CVE-2023-44124
- EPSS 0.09%
- Veröffentlicht 27.09.2023 15:19:35
- Zuletzt bearbeitet 21.11.2024 08:25:17
The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the a...
CVE-2023-44125
- EPSS 0.13%
- Veröffentlicht 27.09.2023 15:19:35
- Zuletzt bearbeitet 21.11.2024 08:25:17
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app...
CVE-2023-35670
- EPSS 0.1%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 02.05.2025 17:15:47
In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges ne...
CVE-2023-35671
- EPSS 0.23%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:08:28
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead t...
CVE-2023-35673
- EPSS 0.2%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:08:28
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-35674
- EPSS 2.2%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 23.10.2025 14:52:35
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
CVE-2023-35675
- EPSS 0.11%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:08:29
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no ad...
CVE-2023-35676
- EPSS 0.1%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:08:29
In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2023-35677
- EPSS 0.09%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:08:29
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges nee...
CVE-2023-35679
- EPSS 0.1%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:08:29
In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.