CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-40637
https://notcve.org/view.php?id=CVE-2023-40637
In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges En Telecom service, es posible que falte una verificación de permiso. Esto podría dar lugar a la divulgación de información local sin privilegios de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074 • CWE-862: Missing Authorization •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-40631
https://notcve.org/view.php?id=CVE-2023-40631
In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed En Dialer, es posible que falte una verificación de permisos. Esto podría conducir a la divulgación de información local con privilegios de ejecución de System necesarios. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1707266966118531074 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 72EXPL: 0CVE-2023-32830
https://notcve.org/view.php?id=CVE-2023-32830
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522. En TVAPI, existe una posible escritura fuera de límites debido a una verificación de límites faltantes. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44128 – LGInstallService - Deletion of arbitrary files with system privilege
https://notcve.org/view.php?id=CVE-2023-44128
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. La vulnerabilidad consiste en eliminar archivos arbitrarios en la aplicación LGInstallService ("com.lge.lginstallservies"). • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44127 – Call management - Implicit activity intents disclose contact details and phone numbers
https://notcve.org/view.php?id=CVE-2023-44127
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. La vulnerabilidad es que la aplicación de administración de Llamadas ("com.android.server.telecom") parcheada por LG lanza intenciones implícitas que revelan datos sensibles a todas las aplicaciones de terceros instaladas en el mismo dispositivo. Esas intenciones incluyen datos como detalles de contacto y números de teléfono. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-927: Use of Implicit Intent for Sensitive Communication •