CVE-2023-32822
- EPSS 0.09%
- Veröffentlicht 02.10.2023 03:15:09
- Zuletzt bearbeitet 21.11.2024 08:04:06
In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID...
CVE-2023-32823
- EPSS 0.09%
- Veröffentlicht 02.10.2023 03:15:09
- Zuletzt bearbeitet 21.11.2024 08:04:06
In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID...
CVE-2023-44216
- EPSS 1.81%
- Veröffentlicht 27.09.2023 15:19:39
- Zuletzt bearbeitet 21.11.2024 08:25:27
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue...
CVE-2023-44127
- EPSS 0.12%
- Veröffentlicht 27.09.2023 15:19:37
- Zuletzt bearbeitet 21.11.2024 08:25:18
he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact deta...
CVE-2023-44128
- EPSS 0.07%
- Veröffentlicht 27.09.2023 15:19:37
- Zuletzt bearbeitet 21.11.2024 08:25:18
he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are ...
CVE-2023-44129
- EPSS 0.09%
- Veröffentlicht 27.09.2023 15:19:37
- Zuletzt bearbeitet 21.11.2024 08:25:18
The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionali...
CVE-2023-44126
- EPSS 0.12%
- Veröffentlicht 27.09.2023 15:19:36
- Zuletzt bearbeitet 21.11.2024 08:25:17
The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data s...
CVE-2023-44121
- EPSS 0.1%
- Veröffentlicht 27.09.2023 15:19:35
- Zuletzt bearbeitet 21.11.2024 08:25:17
The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending...
CVE-2023-44122
- EPSS 0.1%
- Veröffentlicht 27.09.2023 15:19:35
- Zuletzt bearbeitet 21.11.2024 08:25:17
The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the a...
CVE-2023-44123
- EPSS 0.13%
- Veröffentlicht 27.09.2023 15:19:35
- Zuletzt bearbeitet 21.11.2024 08:25:17
The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if...