3145 matches found
Design/Logic Flaw
The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification vi...
Design/Logic Flaw
The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other...
Authorization
The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...
Authorization
The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device t...
Authorization
The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...
CVE-2019-15470
The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other...
CVE-2019-15470
CVE-2019-15470 involves a pre-installed component on Xiaomi Redmi Note 6 Pro (build tulip 8.1.0) named com.qualcomm.qti.callenhancement. The issue arises because this app exposes an interface that allows other pre-installed apps to perform microphone audio recording via components accessible to a...
CVE-2019-15428
The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification vi...
CVE-2019-15428
The CVE-2019-15428 entry refers to a vulnerability in the Xiaomi Mi Note 2 where a pre-installed app (com.miui.powerkeeper, versionCode 40000, versionName 4.0.00) enables unauthorized wireless settings modification via a confused deputy attack. Affected device builds are Xiaomi/scorpio/scorpio:6....
CVE-2019-15385
The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...
CVE-2019-15385
The CVE-2019-15385 issue affects the Infinix Note 5 running Android, where a pre-installed app (package com.mediatek.wfo.impl, versionCode 27, versionName 8.1.0) exposes an exported interface that allows any co-located app to modify a system property without proper authorization. This is tied to ...
CVE-2019-15366
The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the devi...
CVE-2019-15366
CVE-2019-15366 pertains to the Infinix Note 5 on Android 8.1.0 where a pre-installed app with package name com.mediatek.wfo.impl exposes an interface that allows any app colocated on the device to modify a system property without proper authorization. Root cause is an exported interface with insu...
CVE-2019-15361
The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device t...
CVE-2019-15361
The CVE-2019-15361 entry concerns the Infinix Note 5 Android device with fingerprint Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys. A pre-installed app with package name com.mediatek.wfo.impl (versionCode 27, versionName 8.1.0) exposes an exported interface that al...
CVE-2019-16401
The CVE-2019-16401 entry concerns Samsung Galaxy S8 Plus, Galaxy S3, and Galaxy Note 2 devices. These devices allegedly allow injection of AT+CIMI and AT+CGSN over Bluetooth, exposing sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength...
CVE-2019-16400
Samsung Galaxy S8 plus Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3, Samsung Galaxy S3 Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8, and Samsung...
elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h
In elfutils 0.175, a negative-sized memcpy is attempted in elfcvtnote in libelf/notexlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service program crash...
elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl
In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...
php: Uninitialized read in exif_process_IFD_in_MAKERNOTE
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exifprocessIFDinMAKERNOTE because of mishandling the makernote-offset relationship to valuelen...