CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40040
https://notcve.org/view.php?id=CVE-2023-40040
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023. Se descubrió un problema en la aplicación MyCrops HiGrade "THC Testing & Cannabi" 1.0.337 para Android. • https://github.com/actuator/cve/blob/main/CVE-2023-40040 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 55EXPL: 0CVE-2023-20811
https://notcve.org/view.php?id=CVE-2023-20811
In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 55EXPL: 0CVE-2023-20810
https://notcve.org/view.php?id=CVE-2023-20810
In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061. • https://corp.mediatek.com/product-security-bulletin/August-2023 •
CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2023-20809
https://notcve.org/view.php?id=CVE-2023-20809
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2023-33911
https://notcve.org/view.php?id=CVE-2023-33911
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 • CWE-862: Missing Authorization •