CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2023-21485

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2023-21486

CVE-2023-21486 concerns an improper export of Android components in ImagePreviewActivity within Samsung Call Settings, enabling a physical attacker to access certain media data in sandbox. The issue is tied to specific Samsung SMR May-2023 Release 1 updates; remediation is provided via the May-20...

CVE-2023-21485

CVE-2023-21485 describes an issue in Android/Samsung devices where the vulnerability occurs in the VideoPreviewActivity within Call Settings, allowing a physical attacker to access some media data stored in the device sandbox. The core problem is an improper export of Android application componen...

CVE-2023-21485

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2022-48186

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure...

Information disclosure

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure...

CVE-2022-48186

Summary: CVE-2022-48186 pertains to a certificate validation vulnerability in the Baiying Android application, exposing information disclosure risk. The NVD entry assigns CVSS v3.1 base score 7.5 (HIGH) with attack vector Network, attack complexity Low, privileges required None, user interaction ...

PT-2023-15606 · Unknown · Baiying Android Application

Name of the Vulnerable Software and Affected Versions: Baiying Android application affected versions not specified Description: A certificate validation issue exists in the application, potentially leading to information disclosure. Recommendations: At the moment, there is no information about a...

DEBIAN-CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

CVE-2023-22702 WordPress WPMobile.App — Android and iOS Mobile Application Plugin <= 11.13 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Cross-Site Scripting XSS vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin = 11.13 versions...

CVE-2022-45637

An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism...

PT-2023-1786 · Microsoft · Onedrive

Name of the Vulnerable Software and Affected Versions: Microsoft OneDrive for Android affected versions not specified Description: The issue is related to a lack of protection for service data in the file hosting service. Exploitation of this issue may allow an attacker to access protected...

Shein's Android App Caught Transmitting Clipboard Data to Remote Servers

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The iss...

CVE-2022-34909

An issue was discovered in the A4N Aremis 4 Nomad application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database...

K40019131: F5 Access for Android vulnerability CVE-2022-27875

Security Advisory Description A Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. CVE-2022-27875 Impact An attacker may be able to exploit this vulnerability by tricking a legitimate user running Android...

CVE-2022-41614

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

PT-2023-13998 · Intel · Intel(R) On Event Series Android Application

Name of the Vulnerable Software and Affected Versions: IntelR ON Event Series Android application versions prior to 2.0 Description: The issue is related to insufficiently protected credentials, which may allow an authenticated user to potentially enable information disclosure via local access...

SUSHIRO App for Android outputs sensitive information to the log file

Overview SUSHIRO App for Android provided by AKINDO SUSHIRO CO., LTD. outputs sensitive information to the log file CWE-532. Impact An attacker may obtain a credential information from the log file. Solution Update the Application Update the application to the latest version according to the...

CVE-2018-16135

The Opera Mini application 47.1.2249.129326 for Android allows remote attackers to spoof the Location Permission dialog via a crafted web site...