Flurry » Flurry-analytics-android : Security Vulnerabilities, CVEs,
In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-16
Updated
2024-02-16
The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.4
EPSS Score
0.06%
Published
2014-09-09
Updated
2014-09-12
2 vulnerabilities found