CVE-2024-12993

MEDIUM Year: 2024
Weakness Type
CWE-497
View all →

Vulnerability Description

Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user’s location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices.

Related Vulnerabilities

CVE-2020-25179

CRITICAL
CVSS:9.8(Critical)

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

CWE-4972020

CVE-2024-36554

CRITICAL
CVSS:9.8(Critical)

Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain in...

CWE-4972024

CVE-2025-1144

CRITICAL
CVSS:9.8(Critical)

School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext administrato...

CWE-4972025

CVE-2022-1902

HIGH
CVSS:8.8(High)

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifier...

CWE-4972022

CVE-2024-39675

HIGH
CVSS:8.8(High)

A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions <...

CWE-4972024

CVE-2025-0061

HIGH
CVSS:8.7(High)

SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulne...

CWE-4972025