Flamingo

CVEs (5)

CVE	Vendor / Product	CVSS	Published	Description
CVE-2020-12729	balloonwj Flamingo	—	Jul 15, 2021	MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.
CVE-2020-12730	balloonwj Flamingo	—	Jul 15, 2021	MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
CVE-2020-12731	balloonwj Flamingo	—	Jul 15, 2021	The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.
CVE-2020-35244	balloonwj Flamingo	—	Dec 26, 2020	Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
CVE-2020-35243	balloonwj Flamingo	—	Dec 26, 2020	Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.

CVE-2020-12729Jul 15, 2021
balloonwj
Flamingo
risk 0.00cvss —epss 0.00
MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.
CVE-2020-12730Jul 15, 2021
balloonwj
Flamingo
risk 0.00cvss —epss 0.00
MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery.
CVE-2020-12731Jul 15, 2021
balloonwj
Flamingo
risk 0.00cvss —epss 0.00
The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications.
CVE-2020-35244Dec 26, 2020
balloonwj
Flamingo
risk 0.00cvss —epss 0.00
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup.
CVE-2020-35243Dec 26, 2020
balloonwj
Flamingo
risk 0.00cvss —epss 0.00
Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.