CVE-2023-45220

The Android Client application, when enrolled with the define method 1the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

CVE-2021-41256

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally...

CVE-2021-32727

Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private...

com.peersafe:chainsql (>=1.0 <=3.0.4), net.i2p.android:client (>=0.9.27 <=0.9.33) +4 more potentially affected by CVE-2020-36843 via net.i2p:i2p (>=0.9.26 <=0.9.38)

net.i2p:i2p MAVEN version =0.9.26, =1.0, =0.9.27, =0.9.26, =0.9.26, =0.9.27, =0.9.30, =0.9.38 Source cves: CVE-2020-36843 Source advisory: OSV:GHSA-P53J-G8PW-4W5F...

com.peersafe:chainsql (>=1.0 <=3.0.4), net.i2p.android:client (>=0.9.27 <=0.9.33) +4 more potentially affected by CVE-2020-36843 via net.i2p:i2p (>=0.9.26 <=0.9.38)

net.i2p:i2p MAVEN version =0.9.26, =1.0, =0.9.27, =0.9.26, =0.9.26, =0.9.27, =0.9.30, =0.9.38 Source cves: CVE-2020-36843 Source advisory: SNYK:JAVA-NETI2P-9402850...

The vulnerability of the Microsoft Outlook for Android client, related to deficiencies in access control, allows attackers to escalate their privileges.

The vulnerability of the Microsoft Outlook for Android client is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

CVE-2023-45220

The Android Client application, when enrolled with the define method 1the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

Design/Logic Flaw

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

Hardcoded credentials

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...

CVE-2023-46102

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...

CVE-2023-46102

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric...

CVE-2023-41372

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

PT-2023-29731 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client affected versions not specified Description: The issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker. This enables the attacker to send fake messages to the HMI device, as the...

PT-2023-29497 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the use of the HTTP protocol instead of HTTPS to retrieve sensitive information, including IP addresses and credentials for a remote MQTT broker entity...

PT-2023-27933 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue allows an unprivileged third-party application to arbitrarily modify the server settings of the Android Client application, causing it to connect to a malicious...

PT-2023-29462 · Google · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client affected versions not specified Description: The Android Client application uses the HTTP protocol to retrieve sensitive information, including IP addresses and credentials to connect to a remote MQTT broker entity, instead of...

Microsoft Teams Security Vulnerability

Microsoft Teams is a software from Microsoft USA for online meetings, chat, and cloud storage capabilities. A security vulnerability exists in Microsoft Teams. An attacker exploiting this vulnerability could remotely execute code. The following products and versions are affected: Microsoft Teams...

SUSE CVE-2021-41180

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

JSA10551 - 2013-03: Security, Access, and Acceleration Advisories Released

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...