Page 20 of 1794 results (0.009 seconds)

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. Se descubrió un problema en la aplicación MyCrops HiGrade "THC Testing & Cannabi" 1.0.337 para Android. • https://github.com/actuator/cve/blob/main/CVE-2023-40040 • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. • https://github.com/zzh-newlearner/record/blob/main/luowice_warning.md •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. • https://github.com/zzh-newlearner/record/blob/main/macrovideo_share.md •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0

Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •