Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-21122 |
Description: In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-21121 |
Description: In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-21120 |
Description: In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-21115 |
Description: In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033
EPSS Score: 0.05%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-21105 |
Description: In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-21101 |
Description: In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
CVE-2023-21095 |
Description: In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576
EPSS Score: 0.04%
December 19th, 2024 (4 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
December 19th, 2024 (4 months ago)
|
|
|
Description: An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [...]
December 18th, 2024 (4 months ago)
|
|
|
Description: The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [...]
December 18th, 2024 (4 months ago)
|