Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Zepp 6.1.4-play User Account Enumeration

Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.

Packet Storm
Open in Source
#vulnerability#android#linux#js#oauth#auth
CVE-2022-24886: Make PendingIntents immutable by AlvaroBrey · Pull Request #9726 · nextcloud/android

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.

CVE-2022-24886: Make PendingIntents immutable by AlvaroBrey · Pull Request #9726 · nextcloud/android

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.

CVE-2022-24885: Improve PIN lockout handling by tobiasKaminsky · Pull Request #9816 · nextcloud/android

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.

North Koreans Are Jailbreaking Phones to Access Forbidden Media

A new report suggests that a small but vibrant group of smartphones hackers may be challenging the world's most digitally restrictive regime.

Google's New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy,

CVE-2021-36895: WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.

Ransomware Attacks: Everything You Need to Know

By Waqas Learn everything there is to know about ransomware attacks. We cover the definition, statistics, and ransomware protection. Even… This is a post from HackRead.com Read the original post: Ransomware Attacks: Everything You Need to Know

CVE-2022-27429: V1.9.5: SSRF Vulnerability · Issue #67 · Cherry-toto/jizhicms

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.

CVE-2021-3898: Motorola Android App Vulnerabilities - Lenovo Support DE

Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.