CVE-2023-29735

An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files...

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29741

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database...

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29534

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects...

CVE-2023-29732

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Dependi...

CVE-2023-29723

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...

CVE-2023-29758

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files...

CVE-2023-29767

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files...

CVE-2023-29749

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files...

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

CVE-2023-29745

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database...

CVE-2023-40530

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device...

CVE-2018-14997

The Leagoo P1 Android device with a build fingerprint of sp7731c1h1032v4bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains the android framework i.e., systemserver with a package name of android that has been modified by Leagoo or another entity in the supply chain. The systemserv...

CVE-2018-14980

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/USPhone/ASUSX0081:7.0/NRD90M/USPhone-14.14.1711.92-20171208:user/release-keys contains the android framework i.e., systemserver with a package name of android versionCode=24, versionName=7.0 that has been modified by ASUS or...

CVE-2018-14994

The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu versionName=1.0, platformBuildVersionName=8.1.0 that contains an exported activity...

CVE-2018-14066

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READSMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo...

CVE-2018-1000109

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs...

CVE-2018-9564

In llcputilparselinkparams of llcputil.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

CVE-2018-9581

In WiFi, the RSSI value and SSID information is broadcast as part of android.net.wifi.RSSICHANGE and android.net.wifi.STATECHANGE intents. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...