CVE-2024-36437

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-926
View all →

Vulnerability Description

The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.

Related Vulnerabilities

CVE-2023-44121

MEDIUM
CVSS:6.3(Medium)

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a th...

CWE-9262023

CVE-2021-25388

HIGH
CVSS:7.1(High)

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

CWE-9262021

CVE-2021-25397

MEDIUM
CVSS:5.5(Medium)

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CWE-9262021

CVE-2021-25526

MEDIUM
CVSS:5.5(Medium)

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.

CWE-9262021

CVE-2023-20962

MEDIUM
CVSS:5.5(Medium)

In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local informatio...

CWE-9262023

CVE-2025-20934

MEDIUM
CVSS:5.5(Medium)

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

CWE-9262025