Search Results (Refine Search)
- Keyword (text search): android
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-2364 |
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320. Published: March 10, 2024; 7:15:54 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26167 |
Microsoft Edge for Android Spoofing Vulnerability Published: March 07, 2024; 4:15:08 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-20840 |
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen. Published: March 05, 2024; 12:15:12 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-20839 |
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen. Published: March 05, 2024; 12:15:12 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25731 |
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi). Published: March 04, 2024; 7:15:52 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26132 |
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. Published: February 28, 2024; 8:44:17 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-26131 |
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. Published: February 28, 2024; 8:44:17 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2022-42443 |
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. Published: February 17, 2024; 12:15:07 PM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25466 |
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. Published: February 16, 2024; 4:15:08 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-0390 |
INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. Published: February 15, 2024; 5:15:09 AM -0500 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-21374 |
Microsoft Teams for Android Information Disclosure Vulnerability Published: February 13, 2024; 1:15:55 PM -0500 |
V3.1: 5.0 MEDIUM V2.0:(not available) |
CVE-2023-6724 |
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. Published: February 09, 2024; 8:15:41 AM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-23304 |
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. Published: February 06, 2024; 12:15:10 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-47889 |
The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode. Published: February 05, 2024; 8:15:08 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-47355 |
The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation. Published: February 05, 2024; 11:15:54 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-23388 |
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. Published: January 26, 2024; 2:15:59 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-21387 |
Microsoft Edge for Android Spoofing Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2024-21382 |
Microsoft Edge for Android Information Disclosure Vulnerability Published: January 25, 2024; 8:15:10 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-23453 |
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. Published: January 23, 2024; 7:15:08 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-46447 |
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. Published: January 20, 2024; 12:15:08 AM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |