CVSS: 6.3EPSS: 29%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 4.2EPSS: 0%CPEs: 16EXPL: 0CVE-2019-12762
https://notcve.org/view.php?id=CVE-2019-12762
06 Jun 2019 — Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Los dispositivos Xiaomi Mi 5s Plus permiten a los atacantes desencadenar anomalías de la pantalla táctil a través de una señal de radio entre 198 kHz y 203 kHz, como lo demuestra un transmisor y una antena ocultos justo debajo de la superficie de una mesa de cafetería, t... • https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-9888
https://notcve.org/view.php?id=CVE-2014-9888
06 Aug 2016 — arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735. arch/arm/mm/dma-mapping.c en el kernel de Linux en versiones anteriores 3.13 en las plataformas ARM, como se utiliza en Android en versiones anteriores a 2016-08-05 en dispositiv... • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ea1ec713f04bdfac343c9702b21cd3a7c711826 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2498
https://notcve.org/view.php?id=CVE-2016-2498
13 Jun 2016 — The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to bypass intended data-access restrictions via a crafted application, aka internal bug 27777162. El controlador Wi-Fi Qualcomm en Android en versiones anteriores a 2016-06-01 en dispositivos Nexus 7 (2013) permite a atacantes eludir las restricciones destinadas al acceso de datos a través de una aplicación manipulada, también conocida como error interno 27777162. • http://source.android.com/security/bulletin/2016-06-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 1CVE-2016-2431
https://notcve.org/view.php?id=CVE-2016-2431
09 May 2016 — The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. El componente Qualcomm TrustZone en Android en versiones anteriores a 2016-05-01 sobre dispositivos Nexus 5, Nexus 6, Nexus 7 (2013) y Android One permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 24968809. • https://github.com/laginimaineb/cve-2016-2431 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-2432
https://notcve.org/view.php?id=CVE-2016-2432
09 May 2016 — The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. El componente Qualcomm TrustZone en Android en versiones anteriores a 2016-05-01 sobre dispositivos Nexus 6 y Android One permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 25913059. • http://source.android.com/security/bulletin/2016-05-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2016-2443
https://notcve.org/view.php?id=CVE-2016-2443
09 May 2016 — The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525. El controlador Qualcomm MDP en Android en versiones anteriores a 2016-05-01 sobre dispositivos Nexus 5 y Nexus 7 (2013) permite a atacantes obtener privilegios a través de una aplicación manipulada, también conocido como error interno 26404525. • http://source.android.com/security/bulletin/2016-05-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 31EXPL: 0CVE-2016-2459
https://notcve.org/view.php?id=CVE-2016-2459
09 May 2016 — mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp, aka internal bug 27556038. mediaserver en Android 4.x en versiones anteriores a 4.4.4, 5.0.x en versiones anteriores a 5.0.2, 5.1.x en versiones anteriores a 5.1.1 y 6.x en versiones anteriores a 2016-05-01 n... • http://source.android.com/security/bulletin/2016-05-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •