Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dex vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2018-10186
In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368.
Radare Radare2 2.5.0
5.5
CVSSv3
CVE-2018-10187
In radare2 2.5.0, there is a heap-based buffer over-read in the dalvik_op function (libr/anal/p/anal_dalvik.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. Note that this issue is different from CVE-2018-8809, which was ...
Radare Radare2 2.5.0
NA
CVE-2024-32653
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an malicious user to execute commands with shell privileges. Version 1.5...
5.5
CVSSv3
CVE-2022-39259
jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions before 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workaro...
Jadx Project Jadx
NA
CVE-2011-1001
dexdump in Android SDK prior to 2.3 does not properly perform structural verification, which allows user-assisted remote malicious users to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more...
Google Android Sdk 1.6
Google Android Sdk 1.5
Google Android Sdk
Google Android Sdk 2.1
Google Android Sdk 1.1
Google Android Sdk 2.0
Google Android Sdk 2.0.1
9.6
CVSSv3
CVE-2022-31105
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and before 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) Op...
Linuxfoundation Argo-cd
7.8
CVSSv3
CVE-2019-15341
The Tecno Camon iAir 2 Plus Android device with a build fingerprint of TECNO/H622/TECNO-ID3k:8.1.0/O11019/E-180914V83:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains ...
Tecno-mobile Camon Iair 2+ Firmware -
7.8
CVSSv3
CVE-2019-15350
The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an exported ...
Tecno-mobile Tecno/h622/tecno-id5b 8.1.0/o11019/g-180829v31
7.8
CVSSv3
CVE-2019-15345
The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.8). This app contains an expo...
Tecno-mobile Camon Iclick Firmware -
7.8
CVSSv3
CVE-2019-15346
The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.0.11). This app contains an ...
Tecno-mobile Camon Iclick 2 Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »