m.15 views

Authorization

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...

2.1CVSS5.3AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/14 4:27 p.m.17 views

CVE-2019-15470

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other...

5.3AI score0.00305EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 4:27 p.m.49 views

CVE-2019-15470

CVE-2019-15470 involves a pre-installed component on Xiaomi Redmi Note 6 Pro (build tulip 8.1.0) named com.qualcomm.qti.callenhancement. The issue arises because this app exposes an interface that allows other pre-installed apps to perform microphone audio recording via components accessible to a...

5.5CVSS5.3AI score0.00305EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 4:26 p.m.23 views

CVE-2019-15428

The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification vi...

3.8AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 4:26 p.m.49 views

CVE-2019-15428

The CVE-2019-15428 entry refers to a vulnerability in the Xiaomi Mi Note 2 where a pre-installed app (com.miui.powerkeeper, versionCode 40000, versionName 4.0.00) enables unauthorized wireless settings modification via a confused deputy attack. Affected device builds are Xiaomi/scorpio/scorpio:6....

3.3CVSS4AI score0.00277EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 4:25 p.m.20 views

CVE-2019-15385

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...

5.3AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 4:25 p.m.45 views

CVE-2019-15385

The CVE-2019-15385 issue affects the Infinix Note 5 running Android, where a pre-installed app (package com.mediatek.wfo.impl, versionCode 27, versionName 8.1.0) exposes an exported interface that allows any co-located app to modify a system property without proper authorization. This is tied to ...

5.5CVSS5.3AI score0.00285EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 4:25 p.m.20 views

CVE-2019-15366

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...

5.3AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 4:25 p.m.43 views

CVE-2019-15366

CVE-2019-15366 pertains to the Infinix Note 5 on Android 8.1.0 where a pre-installed app with package name com.mediatek.wfo.impl exposes an interface that allows any app colocated on the device to modify a system property without proper authorization. Root cause is an exported interface with insu...

5.5CVSS5.3AI score0.00285EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/14 4:25 p.m.28 views

CVE-2019-15361

The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device t...

5.3AI score0.00285EPSS
Exploits0References1
CVE
CVE
added 2019/11/14 4:25 p.m.45 views

CVE-2019-15361

The CVE-2019-15361 entry concerns the Infinix Note 5 Android device with fingerprint Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys. A pre-installed app with package name com.mediatek.wfo.impl (versionCode 27, versionName 8.1.0) exposes an exported interface that al...

5.5CVSS5.3AI score0.00285EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/06 10:14 p.m.94 views

CVE-2019-16401

The CVE-2019-16401 entry concerns Samsung Galaxy S8 Plus, Galaxy S3, and Galaxy Note 2 devices. These devices allegedly allow injection of AT+CIMI and AT+CGSN over Bluetooth, exposing sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength...

6.5CVSS6.7AI score0.00513EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/06 10:12 p.m.22 views

CVE-2019-16400

Samsung Galaxy S8 plus Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3, Samsung Galaxy S3 Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8, and Samsung...

6.8AI score0.00458EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/05 9:11 p.m.7 views

elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h

In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...

5.5CVSS7.4AI score0.01027EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/05 9:11 p.m.10 views

elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl

In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...

5.5CVSS6AI score0.01508EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/01 1:3 p.m.6 views

php: Uninitialized read in exif_process_IFD_in_MAKERNOTE

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...

7.5CVSS7.3AI score0.06677EPSS
Exploits1References4
Rows per page
Query Builder