Filtered by CWE-927
Total 16 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-31014 2 Google, Nvidia 2 Android, Geforce Now 2024-09-24 4.2 Medium
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.
CVE-2023-44122 2 Google, Lg 2 Android, V60 Thin Q 5g 2024-09-20 6.1 Medium
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.
CVE-2023-44124 2 Google, Lg 2 Android, V60 Thin Q 5g 2024-09-20 6.1 Medium
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.
CVE-2023-44127 2 Google, Lg 2 Android, V60 Thin Q 5g 2024-09-20 3.6 Low
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.
CVE-2023-41817 2024-08-15 2.8 Low
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.
CVE-2023-41820 2024-08-08 5 Medium
An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. 
CVE-2022-36830 1 Samsung 2 Charm, Charm Firmware 2024-08-03 6.2 Medium
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
CVE-2022-36829 1 Samsung 2 Charm, Charm Firmware 2024-08-03 6.2 Medium
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
CVE-2022-33734 1 Samsung 1 Charm 2024-08-03 6.2 Medium
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
CVE-2022-33733 1 Samsung 1 Charm 2024-08-03 6.2 Medium
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
CVE-2022-4903 1 Codenameone 1 Codename One 2024-08-03 5 Medium
A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.
CVE-2023-41824 2024-08-02 2.8 Low
An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.
CVE-2023-41828 2024-08-02 4.4 Medium
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.  
CVE-2023-41826 2024-08-02 5.1 Medium
A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. 
CVE-2024-3480 2024-08-01 2.8 Low
An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.
CVE-2024-3108 2024-08-01 5.5 Medium
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.