Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3480 | 2024-06-13 | 2.8 Low | ||
| An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data. | ||||
| CVE-2024-3108 | 2024-06-04 | 5.5 Medium | ||
| An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. | ||||
| CVE-2023-41828 | 2024-06-04 | 4.4 Medium | ||
| An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. | ||||
| CVE-2023-41824 | 2024-06-04 | 2.8 Low | ||
| An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data. | ||||
| CVE-2023-41826 | 2024-06-04 | 5.1 Medium | ||
| A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. | ||||
| CVE-2022-4903 | 1 Codenameone | 1 Codename One | 2024-05-17 | 8.1 High |
| A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-41817 | 2024-05-03 | 2.8 Low | ||
| An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information. | ||||
| CVE-2023-41820 | 2024-05-03 | 5.0 Medium | ||
| An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. | ||||
| CVE-2023-44122 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-10-02 | 7.8 High |
| The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable. | ||||
| CVE-2023-44124 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-10-02 | 3.3 Low |
| The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage. | ||||
| CVE-2023-44127 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-10-02 | 5.5 Medium |
| he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. | ||||
| CVE-2023-31014 | 2 Google, Nvidia | 2 Android, Geforce Now | 2023-09-22 | 4.8 Medium |
| NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | ||||
| CVE-2022-36830 | 1 Samsung | 2 Charm, Charm Firmware | 2023-07-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | ||||
| CVE-2022-36829 | 1 Samsung | 2 Charm, Charm Firmware | 2023-07-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | ||||
| CVE-2022-33734 | 1 Samsung | 1 Charm | 2023-07-21 | 5.5 Medium |
| Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | ||||
| CVE-2022-33733 | 1 Samsung | 1 Charm | 2023-07-21 | 3.3 Low |
| Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | ||||
Page 1 of 1.