Author Archives: National Vulnerability Database

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. Continue reading CVE-2023-45955 (lightstrip_firmware)→

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-40101 (android)→

In Telecomm, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-21394 (android)→

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-21374 (android)→

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-21379 (android)→

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-21384 (android)→

In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-21395 (android)→

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Continue reading CVE-2023-21381 (android)→

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User in… Continue reading CVE-2023-21382 (android)→

In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… Continue reading CVE-2023-21378 (android)→