‼ CVE-2023-21384 ‼
📖 Read
via "National Vulnerability Database".
In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21381 ‼
📖 Read
via "National Vulnerability Database".
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21387 ‼
📖 Read
via "National Vulnerability Database".
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42804 ‼
📖 Read
via "National Vulnerability Database".
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21396 ‼
📖 Read
via "National Vulnerability Database".
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21372 ‼
📖 Read
via "National Vulnerability Database".
In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21375 ‼
📖 Read
via "National Vulnerability Database".
In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21393 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45780 ‼
📖 Read
via "National Vulnerability Database".
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21383 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21389 ‼
📖 Read
via "National Vulnerability Database".
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21377 ‼
📖 Read
via "National Vulnerability Database".
In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21382 ‼
📖 Read
via "National Vulnerability Database".
In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36767 ‼
📖 Read
via "National Vulnerability Database".
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-41891 ‼
📖 Read
via "National Vulnerability Database".
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-21394 ‼
📖 Read
via "National Vulnerability Database".
In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.📖 Read
via "National Vulnerability Database".
🕴 Google Dynamic Search Ads Abused to Unleash Malware 'Deluge' 🕴
📖 Read
via "Dark Reading".
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.📖 Read
via "Dark Reading".
Dark Reading
Google Dynamic Search Ads Abused to Unleash Malware 'Deluge'
An advanced feature of Google targeted ads can allow a rarely precedented flood of malware infections, rendering machines completely useless.
‼ CVE-2023-45804 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** User requested a CVE number by mistake📖 Read
via "National Vulnerability Database".
‼ CVE-2023-45670 ‼
📖 Read
via "National Vulnerability Database".
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-46502 ‼
📖 Read
via "National Vulnerability Database".
An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42323 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.📖 Read
via "National Vulnerability Database".