Authorization

Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R11 and 3.3.03.66 in Android S12 allows unauthorized use of javascript interface api...

CVE-2022-39862

Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R11 and 3.3.03.66 in Android S12 allows unauthorized use of javascript interface api...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2022 Release 1 version for Android R11 and 3.3.03.66 version for Android S12, which...

PT-2022-25053 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to SMR Sep-2022 Release 1 Android version 3.3.03.66 in Android S12 Description: The issue is related to improper authorization in the Dynamic Lockscreen, allowing unauthorized use of the javascript interface api...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

Design/Logic Flaw

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

CVE-2022-30746

Summary: CVE-2022-30746 affects Samsung SmartThings prior to 1.7.85.12. A missing caller check in the JavaScript interface API can allow a remote attacker to access sensitive information. The vulnerability is described across multiple sources (NVD, Red Hat, CNVD/CNNVD references) as a missing cal...

CVE-2022-30746

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API...

PT-2022-20285 · Unknown · Smartthings

Name of the Vulnerable Software and Affected Versions: Smart Things versions prior to 1.7.85.12 Description: The issue is related to a missing caller check in Smart Things, allowing an attacker to access sensitive information remotely using the javascript interface API. Recommendations: For...

Samsung mobile 安全漏洞

Samsung mobile is a cell phone from Samsung South Korea. A security vulnerability exists in Samsung mobile Smart Things prior to version 1.7.85.12. The vulnerability allows an attacker to remotely access sensitive information using the javascript interface API...

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

Code injection

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

CVE-2022-28799

The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL unvalidated deeplink can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click...

(0Day) (Pwn2Own) Samsung Galaxy S21 Exposed Dangerous Method Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within Web...

TikTok: One Click Account Hijacking via Unvalidated Deeplink

A WebView Hijacking vulnerability was found on the TikTok Android application via an un-validated deeplink on an un-sanitized parameter. This could have resulted in account hijacking through a JavaScript interface. We thank @fr4via for reporting this to our team...

IBM Security Key Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2020-73011)

IBM Security Key Lifecycle Manager formerly known as Tivoli Key Lifecycle Manager is a set of key lifecycle management software from IBM in the United States. The software provides key storage, key maintenance and key lifecycle management for storage devices. A cross-site scripting vulnerability...

Android App "Mercari" (Japan version) vulnerable to arbitrary method execution of the Java object

Overview Android App "Mercari" Japan version provided by Mercari, Inc. contains vulnerability that an arbitrary Java method execution CWE-749 due to inadequate restrictions on addJavascriptInterface of WebView class. Taichi Kotake of Akatsuki Inc. reported this vulnerability to IPA. JPCERT/CC...