Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive...
7.1CVSS
6.5AI Score
0.003EPSS
Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path...
5.3CVSS
5.1AI Score
0.001EPSS
Dino before 2019-09-10 does not properly check the source of a carbons message in...
7.5CVSS
7.2AI Score
0.003EPSS
7.5CVSS
7.3AI Score
0.003EPSS
7.5CVSS
7.3AI Score
0.002EPSS
6.1CVSS
6AI Score
0.001EPSS
5.4CVSS
5.6AI Score
0.001EPSS
The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The Dino Village (aka com.tappocket.dinovillage) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS