In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.
Privilege Escalation
Android
NVD
CVSS 3.1
7.3
EPSS
0.2%
there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Buffer Overflow
Information Disclosure
Denial Of Service
Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
Prev
Page 2 of 2