Android
Monthly
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In devinfo, there is a possible information disclosure due to a missing SELinux policy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.
Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.
In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in BlackVue App 3.65 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In V5 DA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In wifi display, there is a possible missing permission check. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
SQL injection in TCMAN's GIM v11. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
In thermal, there is a possible out of bounds write due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.
In scp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In devinfo, there is a possible information disclosure due to a missing SELinux policy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57L_V3.2_20220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. Rated medium severity (CVSS 6.4). No vendor patch available.
Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.
In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In keymaster, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Element X Android is a Matrix Android Client provided by element.io. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in KukuFM Android v1.12.7 (11207) allows attackers to access sensitive cleartext data via the android:allowBackup="true" in the ANdroidManifest.xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in BlackVue App 3.65 on Android. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Element Android is an Android Matrix Client provided by Element. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.
A reliance on untrusted input for a security decision in the GlobalProtect app on Windows devices potentially enables a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.
In V5 DA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
In wifi display, there is a possible missing permission check. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication bypass using an alternate path or channel issue exists in ”RoboForm Password Manager" App for Android versions prior to 9.7.4, which may allow an attacker with access to a device where. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in the SharedConfig class of Telegram Android APK v.11.7.0 allows a physically proximate attacker to bypass authentication and escalate privileges by manipulating the return value of the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in AnkiDroid Android Application v2.17.6 allows attackers to retrieve internal files from the /data/data/com.ichi2.anki/ directory and save it into publicly available storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.