CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44126 – Call management - Implicit intents disclose telephony data such as phone numbers, call states, contacts
https://notcve.org/view.php?id=CVE-2023-44126
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc. La vulnerabilidad es que la aplicación de administración de llamadas ("com.android.server.telecom") parcheada por LG envía muchas transmisiones implícitas propiedad de LG que revelan datos sensibles a todas las aplicaciones de terceros instaladas en el mismo dispositivo. Esas intenciones incluyen datos como estados de llamadas, duraciones, números llamados, información de contactos, etc. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-925: Improper Verification of Intent by Broadcast Receiver •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44121 – LG ThinQ Service - Intent redirection with system privilege/LaunchAnyWhere
https://notcve.org/view.php?id=CVE-2023-44121
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. La vulnerabilidad es una redirección de intención en LG ThinQ Service ("com.lge.lms2") en el archivo "com/lge/lms/things/ui/notification/NotificationManager.java". • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-926: Improper Export of Android Application Components •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-33911
https://notcve.org/view.php?id=CVE-2023-33911
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26277 – Security Advisory | PendingIntent hijacking vulnerability in Framework Services
https://notcve.org/view.php?id=CVE-2021-26277
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39912
https://notcve.org/view.php?id=CVE-2022-39912
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •