Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-28895 |
'Yahoo! JAPAN' App for Android v2.3.1 to v3.161.1 and 'Yahoo! JAPAN' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of 'Yahoo! JAPAN' App via other app installed on the user's device. Published: March 31, 2024; 9:15:46 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-23727 |
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. Published: March 28, 2024; 5:16:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-28756 |
The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. Published: March 21, 2024; 5:15:10 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-26196 |
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Published: March 20, 2024; 10:52:16 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-28745 |
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. Published: March 18, 2024; 12:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-2567 |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. VDB-257070 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The code maintainer was contacted early about this disclosure but did not respond in any way. Instead the GitHub repository got deleted after a few days. We have to assume that the product is not supported anymore. Published: March 17, 2024; 5:15:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-36483 |
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history. Published: March 16, 2024; 1:15:18 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-27440 |
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate. Published: March 13, 2024; 2:15:52 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-26204 |
Outlook for Android Information Disclosure Vulnerability Published: March 12, 2024; 1:15:58 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-21448 |
Microsoft Teams for Android Information Disclosure Vulnerability Published: March 12, 2024; 1:15:54 PM -0400 |
V4.0:(not available) V3.1: 5.0 MEDIUM V2.0:(not available) |
CVE-2024-2365 |
A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability. Published: March 10, 2024; 8:15:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-2364 |
A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320. Published: March 10, 2024; 7:15:54 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-26167 |
Microsoft Edge for Android Spoofing Vulnerability Published: March 07, 2024; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2024-20840 |
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen. Published: March 05, 2024; 12:15:12 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-20839 |
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen. Published: March 05, 2024; 12:15:12 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25731 |
The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi). Published: March 04, 2024; 7:15:52 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-26132 |
Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. Published: February 28, 2024; 8:44:17 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-26131 |
Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. Published: February 28, 2024; 8:44:17 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2022-42443 |
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. Published: February 17, 2024; 12:15:07 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-25466 |
Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. Published: February 16, 2024; 4:15:08 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |