EUVD-2021-28850

Malicious code in bioql PyPI...

EUVD-2021-28851

Malicious code in bioql PyPI...

CVE-2021-41850

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located...

CVE-2021-41848

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...

CVE-2021-41849

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information PII in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity IMEI. This PII is transmitted to...

CVE-2021-41848

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...

Improper access control

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located...

Information disclosure

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information PII in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity IMEI. This PII is transmitted to...

CVE-2021-41848

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...

CVE-2021-41849

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information PII in plaintext using HTTP to servers located in China: user's list of installed apps and device International Mobile Equipment Identity IMEI. This PII is transmitted to...

CVE-2021-41848

The CVE-2021-41848 issue affects Luna Simo PPR1.180610.011/202001031830. An attacker with local write access to external storage can supply a spoofed update file containing a shell script and an ARM binary. If processed by /system/bin/osi_bin, this payload can run with the osi SELinux domain as r...

CVE-2021-41849

The CVE-2021-41849 entry concerns Luna Simo PPR1.180610.011/202001031830, where PII (installed apps list, IMEI) is transmitted in plaintext over HTTP to log.skyroam.com.cn, independent of Simo usage. This is documented across multiple sources (NVD/Red Hat PRION/PR-ION PT-Security) and confirmed b...

CVE-2021-41850

CVE-2021-41850 affects Luna Simo devices (e.g., PPR1.180610.011/202001031830). A pre-installed app with package name com.skyroam.silverhelper writes three IMEI values to system properties at startup, which can be read via getprop by any co-located third-party app, even without permissions. This c...

CVE-2021-41850

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located...

PT-2022-11500 · Luna Simo · Luna Simo

Name of the Vulnerable Software and Affected Versions: Luna Simo PPR1.180610.011/202001031830 Description: An issue was discovered in Luna Simo where it sends Personally Identifiable Information PII in plaintext using HTTP to servers located in China. The PII includes the user's list of installed...

Luna Simo信息泄露漏洞

Luna Simo is a smartphone from the Korean company Luna. A security vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from improper access control, where all third-party applications located on the device can obtain the value of the system IMEI attribute even...

Luna Simo 安全漏洞

Luna Simo is a smartphone from the Korean company Luna. A security vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from the fact that it uses HTTP to send the following personally identifiable information PII in clear text to a server in China...

Luna Simo 信任管理问题漏洞

Luna Simo is a smartphone from the South Korean company Luna. A trust management issue vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from the fact that it incorrectly handles software updates, allowing a local third-party application to deliver a deceptiv...

Remote Command Execution Vulnerability in Simo Smart DNS of Shanghai Simo Communication Technology Co.

Simo Smart DNS is the intelligent DNS device of Shanghai Simo Communication Technology Co. Ltd. A remote command execution vulnerability exists in Simo Smart DNS, which can be exploited by attackers to execute arbitrary commands...

Oracle Linux 6 : krb5 (ELSA-2016-0493)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0493 advisory. - Fix CVE-2015-8629 and CVE-2015-8631 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...