EUVD-2023-45874

Malicious code in bioql PyPI...

PT-2023-29731 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client affected versions not specified Description: The issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker. This enables the attacker to send fake messages to the HMI device, as the...

PT-2023-29462 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client affected versions not specified Description: The Android Client application uses the HTTP protocol to retrieve sensitive information, including IP addresses and credentials to connect to a remote MQTT broker entity, instead of...

China Telecom WingPay Android client gesture lock has design flaws

Wing Pay is a mobile payment service launched by China Telecom. A design vulnerability exists in the gesture lock of the Wing Pay Android client. By exploiting the vulnerability, an attacker can bypass the gesture lock security mechanism of the Wing Pay Android client and obtain users' private...