Astra Linux – Vulnerability in Chromium

In incorrect security user interfaces of web app installations in Google Chrome on Android before version 90.0.4430.212, an attacker who convinced a user to install a web application could inject scripts or HTML into a privileged page through a crafted HTML page...

EUVD-2026-12321

Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application...

CVE-2021-0987

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

CVE-2025-48606

In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2025-49580

In preparePackage of InstallPackageHelper.java, there is a possible way for an app to appear hidden upon installation without a mechanism to uninstall it due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2025-35902

Name of the Vulnerable Software and Affected Versions GoodLock versions prior to 2.2.04.95 Description An improper component export in GoodLock allows local attackers to install arbitrary applications from the Galaxy Store. Recommendations Update GoodLock to version 2.2.04.95 or later...

CVE-2023-21331

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21495

Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set...

SUSE CVE-2021-30506

Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page...

Zebra Technologies Enterprise Home Screen 安全漏洞

Zebra Technologies Enterprise Home Screen is a free Android app from Zebra Technologies, Inc. provides administrators with an easy way to control access to applications and settings on Zebra devices. A security vulnerability exists in Zebra Technologies Enterprise Home Screen version 4.1.19, whic...

PT-2022-6702 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 113.0.5672.126 Description: The issue is related to an inappropriate implementation in WebApp Installs, allowing an attacker to bypass security restrictions. This can be achieved by convincing a user to install...

PT-2022-14474 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a side channel information disclosure in LocaleManager, allowing an attacker to determine if an app is installed without requiring query permissions. This could lead to local...

PT-2022-14499 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information...

Malicious Package

Overview gd-app-install is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

Incorrect Permission Assignment for Critical Resource in ShopXO

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...

CVE-2022-28056

ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php...

CVE-2022-20727

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

CVE-2022-20721

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

CVE-2022-20725

Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being...

CVE-2021-1014

In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Us...