Illia Khorolskyi

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read in the SPen string reading functionality. This allows attackers to read out-of-bounds memory, potentially leading to information disclosure. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Motorola Phone Calls (affected versions not specified) **Description** An improper export issue in the Motorola Phone Calls application could allow a local attacker to read unauthorized information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Device Help application (affected versions not specified) **Description** An improper use of the SD card for sensitive data could allow a local attacker to read system logs. This issue affects the Motorola Device Help application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Face Unlock (affected versions not specified) **Description** A PendingIntent hijacking issue was reported in the Motorola Face Unlock application, allowing a local attacker to access unauthorized content providers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Ready For application (affected versions not specified) **Description** An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. **Recommendations** Upgrade the app to the latest version released after 2023-09-01. As a temporary workaround, consider restricting access to Bluetooth audio device information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Motorola Setup application (affected versions not specified) **Description** An improper export vulnerability was reported in the Motorola Setup application, allowing a local attacker to read sensitive user information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Interface Test Tool (affected versions not specified) **Description** An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Phone Extension (affected versions not specified) **Description** An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Phone Calls (affected versions not specified) **Description** An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Ready For (affected versions not specified) **Description** A path traversal issue was reported in the Motorola Ready For application, allowing a local attacker to access local files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Services Main application (affected versions not specified) **Description** An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Phone application (affected versions not specified) **Description** An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Device Help (Genie) application (affected versions not specified) **Description** A PendingIntent hijacking issue in the Motorola Device Help (Genie) application could allow local attackers to access files or interact with non-exported software components without permission. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola GuideMe (affected versions not specified) **Description** A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, which could allow for a local attacker to read arbitrary files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Enterprise MotoDpms Provider (affected versions not specified) **Description** An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider that could allow a local attacker to read local data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola framework (affected versions not specified) **Description** An Implicit intent issue was reported in the Motorola framework, potentially allowing an attacker to read telephony-related data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ready For (affected versions not specified) **Description** An improper absolute path traversal issue allows a local application to access files without authorization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Motorola Time Weather Widget (affected versions not specified) **Description** An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Pay versions prior to 5.4.99 **Description** The issue concerns the use of implicit intent for sensitive communication in Samsung Pay, allowing local attackers to access Samsung Pay information. **Recommendations** For versions prior to 5.4.99, update to version 5.4.99 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Motorola Carrier Services (affected versions not specified) **Description** An improper export issue in the Motorola Carrier Services application could allow a malicious, local application to read files without authorization. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.