Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks (ex log injection).

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data.

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition.

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.

Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.

Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.