Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android api vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2021-45095
pep_sock_accept in net/phonet/pep.c in the Linux kernel up to and including 5.15.8 has a refcount leak.
Linux Linux Kernel
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.6
CVSSv2
CVE-2021-43975
In the Linux kernel up to and including 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
Linux Linux Kernel
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Cloud Backup -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
4.3
CVSSv2
CVE-2021-32812
Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and previous versions, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a careful...
Tekmonks Monkshu 2.90
5
CVSSv2
CVE-2021-20748
Retty App for Android versions before 4.8.13 and Retty App for iOS versions before 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Retty Retty
5
CVSSv2
CVE-2021-32727
Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions before 3.16.1, the Nextcloud Android client skipped a step that involved the client checkin...
Nextcloud Nextcloud
4.3
CVSSv2
CVE-2021-32612
The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the backend API over cleartext HTTP. This includes logins, registrations, and password change requests. This allows information theft and account takeover via network sniffing.
I-doo Veryfitpro 3.2.8
2.1
CVSSv2
CVE-2021-25411
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local malicious users to write read-only kernel memory.
Google Android 10.0
Google Android 11.0
7.2
CVSSv2
CVE-2020-11292
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & ...
Qualcomm Apq8009 Firmware -
Qualcomm Apq8009w Firmware -
Qualcomm Apq8017 Firmware -
Qualcomm Apq8037 Firmware -
Qualcomm Apq8053 Firmware -
Qualcomm Apq8084 Firmware -
Qualcomm Apq8096au Firmware -
Qualcomm Aqt1000 Firmware -
Qualcomm Ar6003 Firmware -
Qualcomm Csr6030 Firmware -
Qualcomm Csrb31024 Firmware -
Qualcomm Mdm8207 Firmware -
Qualcomm Mdm8215 Firmware -
Qualcomm Mdm8215m Firmware -
Qualcomm Mdm8615m Firmware -
Qualcomm Mdm9150 Firmware -
Qualcomm Mdm9205 Firmware -
Qualcomm Mdm9206 Firmware -
Qualcomm Mdm9207 Firmware -
Qualcomm Mdm9215 Firmware -
Qualcomm Mdm9230 Firmware -
Qualcomm Mdm9250 Firmware -
1 Article
6.8
CVSSv2
CVE-2021-30506
Incorrect security UI in Web App Installs in Google Chrome on Android before 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a privileged page via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
6.8
CVSSv2
CVE-2021-30507
Inappropriate implementation in Offline in Google Chrome on Android before 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »