Filtered by vendor Android
Subscribe
Total
20 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4867 | 2 Android, Tencent | 2 Android, Qqpphoto | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | |||||
| CVE-2011-4866 | 2 Android, Kaixin001 | 2 Android, Kaixin001 | 2024-11-21 | 6.4 MEDIUM | N/A |
| The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a cleartext password via a crafted application. | |||||
| CVE-2011-4773 | 2 Android, Anguanjia | 2 Android, Anguanjia | 2024-11-21 | 5.8 MEDIUM | N/A |
| The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2011-4772 | 2 360, Android | 2 Kouxin, Android | 2024-11-21 | 5.8 MEDIUM | N/A |
| The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2011-4771 | 2 Android, Lucion | 2 Android, Scan To Pdf Free | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a crafted application. | |||||
| CVE-2011-4770 | 2 Android, Qiwi | 2 Android, Wallet | 2024-11-21 | 5.8 MEDIUM | N/A |
| The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. | |||||
| CVE-2011-4769 | 2 360, Android | 2 Mobilesafe, Android | 2024-11-21 | 5.8 MEDIUM | N/A |
| The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2011-4705 | 2 Android, Ming | 2 Android, Blacklist Free | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." | |||||
| CVE-2011-4704 | 2 Android, Voxofon | 2 Android, Voxofon | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. | |||||
| CVE-2011-4703 | 2 Android, Nathanielkh | 2 Android, Limit My Call | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. | |||||
| CVE-2011-4702 | 2 Android, Nimbuzz | 2 Android, Nimbuzz | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | |||||
| CVE-2011-4701 | 2 Android, Hatena | 2 Android, Callconfirm | 2024-11-21 | 5.8 MEDIUM | N/A |
| The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application. | |||||
| CVE-2011-4700 | 2 Android, Ubermedia | 2 Android, Ubersocial | 2024-11-21 | 5.8 MEDIUM | N/A |
| The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | |||||
| CVE-2011-4699 | 2 Android, Ubermedia | 2 Android, Twidroyd Legacy | 2024-11-21 | 6.4 MEDIUM | N/A |
| The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application. | |||||
| CVE-2011-4698 | 2 Android, Androidapptools | 2 Android, Easy Filter | 2024-11-21 | 6.4 MEDIUM | N/A |
| The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application. | |||||
| CVE-2011-4697 | 2 Android, Xiaomi | 2 Android, Mitalk Messenger | 2024-11-21 | 6.4 MEDIUM | N/A |
| The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application. | |||||
| CVE-2009-0608 | 1 Android | 1 Android Sdk | 2024-11-21 | 7.2 HIGH | N/A |
| Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines. | |||||
| CVE-2009-0475 | 1 Android | 1 Opencore | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption. | |||||
| CVE-2008-7298 | 2 Android, Google | 2 Android Browser, Android | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
| CVE-2020-8913 | 1 Android | 1 Play Core Library | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application's data on the Android device. We recommend all users update Play Core to version 1.7.2 or later. | |||||