CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48418 – User Build misconfiguration resulting in local escalation of privilege
https://notcve.org/view.php?id=CVE-2023-48418
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation En checkDebuggingDisallowed de DeviceVersionFragment.java, existe una forma posible de acceder a adb antes de que se complete SUW debido a un valor predeterminado inseguro. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • http://packetstormsecurity.com/files/176446/Android-DeviceVersionFragment.java-Privilege-Escalation.html https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6339 – Google Nest WiFi Pro root code-execution & user-data compromise
https://notcve.org/view.php?id=CVE-2023-6339
Google Nest WiFi Pro root code-execution & user-data compromise Ejecución del código raíz de Google Nest WiFi Pro y compromiso de los datos del usuario • https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA https://vuldb.com/?id.249563 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4164 – There is a possible information disclosure due to a missing permission check in Pixel Watch
https://notcve.org/view.php?id=CVE-2023-4164
There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. Existe una posible divulgación de información debido a que falta una verificación de permiso. Esto podría conducir a la divulgación de información local de datos de salud sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-48419 – An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in EoP
https://notcve.org/view.php?id=CVE-2023-48419
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege Un atacante en las proximidades wifi de un Google Home objetivo puede espiar a la víctima, lo que resulta en una elevación de privilegios. • https://support.google.com/product-documentation/answer/14273332?hl=en&ref_topic=12974021&sjid=4533873659772963473-NA#zippy=%2Cspeakers • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 48EXPL: 0CVE-2023-32891
https://notcve.org/view.php?id=CVE-2023-32891
In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. En el servicio Bluetooth, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-787: Out-of-bounds Write •