120 matches found
CVE-2021-44751
The CVE describes a vulnerability in the F-Secure SAFE browser where a malicious website containing USSD code via JavaScript or an iframe can trigger the browser’s dialer. This could allow an attacker to send USSD messages or initiate calls. The impact notes that on most modern Androids the diale...
Security Vulnerabilities fixed in Firefox 97 — Mozilla
A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...
Mozilla Firefox < 97.0
The version of Firefox installed on the remote Windows host is prior to 97.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-04 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firef...
CVE-2019-12000
HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging...
CVE-2019-12000
CVE-2019-12000 relates to the HPE MSE Msg Gw application E-LTU prior to version 3.2, where a potential Remote Access Restriction Bypass exists when HTTPS is used between the USSD and an external USSD service logic application. Affected component: HPE MSE Messaging Gateway (E-LTU); root cause: ins...
CVE-2020-12745
An issue was discovered on Samsung mobile devices with Q10.0 software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 May 2020...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with Q10.0 software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 May 2020...
CVE-2020-12745
CVE-2020-12745 affects Samsung mobile devices running Q(10.0). The issue enables bypass of the locked-state protection to read clipboard content via USSD. The root cause is described as a protection bypass, but no further technical details or affected versions are provided in the connected docume...
CVE-2020-12745
An issue was discovered on Samsung mobile devices with Q10.0 software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 May 2020...
CVE-2018-21078
An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...
Design/Logic Flaw
An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...
Design/Logic Flaw
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application...
SIM Info/USSD/Recharge Offers - Customized SSL, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application SIM Info/USSD/Recharge Offers published at the 'play' market has multiple vulnerabilities...
Android Exploited to Make, End Phone Calls; Send USSD Codes
A pair of vulnerabilities in all but the newest KitKat iteration of Google’s Android operating system could let a malicious or rogue application exceed its permission level in order to make phone calls, hang up phone calls, or send USSD or MMI codes. Marco Lux and Pedro Umbelino of Curesec claim...
Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions
A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user’s device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc...
First Tor-Based Android Malware Spotted in the Wild
We use our Smartphone devices to do almost everything, from Internet Banking to Sharing private files and at the same pace, the mobile malware sector is also growing. The number of variants of malicious software aimed at mobile devices has reportedly risen about 185% in less than a year. Security...
New Android malware forwards incoming messages to hacker
A new type of Android malware that can intercept text messages and forwarding to hackers is discovered by the Russian firm Doctor Web. This is a very serious threat to users, because using this malware attackers can easily get two factor authentication code of your Email or bank accounts. The...
New Android malware forwards incoming messages to hacker
A new type of Android malware that can intercept text messages and forwarding to hackers is discovered by the Russian firm Doctor Web. This is a very serious threat to users, because using this malware attackers can easily get two factor authentication code of your Email or bank accounts. The...
Line of code let the Samsung galaxy do Factory Reset-vulnerability warning-the black bar safety net
SAMSUNG including the GALAXY S3 and other models of the smart phone there is a serious security vulnerability, a line of USSD code can be formatted the phone and even damage the SIM card! The current is determined there is a problem of the phone as follows: Galaxy S3, Galaxy S2, Galaxy Ace, Galax...
Samsung Fixes Remote Wipe Flaw in Galaxy S III Smartphones
Smartphone developer Samsung has reportedly fixed a flaw in one of its newest phones, the Galaxy S III, that allows attackers to remotely wipe the phone’s contents. The patch addresses a flaw presented at the Ekoparty Security Conference in Argentina late last week that showed how easy it was to...