Page 26 of 951 results (0.004 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En NFC, existe una forma posible de configurar una aplicación de pago sin contacto predeterminada sin el consentimiento del usuario debido a que falta una verificación de permiso. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 • CWE-862: Missing Authorization •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. La vulnerabilidad consiste en eliminar archivos arbitrarios en la aplicación LGInstallService ("com.lge.lginstallservies"). • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. La exposición de información confidencial a un actor no autorizado en Persona Manager anterior de Android T(13) permite a un atacante local acceder a la información de los perfiles de los usuarios. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •