32 matches found
CVE-2024-34641
CVE-2024-34641 relates to Samsung Android devices where the FeliCaTest component improperly exports an Android application component. This allows local attackers to enable NFC configuration. Affected software is FeliCaTest prior to the SMR Sep-2024 Release 1. The issue's root cause is improper co...
CVE-2024-34641
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration...
CVE-2024-20860
Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission...
CVE-2024-20860
Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission...
CVE-2021-4438 kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components
A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...
CVE-2024-28745
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displaye...
CVE-2023-6542 Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID
Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL...
CVE-2023-30718
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting...
CVE-2023-21486
CVE-2023-21486 concerns an improper export of Android components in ImagePreviewActivity within Samsung Call Settings, enabling a physical attacker to access certain media data in sandbox. The issue is tied to specific Samsung SMR May-2023 Release 1 updates; remediation is provided via the May-20...
CVE-2023-21485
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...
Authentication flaw
Improper export of Android application components vulnerability in Samsung Pay India only prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication...
Framer Preview 12 Content Injection Vulnerability
Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the...