Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In February 2023
CVE-2022-43552
A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-02-09
CVE-2023-21450
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner&#39;s widget without authorization via gesture setting.
CVSS Score
2.3
EPSS Score
0.001
Published
2023-02-09
CVE-2023-21451
A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-02-09
CVE-2023-21436
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-02-09
CVE-2023-21437
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-02-09
CVE-2023-21438
Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
CVSS Score
2.1
EPSS Score
0.001
Published
2023-02-09
CVE-2023-21439
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
CVSS Score
8.5
EPSS Score
0.0
Published
2023-02-09
CVE-2023-21440
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-02-09
CVE-2023-21441
Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.
CVSS Score
7.4
EPSS Score
0.0
Published
2023-02-09
CVE-2023-21442
Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-02-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved