CVE-2023-44127

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-927
View all →

Vulnerability Description

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

Related Vulnerabilities

CVE-2022-33734

MEDIUM
CVSS:5.5(Medium)

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.

CWE-9272022

CVE-2022-36829

MEDIUM
CVSS:5.5(Medium)

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

CWE-9272022

CVE-2022-36830

MEDIUM
CVSS:5.5(Medium)

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.

CWE-9272022

CVE-2024-3108

MEDIUM
CVSS:5.5(Medium)

An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.

CWE-9272024

CVE-2023-41826

MEDIUM
CVSS:5.1(Medium)

A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permissio...

CWE-9272023

CVE-2023-41820

MEDIUM
CVSS:5.0(Medium)

An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices.

CWE-9272023