Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-44121 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-09-23 | 5 Medium |
| The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. | ||||
| CVE-2023-44129 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-09-23 | 3.6 Low |
| The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. | ||||
| CVE-2023-41960 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-09-12 | 7.1 High |
| The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. | ||||
| CVE-2023-41827 | 2024-08-23 | 5.1 Medium | ||
| An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI. | ||||
| CVE-2023-41821 | 2024-08-23 | 5 Medium | ||
| A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. | ||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2024-08-03 | 4 Medium |
| Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | ||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2024-08-03 | 3.8 Low |
| Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | ||||
| CVE-2021-25379 | 1 Samsung | 1 Gallery | 2024-08-03 | 4 Medium |
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | ||||
| CVE-2021-25391 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | ||||
| CVE-2021-25400 | 1 Samsung | 1 Internet | 2024-08-03 | 7.8 High |
| Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | ||||
| CVE-2021-25397 | 1 Google | 1 Android | 2024-08-03 | 6.8 Medium |
| An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. | ||||
| CVE-2021-25388 | 1 Google | 1 Android | 2024-08-03 | 7.1 High |
| Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. | ||||
| CVE-2021-25390 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | ||||
| CVE-2021-4438 | 2024-08-03 | 5.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The manipulation leads to improper export of android application components. Attacking locally is a requirement. Upgrading to version 1.1.5 is able to address this issue. The name of the patch is 5423dcb0cd3e4d573b5520a71fa08aa279e4c3c7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-259508. | ||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-08-03 | 4.1 Medium |
| Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | ||||
| CVE-2023-41829 | 2024-08-02 | 5 Medium | ||
| An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization. | ||||
| CVE-2023-41822 | 2024-08-02 | 4.8 Medium | ||
| An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. | ||||
| CVE-2023-41823 | 2024-08-02 | 4.4 Medium | ||
| An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. | ||||
| CVE-2023-41816 | 2024-08-02 | 5 Medium | ||
| An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. | ||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||