EUVD-2023-48482

Malicious code in bioql PyPI...

CVE-2023-44123

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

ASB-A-278558814

In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-44125

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

Design/Logic Flaw

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

Design/Logic Flaw

The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAGMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Bluetooth "com.lge.bluetoothsetting" app. The attacker's app, if it had access to app notifications, could intercept...

CVE-2023-44125 Personalized service - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking

The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAGIMMUTABLE set that leads to theft and/or over-write of arbitrary files with system privilege in the Personalized service "com.lge.abba" app. The attacker's app, if it had access to app notifications, could...

CVE-2023-44125

CVE-2023-44125 affects the Personalized service app (com.lge.abba). The issue is use of implicit PendingIntents without PendingIntent.FLAG_IMMUTABLE, which could enable an attacker’s app (with access to notifications) to hijack intents, intercept them, and then obtain permissions to content provi...

CVE-2023-44123

The CVE-2023-44123 issue affects com.lge.bluetoothsetting and arises from using implicit PendingIntents with PendingIntent.FLAG_MUTABLE, enabling theft/over-write of arbitrary files with system privilege. An attacker’s app with access to notifications could intercept them, redirect to its activit...

PT-2023-29117 · Lg · Com.Lge.Bluetoothsetting

Name of the Vulnerable Software and Affected Versions: com.lge.bluetoothsetting affected versions not specified Description: The issue is related to the use of implicit PendingIntents with the PendingIntent.FLAG MUTABLE set, which can lead to the theft and/or over-write of arbitrary files with...

PT-2023-29119 · Lg · Com.Lge.Abba

Name of the Vulnerable Software and Affected Versions: com.lge.abba affected versions not specified Description: The issue is related to the use of implicit PendingIntents without the PendingIntent.FLAG IMMUTABLE set, which can lead to theft and/or over-write of arbitrary files with system...

CVE-2022-2390

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...

ASB-A-156021269

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation...