CVE-2023-40040
https://notcve.org/view.php?id=CVE-2023-40040
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. Se descubrió un problema en la aplicación MyCrops HiGrade "THC Testing & Cannabi" 1.0.337 para Android. • https://github.com/actuator/cve/blob/main/CVE-2023-40040 • CWE-862: Missing Authorization •
CVE-2021-26277 – Security Advisory | PendingIntent hijacking vulnerability in Framework Services
https://notcve.org/view.php?id=CVE-2021-26277
The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. • https://www.vivo.com/en/support/security-advisory-detail?id=8 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-39912
https://notcve.org/view.php?id=CVE-2022-39912
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. Vulnerabilidad de manejo inadecuado de permisos insuficientes en setSecureFolderPolicy en PersonaManagerService anterior a Android T(13) permite a atacantes locales establecer algún valor de configuración en la carpeta segura. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-280: Improper Handling of Insufficient Permissions or Privileges CWE-755: Improper Handling of Exceptional Conditions •
CVE-2022-39913
https://notcve.org/view.php?id=CVE-2022-39913
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information. La exposición de información confidencial a un actor no autorizado en Persona Manager anterior de Android T(13) permite a un atacante local acceder a la información de los perfiles de los usuarios. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVE-2022-39914
https://notcve.org/view.php?id=CVE-2022-39914
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. La exposición de información confidencial de una vulnerabilidad de actor no autorizado en Samsung DisplayManagerService anterior a Android T(13) permite a un atacante local acceder a la información del dispositivo DLNA conectado. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •