Search criteria
18 vulnerabilities
CVE-2025-5719 (GCVE-0-2025-5719)
Vulnerability from cvelistv5 – Published: 2025-06-06 03:40 – Updated: 2025-06-09 13:37
VLAI?
Summary
The wallet has an authentication bypass vulnerability that allows access to specific pages.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:37:45.794587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:37:49.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wallet",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions below 5.1.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The wallet has an authentication bypass vulnerability that allows access to specific pages.\u003cbr\u003e"
}
],
"value": "The wallet has an authentication bypass vulnerability that allows access to specific pages."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T03:40:33.310Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=18"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2025-5719",
"datePublished": "2025-06-06T03:40:33.310Z",
"dateReserved": "2025-06-05T07:16:07.160Z",
"dateUpdated": "2025-06-09T13:37:49.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46941 (GCVE-0-2024-46941)
Vulnerability from cvelistv5 – Published: 2025-06-06 03:24 – Updated: 2025-06-09 13:42
VLAI?
Summary
SystemUI has an incorrect component protection setting, which allows access to specific information.
Severity ?
CWE
- CWE-281 - Improper Preservation of Permissions
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:42:03.794018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:42:08.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SystemUI",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions below 14.0.8.120"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SystemUI has an incorrect component protection setting, which allows access to specific information.\n\n\u003cbr\u003e"
}
],
"value": "SystemUI has an incorrect component protection setting, which allows access to specific information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/V:D",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T03:24:32.260Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=17"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SystemUI component protection settings vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2024-46941",
"datePublished": "2025-06-06T03:24:32.260Z",
"dateReserved": "2024-09-15T22:07:33.094Z",
"dateUpdated": "2025-06-09T13:42:08.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13186 (GCVE-0-2024-13186)
Vulnerability from cvelistv5 – Published: 2025-01-08 08:28 – Updated: 2025-01-08 14:02
VLAI?
Summary
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | MinigameCenter |
Affected:
Versions below 2.2.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T14:01:46.244699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T14:02:21.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MinigameCenter",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions below 2.2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.\u003cbr\u003e"
}
],
"value": "The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T08:28:21.455Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=16"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MinigameCenter information leakage vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2024-13186",
"datePublished": "2025-01-08T08:28:21.455Z",
"dateReserved": "2025-01-08T01:49:46.455Z",
"dateUpdated": "2025-01-08T14:02:21.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13185 (GCVE-0-2024-13185)
Vulnerability from cvelistv5 – Published: 2025-01-08 08:08 – Updated: 2025-01-08 14:13
VLAI?
Summary
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | MinigameCenter |
Affected:
Versions below 2.3.5.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13185",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T14:11:51.963794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T14:13:33.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MinigameCenter",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions below 2.3.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.\u003cbr\u003e"
}
],
"value": "The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T08:08:12.559Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=15"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "MinigameCenter module information leakage vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2024-13185",
"datePublished": "2025-01-08T08:08:12.559Z",
"dateReserved": "2025-01-08T01:49:22.173Z",
"dateUpdated": "2025-01-08T14:13:33.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13173 (GCVE-0-2024-13173)
Vulnerability from cvelistv5 – Published: 2025-01-08 07:44 – Updated: 2025-01-08 14:16
VLAI?
Summary
The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13173",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T14:14:36.275229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T14:16:22.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Health",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions below 4.1.6.33"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.\u003cbr\u003e"
}
],
"value": "The health module has insufficient restrictions on loading URLs, which may lead to some information leakage."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T07:44:48.592Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Health information leakage vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2024-13173",
"datePublished": "2025-01-08T07:44:48.592Z",
"dateReserved": "2025-01-07T02:55:48.538Z",
"dateUpdated": "2025-01-08T14:16:22.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26281 (GCVE-0-2021-26281)
Vulnerability from cvelistv5 – Published: 2024-12-17 06:37 – Updated: 2024-12-17 14:41
VLAI?
Summary
Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.
Severity ?
5.5 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Alarm clock |
Affected:
Versions earlier than 6.0.1.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:41:02.631650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:41:26.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Alarm clock",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 6.0.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Some parameters of the alarm clock module are improperly stored, leaking some sensitive information.\u003cbr\u003e"
}
],
"value": "Some parameters of the alarm clock module are improperly stored, leaking some sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T06:37:53.687Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure vulnerability in Alarm clock module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2021-26281",
"datePublished": "2024-12-17T06:37:53.687Z",
"dateReserved": "2021-01-27T19:41:45.353Z",
"dateUpdated": "2024-12-17T14:41:26.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26280 (GCVE-0-2021-26280)
Vulnerability from cvelistv5 – Published: 2024-12-17 06:27 – Updated: 2024-12-17 14:38
VLAI?
Summary
Locally installed application can bypass the permission check and perform system operations that require permission.
Severity ?
