CVE-2023-36620

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is...

Authentication flaw

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings ADB debug...

CVE-2023-45844

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings ADB debug...

CVE-2023-42469

The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component...

CVE-2023-42470

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content...

PT-2023-28361 · Unknown · Wave.Ai.Browser

Name of the Vulnerable Software and Affected Versions: wave.ai.browser application through 1.0.35 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the...

CVE-2023-30718

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting...

CVE-2023-30718

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting...

CVE-2023-32609

CVE-2023-32609 : Intel Unite Android app prior to 4.2.3504 has improper access control enabling potential information disclosure by a locally authenticated user. Affected product: Intel Unite Android application. Root cause: insufficient access control allowing local access to sensitive data. Imp...

CVE-2023-27392

Incorrect default permissions in the IntelR Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access...

CVE-2023-27392

Incorrect default permissions in the IntelR Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access...

Intel Support android security vulnerability

Intel Support Android is an Android application from Intel Corporation USA. A security vulnerability exists in the IntelR Support android application prior to version v23.02.07, which stems from incorrect default permissions. An attacker can exploit the vulnerability to obtain sensitive informati...

PT-2023-4407 · Intel · Intel Nuc Pro Software Suite For Windows +1

Name of the Vulnerable Software and Affected Versions: IntelR NUC Pro Software Suite for Windows versions prior to 2.0.0.9 Intel Support application for Android affected versions not specified Description: The issue is related to improper authorization, which may allow a privileged user to...

Hardcoded credentials

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274 Enphase Installer Toolkit Android App Use of Hard-coded Credentials

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information...

CVE-2023-32274

CVE-2023-32274 affects Enphase Installer Toolkit for Android, version 3.27.0, due to hard-coded credentials embedded in the binary. This is described as a trust/credential management issue that could allow an attacker to gain access to sensitive information. The ICS advisory ICSA-23-171-02 confir...

CVE-2023-29751

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

CVE-2023-29759

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files...

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the...