CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission...

CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission...

CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission...

NewPipe 安全漏洞

NewPipe is a Team NewPipe open source Android application written in Java for video streaming. A security vulnerability exists in NewPipe versions 0.13.4 through 0.26.1, which stems from the fact that importing a backup file from an untrusted source may result in arbitrary code execution...

Intent Redirection

@kyivstarteam/react-native-sms-user-consent is vulnerable to Intent Redirection vulnerability. The vulnerability is due to improper export of android application components due to a flaw in the registerReceiver function...

CVE-2021-4438 kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2024-28745

Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displaye...

Fedora: Security Advisory for enjarify (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-25731

The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...

Code injection

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

CVE-2023-47889

The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly...

PT-2024-13530 · Unknown · Com.Bdrm.Superreboot

Name of the Vulnerable Software and Affected Versions: com.bdrm.superreboot version 1.0.3 Description: The Android application exposes several critical actions through its exported broadcast receivers, allowing any app on the device to send unauthorized broadcasts. This can lead to unintended...

CVE-2023-47882

The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.920231127 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

CVE-2023-6542 Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL...

CVE-2023-38411

Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-33872

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2023-33872

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2023-33872

CVE-2023-33872 affects the Intel® Support Android app (all versions). It is an improper access control flaw that could allow an authenticated user to disclose information via local access. The CVSS v3.1 base score is 5.5 (LOCAL, LOW attack complexity, LOW privileges, HIGH confidentiality impact; ...

Intel Smart Campus Android application security vulnerability

Intel Smart Campus Android application is an application from Intel Corporation USA. A security vulnerability exists in the Intel Smart Campus Android application. An attacker could cause a denial of service by exploiting this vulnerability...

CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...