7.9 (High)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Permission manager module |
Affected:
Versions earlier than Android 10
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:37:46.709012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:38:18.226Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Permission manager module",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions earlier than Android 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Locally installed application can bypass the permission check and perform system operations that require permission.\u003cbr\u003e"
}
],
"value": "Locally installed application can bypass the permission check and perform system operations that require permission."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T06:27:22.498Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Permission bypass vulnerability in permission manager module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2021-26280",
"datePublished": "2024-12-17T06:27:22.498Z",
"dateReserved": "2021-01-27T19:41:45.352Z",
"dateUpdated": "2024-12-17T14:38:18.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26279 (GCVE-0-2021-26279)
Vulnerability from cvelistv5 – Published: 2024-12-17 03:34 – Updated: 2024-12-17 17:30
VLAI?
Summary
Some parameters of the weather module are improperly stored, leaking some sensitive information.
Severity ?
5.9 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:25:16.336795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T17:30:02.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Weather",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 6.0.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Some parameters of the weather module are improperly stored, leaking some sensitive information.\u003cbr\u003e"
}
],
"value": "Some parameters of the weather module are improperly stored, leaking some sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T03:34:42.148Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure vulnerability in Weather module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2021-26279",
"datePublished": "2024-12-17T03:34:42.148Z",
"dateReserved": "2021-01-27T19:41:45.352Z",
"dateUpdated": "2024-12-17T17:30:02.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26278 (GCVE-0-2021-26278)
Vulnerability from cvelistv5 – Published: 2024-12-17 03:05 – Updated: 2024-12-17 17:30
VLAI?
Summary
The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.
Severity ?
6.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:25:19.006568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T17:30:08.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wifi",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions earlier than Android 10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device.\u003cbr\u003e"
}
],
"value": "The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T03:05:03.842Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive information leakage vulnerability in wifi module",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2021-26278",
"datePublished": "2024-12-17T03:05:03.842Z",
"dateReserved": "2021-01-27T19:41:45.352Z",
"dateUpdated": "2024-12-17T17:30:08.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12487 (GCVE-0-2020-12487)
Vulnerability from cvelistv5 – Published: 2024-12-17 02:53 – Updated: 2024-12-17 14:44
VLAI?
Summary
Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:44:27.965434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:44:40.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABE",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 4.4.0.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.\u003cbr\u003e"
}
],
"value": "Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T02:53:22.309Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Execution Vulnerability in ABE service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12487",
"datePublished": "2024-12-17T02:53:22.309Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-12-17T14:44:40.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12484 (GCVE-0-2020-12484)
Vulnerability from cvelistv5 – Published: 2024-12-17 02:36 – Updated: 2024-12-17 14:54
VLAI?
Summary
When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.
Severity ?
6.4 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T14:54:11.114793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T14:54:21.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wifi",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "Versions earlier than 8.12.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks.\u003cbr\u003e"
}
],
"value": "When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks."
}
],
"impacts": [
{
"capecId": "CAPEC-151",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-151 Identity Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T02:36:45.758Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12484",
"datePublished": "2024-12-17T02:36:45.758Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-12-17T14:54:21.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-46939 (GCVE-0-2024-46939)
Vulnerability from cvelistv5 – Published: 2024-11-28 03:26 – Updated: 2024-12-02 11:19
VLAI?
Summary
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Game Extension Engine |
Affected:
versions below 1.2.7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T11:17:13.728354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T11:19:36.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Game Extension Engine",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "versions below 1.2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u0026nbsp;local specific files\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u00a0local specific files"
}
],
"impacts": [
{
"capecId": "CAPEC-186",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-186 Malicious Software Update"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:N/R:A/V:D",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T03:26:28.929Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=13"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Game Extension Engine Path Traversal Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2024-46939",
"datePublished": "2024-11-28T03:26:28.929Z",
"dateReserved": "2024-09-15T22:07:33.094Z",
"dateUpdated": "2024-12-02T11:19:36.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12492 (GCVE-0-2020-12492)
Vulnerability from cvelistv5 – Published: 2024-11-25 10:11 – Updated: 2024-11-25 17:02
VLAI?
Summary
Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:02:20.383757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:02:32.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Framework",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "ard11 and below versions released before 2022.2.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information.\u003cbr\u003e"
}
],
"value": "Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T10:11:30.761Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=12"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Wifi information acquisition vulnerability in Framework Services",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12492",
"datePublished": "2024-11-25T10:11:30.761Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-11-25T17:02:32.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12491 (GCVE-0-2020-12491)
Vulnerability from cvelistv5 – Published: 2024-11-25 10:08 – Updated: 2024-11-25 17:03
VLAI?
Summary
Improper control of framework service permissions with possibility of some sensitive device information leakage.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-12491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:02:53.241577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:03:03.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Framework",
"vendor": "vivo",
"versions": [
{
"status": "affected",
"version": "ard11 and below versions released before 2022.2.24"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper control of framework service permissions with possibility of some sensitive device information leakage.\u003cbr\u003e"
}
],
"value": "Improper control of framework service permissions with possibility of some sensitive device information leakage."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T10:08:14.791Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=11"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Framework Information Disclosure Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12491",
"datePublished": "2024-11-25T10:08:14.791Z",
"dateReserved": "2020-04-30T00:00:00.000Z",
"dateUpdated": "2024-11-25T17:03:03.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26277 (GCVE-0-2021-26277)
Vulnerability from cvelistv5 – Published: 2023-02-17 00:00 – Updated: 2025-03-18 15:29
VLAI?
