488 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-0549
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. Thi...
Linux Distros Unpatched Vulnerability : CVE-2017-0639
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This...
Linux Distros Unpatched Vulnerability : CVE-2017-0504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver...
Linux Distros Unpatched Vulnerability : CVE-2022-20470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This coul...
Linux Distros Unpatched Vulnerability : CVE-2017-0467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and da...
Linux Distros Unpatched Vulnerability : CVE-2017-0423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as...
Fake Facebook Ads Push Brokewell Spyware to Android Users
A Facebook malvertising campaign is spreading the Brokewell spyware to Android users via fake TradingView ads. The malware…...
Developer verification: a promised lift for Android security
To reduce the number of harmful apps targeting Android users, Google has announced that certified Android devices will require all apps to be registered by verified developers in order to be installed. But this new measure is not just about malware that's found on the Google Play Store, it’s main...
Linux Distros Unpatched Vulnerability : CVE-2019-10044
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying...
Linux Distros Unpatched Vulnerability : CVE-2018-5848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the function wmisetie, the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ielen' argument can...
CVE-2025-8393 Dreame Technology iOS and Android Mobile Applications Improper Certificate Validation
A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentia...
Linux Distros Unpatched Vulnerability : CVE-2017-0510
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of th...
Google Sues the Badbox Botnet Operators
It will be interesting to watch what will come of this private lawsuit: Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google's security...
PT-2025-30192 · Callapp · Callapp Caller Id App
Name of the Vulnerable Software and Affected Versions: CallApp Caller ID App versions up to 2.0.4 Description: A vulnerability exists in CallApp Caller ID App on Android devices. The issue involves improper export of android application components due to manipulation of an unknown function within...
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devices running...
PT-2025-28439 · Qualcomm · Qualcomm Chipsets
Name of the Vulnerable Software and Affected Versions: Qualcomm chipsets versions prior to the fixed version Description: A cryptographic issue occurs due to the use of an insecure connection method while downloading. This issue affects over 100 Qualcomm chipsets used in many Android devices...
CVE-2025-6748
A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the...
CVE-2025-6748 Bharti Airtel Thanks App files cleartext storage in a file or on disk
A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the...
CVE-2025-5715
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows -...