Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-21115 |
Description: In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033
EPSS Score: 0.05%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21105 |
Description: In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21101 |
Description: In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
CVE-2023-21095 |
Description: In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576
EPSS Score: 0.04%
December 19th, 2024 (5 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
December 19th, 2024 (5 months ago)
|
|
|
Description: An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [...]
December 18th, 2024 (5 months ago)
|
|
|
Description: The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [...]
December 18th, 2024 (5 months ago)
|
|
|
Description: Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. [...]
December 18th, 2024 (5 months ago)
|
|
|
Description: GHNA is Allegedly Selling Access to an Unidentified Indian Technology Company
December 18th, 2024 (5 months ago)
|
|
|
Description: The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [...]
December 18th, 2024 (5 months ago)
|