Summary
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.
Severity ?
5.6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Frame service |
Affected:
2021.6.30 , < all
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=8"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-26277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T15:29:48.487018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:29:56.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Frame service",
"vendor": "vivo",
"versions": [
{
"lessThan": "all",
"status": "affected",
"version": "2021.6.30",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-17T00:00:00.000Z",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Security Advisory | PendingIntent hijacking vulnerability in Framework Services",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2021-26277",
"datePublished": "2023-02-17T00:00:00.000Z",
"dateReserved": "2021-01-27T00:00:00.000Z",
"dateUpdated": "2025-03-18T15:29:56.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12488 (GCVE-0-2020-12488)
Vulnerability from cvelistv5 – Published: 2021-11-10 15:49 – Updated: 2024-09-16 22:25
VLAI?
Summary
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
Severity ?
5.5 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | Jovi Smart Scene |
Affected:
6.2.2.52 , < all
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Jovi Smart Scene",
"vendor": "vivo",
"versions": [
{
"lessThan": "all",
"status": "affected",
"version": "6.2.2.52",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-10T15:49:58",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Broken Access Control Vulnerability in Jovi Smart Scene",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vivo.com",
"DATE_PUBLIC": "2021-03-23T16:00:00.000Z",
"ID": "CVE-2020-12488",
"STATE": "PUBLIC",
"TITLE": "Broken Access Control Vulnerability in Jovi Smart Scene"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jovi Smart Scene",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.2.52",
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=5",
"refsource": "CONFIRM",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=5"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12488",
"datePublished": "2021-11-10T15:49:58.016162Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T22:25:02.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12483 (GCVE-0-2020-12483)
Vulnerability from cvelistv5 – Published: 2021-03-23 16:15 – Updated: 2024-09-16 22:56
VLAI?
Summary
The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
Severity ?
8.2 (High)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "appstore",
"vendor": "vivo",
"versions": [
{
"lessThan": "8.12.0.0",
"status": "affected",
"version": "8.12.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T16:15:00",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "AppStore Remote Download and Installation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vivo.com",
"DATE_PUBLIC": "2021-03-22T16:00:00.000Z",
"ID": "CVE-2020-12483",
"STATE": "PUBLIC",
"TITLE": "AppStore Remote Download and Installation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "appstore",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.12.0.0",
"version_value": "8.12.0.0"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=1",
"refsource": "CONFIRM",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=1"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12483",
"datePublished": "2021-03-23T16:15:00.995061Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T22:56:44.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12485 (GCVE-0-2020-12485)
Vulnerability from cvelistv5 – Published: 2020-11-10 15:31 – Updated: 2024-09-16 17:58
VLAI?
Summary
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device.
Severity ?
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| vivo | The frame touch module |
Affected:
unspecified , < PD2012_1.4.0
(custom)
Affected: unspecified , < PD1965EF_EX_EU_4.4.0 (custom) Affected: unspecified , < PD2001F_EX_1.6.0 (custom) Affected: unspecified , < PD1968F_EX_1.10.1 (custom) Affected: unspecified , < PD1962_1.7.6 (custom) Affected: unspecified , < PD1981_1.5.0 (custom) Affected: unspecified , < PD2006F_EX_1.6.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The frame touch module",
"vendor": "vivo",
"versions": [
{
"lessThan": "PD2012_1.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PD1965EF_EX_EU_4.4.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PD2001F_EX_1.6.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PD1968F_EX_1.10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PD1962_1.7.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PD1981_1.5.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "PD2006F_EX_1.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:31:38",
"orgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"shortName": "Vivo"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "vivo Mobile Communication Technology Co. Ltd.",
"ASSIGNER": "security@vivo.com",
"DATE_PUBLIC": "2020-11-09T09:12:00.000Z",
"ID": "CVE-2020-12485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The frame touch module",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "PD2012_1.4.0"
},
{
"version_affected": "\u003c",
"version_value": "PD1965EF_EX_EU_4.4.0"
},
{
"version_affected": "\u003c",
"version_value": "PD2001F_EX_1.6.0"
},
{
"version_affected": "\u003c",
"version_value": "PD1968F_EX_1.10.1"
},
{
"version_affected": "\u003c",
"version_value": "PD1962_1.7.6"
},
{
"version_affected": "\u003c",
"version_value": "PD1981_1.5.0"
},
{
"version_affected": "\u003c",
"version_value": "PD2006F_EX_1.6.2"
}
]
}
}
]
},
"vendor_name": "vivo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivo.com/en/support/security-advisory-detail?id=2",
"refsource": "CONFIRM",
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c6f5cd8e-fe3d-4460-82c2-f8a4e7b272c8",
"assignerShortName": "Vivo",
"cveId": "CVE-2020-12485",
"datePublished": "2020-11-10T15:31:38.958758Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T17:58:52.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}