Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
android api vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-25365
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.
Google Android 8.1
Google Android 9.0
Google Android 10.0
Google Android 11.0
4.3
CVSSv2
CVE-2020-35137
The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be us...
Mobileiron Mobile\\@work
4.3
CVSSv2
CVE-2021-21171
Incorrect security UI in TabStrip and Navigation in Google Chrome on Android before 89.0.4389.72 allowed a remote malicious user to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Google Chrome
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
6.8
CVSSv2
CVE-2020-16044
Use after free in WebRTC in Google Chrome before 88.0.4324.96 allowed a remote malicious user to potentially exploit heap corruption via a crafted SCTP packet.
Google Chrome
1 Article
6.8
CVSSv2
CVE-2021-21124
Potential user after free in Speech Recognizer in Google Chrome on Android before 88.0.4324.96 allowed a remote malicious user to potentially perform a sandbox escape via a crafted HTML page.
Google Chrome
Microsoft Edge Chromium
4.3
CVSSv2
CVE-2021-21136
Insufficient policy enforcement in WebView in Google Chrome on Android before 88.0.4324.96 allowed a remote malicious user to leak cross-origin data via a crafted HTML page.
Google Chrome
Microsoft Edge Chromium
2.1
CVSSv2
CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the ...
Google Guava
Quarkus Quarkus
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Data Integrator 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Weblogic Server 14.1.1.0.0
Oracle Data Integrator 12.2.1.4.0
Oracle Nosql Database
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Retail Customer Management And Segmentation Foundation
Oracle Communications Pricing Design Center 12.0.0.4.0
Oracle Communications Pricing Design Center 12.0.0.5.0
Oracle Primavera Unifier 18.8
Oracle Primavera Unifier
Oracle Primavera Unifier 19.12
Oracle Primavera Unifier 20.12
Oracle Communications Cloud Native Core Network Repository Function 1.14.0
Oracle Primavera Unifier 21.12
Netapp Active Iq Unified Manager -
4 Github repositories
2.1
CVSSv2
CVE-2020-5667
Studyplus App for Android v6.3.7 and previous versions and Studyplus App for iOS v8.29.0 and previous versions use a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
Wantedlyinc Studyplus
3.3
CVSSv2
CVE-2020-24721
An issue exists in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, bec...
Apple Exposure Notifications
Google Exposure Notifications
7.8
CVSSv2
CVE-2020-25065
An issue exists on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020).
Google Android 4.4
Google Android 5.0
Google Android 5.1
Google Android 6.0
Google Android 7.0
Google Android 7.1.0
Google Android 8.0
Google Android 8.1
Google Android 9.0
Google Android 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »