Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.
This issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to enumerate a user's installed apps.
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access protected user data.
In isRedactionNeededForOpenViaContentResolver of MediaProvider.java, there is a possible way to reveal the location of media due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
The register protection of the PowerVR GPU is incorrectly configured. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data.
Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
The issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. An app may be able to access user-sensitive data.
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access protected user data.
The issue was addressed with improved handling of caches. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note.
In dump of WindowManagerService.java, there is a possible way of running dumpsys without the required permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple functions of VpnManager.java, there is a possible cross-user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08698617; Issue ID: MSV-1394.
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
The issue was addressed by adding additional logic. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Privacy Indicators for microphone or camera access may not be correctly displayed.
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
Private Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with improved UI.
IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system.
Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.