CVE-2025-4090 Leaked library paths in Thunderbird for Android

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2019-15348

CVE-2019-15348 affects Tecno Camon Android devices that include a pre-installed platform app com.lovelyfont.defcontainer (FontCoverService). The exported service allows any co-located app to pass arbitrary shell-script commands to be executed as the system user when triggered via a logcat message...

CVE-2019-15342

The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CVE-2018-15001

The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest versionCode=1, versionName=1.0 containing an exported activity app component named com.vivo.bsptest.BSPTestActivity...

CVE-2018-14979

The CVE-2018-14979 entry concerns ASUS ZenFone 3 Max (ASUS_X008_1) with pre-installed com.asus.loguploader. The issue is an exported service, LogUploaderService, accessible via a specific action, that can write a bugreport (kernel log, logcat, system service states including active notifications)...