CVE-2020-35454

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration...

CVE-2020-35455

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage...

CVE-2020-0943

An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles.This could allow an unauthenticated attacker to view notifications, aka 'Microsoft YourPhone Application for Android...

CVE-2020-25203

The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown a...

CVE-2020-35456

The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging...

CVE-2020-27416

Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account...

CVE-2014-8538

The Hijab Modern aka com.Aisyaidea.HijabModern application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2012-1384

Unspecified vulnerability in the NetEase Pmail com.netease.rpmms application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors...

CVE-2012-1388

Unspecified vulnerability in the XiXunTianTian com.xixun.tiantian application 0.6.2 beta for Android has unknown impact and attack vectors...

CVE-2012-2640

The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READPHONESTATE permission...

CVE-2012-4005

The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application...

CVE-2013-2306

The jigbrowser+ application before 1.6.4 for Android does not properly open windows, which allows remote attackers to spoof the address bar via a crafted web site...

CVE-2019-5625

The Android mobile application Halo Home before 1.11.0 stores OAuth authentication and refresh access tokens in a clear text file. This file persists until the user logs out of the application and reboots the device. This vulnerability can allow an attacker to impersonate the legitimate user by...

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

CVE-2019-19370

A cross-site scripting XSS vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the file upload interface. A...

CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server...

CVE-2019-17191

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block...

CVE-2019-9295

In com.android.apps.tag, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to a to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:...

CVE-2019-6560

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro Android App, the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak...

CVE-2019-5626

The Android mobile application BlueCats Reveal before 3.0.19 stores the username and password in a clear text file. This file persists until the user logs out or the session times out from non-usage 30 days of no user activity. This can allow an attacker to compromise the affected BlueCats networ...