Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-20011
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
Google Android 11.0
Google Android 12.0
Google Android 13.0
NA
CVE-2024-20012
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.
Google Android 12.0
Google Android 13.0
NA
CVE-2024-20015
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.
Google Android 12.0
Google Android 13.0
Google Android 14.0
NA
CVE-2024-23388
Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote malicious user to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishin...
Mercari Mercari
NA
CVE-2024-21382
Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft Edge Chromium
NA
CVE-2024-21387
Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge Chromium
NA
CVE-2023-33757
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows malicious users to eavesdrop on communications via a man-in-the-middle attack.
Splicecom Ipcs
Splicecom Ipcs2
Splicecom Ipcs 1.3.4
1 Github repository
NA
CVE-2024-23453
Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local malicious user to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
Spooncast Spoon
NA
CVE-2023-46447
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
Popsdiabetes Rebel 5.0
NA
CVE-2023-48339
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
Google Android 11.0
Google Android 12.0
Google Android 13.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »