70 matches found
EUVD-2019-6343
Malware in sbrugna...
EUVD-2019-6342
Malware in sbrugna...
EUVD-2023-32307
Malicious code in bioql PyPI...
CVE-2022-48516
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality...
CVE-2024-43086
In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
LinkedIn: Forced OAuth authorization using button ID in hash and holding space
The vulnerability allowed attackers to conduct a social engineering attack to trick users into authorizing a third-party app to bind to their LinkedIn account without explicit consent. The attack exploited the OAuth process by using a button ID in the hash and requiring the user to press and hold...
Apple's New macOS Sequoia Tightens Gatekeeper Controls to Block Unauthorized Software
Apple on Tuesday announced an update to its next-generation macOS version that makes it a little more difficult for users to override Gatekeeper protections. Gatekeeper is a crucial line of defense built into macOS designed to ensure that only trusted apps run on the operating system. When an app...
CVE-2023-38293
Certain software builds for the Nokia C200 and Nokia C100 Android devices contain a vulnerable, pre-installed app with a package name of com.tracfone.tfstatus versionCode='31', versionName='12' that allows local third-party apps to execute arbitrary AT commands in its context radio user via AT...
CVE-2023-38295
The CVE-2023-38295 entries describe a local privilege escalation in TCL Android devices (TCL 30Z and TCL 10L) caused by a vulnerable pre-installed app (com.tcl.screenrecorder on TCL 30Z and com.tcl.sos on TCL 10L) that lacks a runtime permission. A third-party app can declare and request the miss...
SUSE: Security Advisory (SUSE-SU-2023:4480-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-44121
The vulnerability is an intent redirection in LG ThinQ Service "com.lge.lms2" in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...
Design/Logic Flaw
The vulnerability is an intent redirection in LG ThinQ Service "com.lge.lms2" in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...
CVE-2023-44121 LG ThinQ Service - Intent redirection with system privilege/LaunchAnyWhere
The vulnerability is an intent redirection in LG ThinQ Service "com.lge.lms2" in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...
CVE-2023-44121 LG ThinQ Service - Intent redirection with system privilege/LaunchAnyWhere
The vulnerability is an intent redirection in LG ThinQ Service "com.lge.lms2" in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action...
CVE-2022-48516
Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality...
Patch me if you can: Cyberattack Series
Many organizations utilize third-party apps for identity security solutions to automate and unburden overtaxed IT admins from tedious tasks that employees can perform via self-service without IT assistance. But in September 2021, our researchers observed threat actors exploiting one such...
CVE-2023-34165
Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions...
CVE-2022-20217
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378...
Design/Logic Flaw
android exported is used to set third-party app access permissions, and the default value of intent-filter is true. com.sprd.firewall has set exported as true.Product: AndroidVersions: Android SoCAndroid ID: A-231911916...
Code injection
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378...