GHSA-GWPF-62XP-VRG6 Information Exposure in cordova-android

Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods Log.v, Log.d, Log.i, Log.w, and Log.e are stored in a series of circular buffers on the device. By default, a maxim...

Information Exposure in cordova-android

Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods Log.v, Log.d, Log.i, Log.w, and Log.e are stored in a series of circular buffers on the device. By default, a maxim...

Default credentials

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...

CVE-2019-13098

The user password via the registration form of TronLink Wallet 2.2.0 is stored in the log when the class CreateWalletTwoActivity is called. Other authenticated users can read it in the log later. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 Jel...

Information Exposure

Overview Versions of cordova-android prior to 6.0.0 are vulnerable to Information Exposure through log files. The application calls methods of the Log class. Messages passed to these methods Log.v, Log.d, Log.i, Log.w, and Log.e are stored in a series of circular buffers on the device. By default...

Grammarly: Grammarly Keyboard for Android <4.1 leaks user input through logs (except for sensitive input fields)

@homelander identified that Grammarly for Android on Android 4.1 was leaking user-entered text to device logs. Currently, Grammarly for Android doesn't support devices with platform versions less than Android 5.0...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

CVE-2013-6124

The Qualcomm Innovation Center QuIC init scripts in Code Aurora Forum CAF releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a 1 chown or 2 chmod command, as demonstrated by changing the permissions of an arbitrary file via...

CVE-2014-1978

The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted...

Code injection

The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted...

CVE-2014-1978

The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted...

CVE-2014-1979

The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message...

JVN#89260331: sp mode mail vulnerability where Java methods may be executed

sp mode mail provided by NTT DOCOMO contains an issue in the processing Deco-mail emoticon POP, which may lead to the execution of arbitrary Java methods that can be executed with the privileges of sp mode mail. Impact When a specially crafted email is opened, an arbitrary Java method that can be...

JVN#81739241: sp mode mail issue when accessing attachments in incoming mail

sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Impact If a malicious Android application is installed on the device, attachments for...

Android WebView vulnerability allows hacker to install malicious apps

WebView is an essential component in Android and iOS. It enables applications to display content from online resources and simplifies task of performing a network request, parsing the data and rendering it. Today AVG Security expert reported a critical vulnerability in Android's WebView feature...

Adobe: No Flash Player For Future Android Versions

Adobe said on Thursday that it will stop supporting Flash Player for Google’s Android mobile operating system, starting with version 4.1 of Android. The announcement, on Adobe’s blog, follows guidance from Adobe in November, 2011, that the company would be discontinuing development of Flash for...