» admin

CVE-2023-21387

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21387

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21387

CVE-2023-21385

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21385

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21385

CVE-2023-21384

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21384

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21384

CVE-2023-21383

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21383

In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Source: CVE-2023-21383

CVE-2023-21382

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21382

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21382

CVE-2023-21373

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21373

In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21373

CVE-2023-21372

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21372

In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21372

CVE-2023-36920

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-36920

In SAP Enable Now – versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.

Source: CVE-2023-36920

CVE-2023-47090

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-47090

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

Source: CVE-2023-47090

CVE-2023-21371

Posted on 2023년 10월 31일2023년 10월 31일 by admin

CVE-2023-21371

In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Source: CVE-2023-21371