Skip to main content
CVE-2023-21284 MEDIUM PATCH This Month

In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21283 MEDIUM PATCH This Month

In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21280 MEDIUM PATCH This Month

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21279 MEDIUM PATCH This Month

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21277 MEDIUM PATCH This Month

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21276 MEDIUM PATCH This Month

In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21274 MEDIUM PATCH This Month

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21271 MEDIUM PATCH This Month

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21234 MEDIUM This Month

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21230 MEDIUM This Month

In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21268 MEDIUM PATCH This Month

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Path Traversal Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21267 MEDIUM This Month

In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-39950 MEDIUM This Month

efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Efibootguard
NVD GitHub
CVSS 3.1
5.2
EPSS
0.4%
CVE-2023-40312 MEDIUM PATCH This Month

Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
5.2
EPSS
0.6%
CVE-2023-40311 MEDIUM PATCH This Month

Multiple stored XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that allow an attacker to store on. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-30752 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS External Videos
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30751 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Article Directory Redux
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30749 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Optima Express Marketboost Idx
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30477 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Affiliate Solution
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29097 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS A3 Portfolio
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-21278 LOW PATCH Monitor

In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-21232 LOW Monitor

In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy