CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-4903
https://notcve.org/view.php?id=CVE-2023-4903
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) La implementación inapropiada en Custom Mobile Tabs en Google Chrome en Android anterior a 117.0.5938.62 permitió a un atacante remoto falsificar la interfaz de usuario de seguridad a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://crbug.com/1446709 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I https://security.gentoo.org/glsa/202401-34 https://www& •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-4900
https://notcve.org/view.php?id=CVE-2023-4900
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) La implementación inapropiada en Custom Tabs en Google Chrome en Android anterior a 117.0.5938.62 permitió a un atacante remoto ofuscar una solicitud de permiso a través de una página HTML manipulada. (Severidad de seguridad de Chromium: media) • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://crbug.com/1430867 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I https://security.gentoo.org/glsa/202401-34 https://www& •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35687
https://notcve.org/view.php?id=CVE-2023-35687
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En MtpPropertyValue de MtpProperty.h, existe una posible corrupción de memoria debido a Use After Free. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036 https://source.android.com/security/bulletin/2023-09-01 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35684
https://notcve.org/view.php?id=CVE-2023-35684
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En avdt_msg_asmbl de avdt_msg.cc, hay una posible escritura fuera de límites debido a un Desbordamiento de Enteros. Esto podría llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/668bbca29797728004d88db4c9b69102f3939008 https://source.android.com/security/bulletin/2023-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35683
https://notcve.org/view.php?id=CVE-2023-35683
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En bindSelection de DatabaseUtils.java, existe una forma posible de acceder a archivos de otras aplicaciones debido a la inyección SQL. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49 https://source.android.com/security/bulletin/2023-09-01 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •