CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40040
https://notcve.org/view.php?id=CVE-2023-40040
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. Se descubrió un problema en la aplicación MyCrops HiGrade "THC Testing & Cannabi" 1.0.337 para Android. • https://github.com/actuator/cve/blob/main/CVE-2023-40040 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33740
https://notcve.org/view.php?id=CVE-2023-33740
Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message. • https://github.com/zzh-newlearner/record/blob/main/luowice_warning.md •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-33741
https://notcve.org/view.php?id=CVE-2023-33741
Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. • https://github.com/zzh-newlearner/record/blob/main/macrovideo_share.md •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26277 – Security Advisory | PendingIntent hijacking vulnerability in Framework Services
https://notcve.org/view.php?id=CVE-2021-26277
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-39912
https://notcve.org/view.php?id=CVE-2022-39912
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •