Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44129 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | N/A | 3.6 LOW |
| The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. | |||||
| CVE-2023-44121 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2024-11-21 | N/A | 5.0 MEDIUM |
| The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. | |||||
| CVE-2023-41960 | 1 Boschrexroth | 6 Ctrlx Hmi Web Panel Wr2107, Ctrlx Hmi Web Panel Wr2107 Firmware, Ctrlx Hmi Web Panel Wr2110 and 3 more | 2024-11-21 | N/A | 7.1 HIGH |
| The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. | |||||
| CVE-2023-41829 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
| An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization. | |||||
| CVE-2023-41827 | 2024-11-21 | N/A | 5.1 MEDIUM | ||
| An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI. | |||||
| CVE-2023-41823 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. | |||||
| CVE-2023-41822 | 2024-11-21 | N/A | 4.8 MEDIUM | ||
| An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. | |||||
| CVE-2023-41821 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
| A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user information. | |||||
| CVE-2023-41816 | 2024-11-21 | N/A | 5.0 MEDIUM | ||
| An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. | |||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | |||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | |||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | |||||
| CVE-2021-25400 | 1 Samsung | 1 Internet | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | |||||
| CVE-2021-25397 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. | |||||
| CVE-2021-25391 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | |||||
| CVE-2021-25390 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | |||||
| CVE-2021-25388 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. | |||||
| CVE-2021-25379 | 1 Samsung | 1 Gallery | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | |||||