CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40040
https://notcve.org/view.php?id=CVE-2023-40040
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. Se descubrió un problema en la aplicación MyCrops HiGrade "THC Testing & Cannabi" 1.0.337 para Android. • https://github.com/actuator/cve/blob/main/CVE-2023-40040 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-30730
https://notcve.org/view.php?id=CVE-2023-30730
Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file. Una vulnerabilidad de secuestro de intención implícita en la aplicación Camera anterior a las versiones 11.0.16.43 en Android 11,12.1.00.30, 12.0.07.53, 12.1.03.10 en Android 12, y 13.0.01.43, 13.1.00.83 en Android 13 permite a un atacante local acceder a un archivo específico. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09 •
CVSS: 4.4EPSS: 0%CPEs: 69EXPL: 0CVE-2023-30721
https://notcve.org/view.php?id=CVE-2023-30721
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log. La vulnerabilidad de inserción de información sensible en el registro en Locksettings anterior a SMR Sep-2023 Release 1 permite a un atacante local con privilegios obtener información de coincidencia de pantalla de bloqueo del registro. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 69EXPL: 0CVE-2023-30720
https://notcve.org/view.php?id=CVE-2023-30720
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. Un secuestro de PendingIntent en LmsAssemblyTrackerCTC anterior a SMR Sep-2023 Release 1 permite a un atacante local obtener acceso a archivos arbitrarios. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 •
CVSS: 4.0EPSS: 0%CPEs: 69EXPL: 0CVE-2023-30719
https://notcve.org/view.php?id=CVE-2023-30719
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data. Una vulnerabilidad de exposición de información sensible en InboundSmsHandler anterior a SMR Sep-2023 Release 1 permite a atacantes locales acceder a ciertos datos de mensajes. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09 •