Thwart Me If You Can: an Empirical Analysis of Android Platform Armoring against Stalkerware

Stalkerware is a serious threat to individuals' privacy that is receiving increased attention from the security and privacy research communities. Existing works have largely focused on studying leading stalkerware apps, dual-purpose apps, monetization of stalkerware, or the experience of survivor...

Microsoft Teams 安全漏洞

Microsoft Teams is a software from Microsoft USA for online meetings, chat, and cloud storage capabilities. A security vulnerability exists in Microsoft Teams. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected: Microsoft Teams for...

CVE-2023-31014

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial ...

SAMSUNG My Files 安全漏洞

SAMSUNG My Files is used by South Korea's Samsung SAMSUNG to manage all the files on a smartphone, just like a file browser on a computer. A security vulnerability exists in SAMSUNG My Files version 15.0.07.5, which stems from an improperly exported Android application component that allows a loc...

PT-2025-34811 · Telpo · Telpo Mdm

Name of the Vulnerable Software and Affected Versions: Telpo MDM versions 1.4.6 through 1.4.9 Description: The Telpo MDM Android platform stores sensitive administrator credentials and MQTT server connection details IP/port in plaintext within log files on the device's external storage. This allo...

SUSE CVE-2024-2365

A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with...

PT-2024-32367 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a possible Use After Free UAF due to a logic error in the code. This could lead to local escalation of privilege with no...

KLA78029 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Defender for Endpoint on Android can be exploited...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

Google Chrome Cross-Site Scripting Vulnerability (CNVD-2024-38800)

Google Chrome is a web browser from Google, an American company. A cross-site scripting vulnerability exists in Google Chrome prior to version 129.0.6668.58, which stems from insufficient UI gesture validation in Omnibox on the Android platform, and can be exploited by an attacker to inject...

SUSE CVE-2024-7256

Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

PT-2024-24965 · Google · Android +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a possible escalation of privilege due to improperly used crypto, which could lead to remote escalation of privilege with no addition...

phiola 安全漏洞

phiola is a fast audio player, recorder, and converter for Windows, Linux, and Android by Simon Zolin Personal Developer. A security vulnerability exists in phiola version v2.0-rc22, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to execute...

CVE-2024-3430

A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible ...

"ABEMA" App for Android fails to restrict access permissions

Overview "ABEMA" App for Android provided by AbemaTV, Inc. fails to restrict access permissions CWE-926 that allows another app installed on the user's device to access an arbitrary URL on "ABEMA" App via Intent. Shiga Takuma of BroadBand Security, Inc. reported this vulnerability to IPA. JPCERT/...

PT-2024-12851 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a missing permission check in multiple locations, allowing apps to access cross-user message data. This could lead to local informati...

CVE-2023-6724

Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0...

Anonymous Arabic Hacktivist Group Orchestrating Silver RAT

Summary: Silver RAT, a Windows-based RAT written in C and developed by a group known as "Anonymous Arabic," exhibits advanced capabilities, including antivirus evasion and ransomware encryption. Despite facing bans, the threat actors dynamic activities persist, featuring the sharing of cracked...

PT-2023-27285 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software name or versions are mentioned in the provided descriptions. Description: The issue is related to a confused deputy in multiple locations, potentially allowing an attacker to view another user's images. This could lead to...

PT-2023-25257 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to unsafe deserialization in the checkKeyIntentParceledCorrectly function of AccountManagerService.java. This could lead to local escalation of privilege with no...