Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2023-31678: record/yingshi_devicekey.md at main · zzh-newlearner/record

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended.

CVE
Open in Source
#vulnerability#android
CVE-2023-31677: record/luowice.md at main · zzh-newlearner/record

Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter.

CVE-2023-31679: record/yingshi_privacy.md at main · zzh-newlearner/record

Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter.

CVE-2023-2722

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Kiddoware Kids Place Parental Control Android App 3.8.49 XSS / CSRF / File Upload

Kiddoware Kids Place Parental Control Android App versions 3.8.49 and below suffer from weak hashing, cross site request forgery, cross site scripting, and arbitrary file upload vulnerabilities.

Ubuntu Security Notice USN-6080-1

Ubuntu Security Notice 6080-1 - It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

WhatsApp 2023: New Privacy Features, Settings, and More

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

CVE-2023-2710: wp-responsive-video-gallery-with-lightbox.php in wp-responsive-video-gallery-with-lightbox/tags/1.0.22 – WordPress Plugin Repository

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-21118: Android Security Bulletin—May 2023

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004

CVE-2023-20726: May 2023

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).