CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35658
https://notcve.org/view.php?id=CVE-2023-35658
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En gatt_process_prep_write_rsp de gatt_cl.cc, existe una posible escalada de privilegios debido a un uso posterior a la liberación. Esto podría conducir a la ejecución remota de código (próximo/adyacente) sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192 https://source.android.com/security/bulletin/2023-09-01 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40040
https://notcve.org/view.php?id=CVE-2023-40040
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. Se descubrió un problema en la aplicación MyCrops HiGrade "THC Testing & Cannabi" 1.0.337 para Android. • https://github.com/actuator/cve/blob/main/CVE-2023-40040 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-30730
https://notcve.org/view.php?id=CVE-2023-30730
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file. Una vulnerabilidad de secuestro de intención implícita en la aplicación Camera anterior a las versiones 11.0.16.43 en Android 11,12.1.00.30, 12.0.07.53, 12.1.03.10 en Android 12, y 13.0.01.43, 13.1.00.83 en Android 13 permite a un atacante local acceder a un archivo específico. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 •
CVSS: 4.4EPSS: 0%CPEs: 69EXPL: 0CVE-2023-30721
https://notcve.org/view.php?id=CVE-2023-30721
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. La vulnerabilidad de inserción de información sensible en el registro en Locksettings anterior a SMR Sep-2023 Release 1 permite a un atacante local con privilegios obtener información de coincidencia de pantalla de bloqueo del registro. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 69EXPL: 0CVE-2023-30720
https://notcve.org/view.php?id=CVE-2023-30720
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. Un secuestro de PendingIntent en LmsAssemblyTrackerCTC anterior a SMR Sep-2023 Release 1 permite a un atacante local obtener acceso a archivos arbitrarios. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 •