{"vulnerability": "cve-2023-2094", "sightings": [{"uuid": "b09e1048-10f8-42a7-b9dc-cbefbb9dd07d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20940", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8402", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20940\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041\n\ud83d\udccf Published: 2023-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T18:01:08.189Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-02-01", "creation_timestamp": "2025-03-21T18:20:03.000000Z"}, {"uuid": "6c0fbd7a-55f0-4eca-acc1-8e471c6e247d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20944", "type": "seen", "source": "https://t.me/arpsyndicate/789", "content": "#ExploitObserverAlert\n\nCVE-2023-20944\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2023-20944. In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-11-30T07:13:08.000000Z"}, {"uuid": "eebcd774-5151-4bd2-a1ad-0d7105b7ea29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2094", "type": "seen", "source": "https://t.me/arpsyndicate/523", "content": "#ExploitObserverAlert\n\nCVE-2023-2094\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-24T10:07:29.000000Z"}, {"uuid": "1e664e41-a44d-45d4-bddc-7f1fc407b8cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2094", "type": "seen", "source": "https://t.me/arpsyndicate/1659", "content": "#ExploitObserverAlert\n\nCVE-2023-2094\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2094. A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T16:54:22.000000Z"}, {"uuid": "40f2779a-51ed-49d3-a60e-4602595217dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2094", "type": "seen", "source": "https://t.me/cibsecurity/62219", "content": "\u203c CVE-2023-2094 \u203c\n\nA vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T14:36:44.000000Z"}, {"uuid": "a686d432-1ab8-4493-8d41-40c798277915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20942", "type": "seen", "source": "https://t.me/cibsecurity/66626", "content": "\u203c CVE-2023-20942 \u203c\n\nIn openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-13T07:45:26.000000Z"}, {"uuid": "9c8f323f-9b99-40aa-b251-1bd5a2fffa34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20947", "type": "seen", "source": "https://t.me/cibsecurity/60719", "content": "\u203c CVE-2023-20947 \u203c\n\nIn getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237405974\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-24T23:51:04.000000Z"}, {"uuid": "74336af2-f2e8-4dd4-ba37-2dd48f422ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20949", "type": "seen", "source": "https://t.me/cibsecurity/58197", "content": "\u203c CVE-2023-20949 \u203c\n\nIn s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:08.000000Z"}, {"uuid": "bb5205b0-54b3-4260-b448-846799a4ad4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20940", "type": "seen", "source": "https://t.me/cibsecurity/59128", "content": "\u203c CVE-2023-20940 \u203c\n\nIn the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:54.000000Z"}, {"uuid": "e5e1eb0c-f83f-4b02-b235-8edcfba86a4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20943", "type": "seen", "source": "https://t.me/cibsecurity/59126", "content": "\u203c CVE-2023-20943 \u203c\n\nIn clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:52.000000Z"}, {"uuid": "ddb50e81-4597-442f-b5d3-b2cac7743d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20945", "type": "seen", "source": "https://t.me/cibsecurity/59117", "content": "\u203c CVE-2023-20945 \u203c\n\nIn phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:42.000000Z"}, {"uuid": "0c4a9e78-528a-4edc-8c53-1184140dd1b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20946", "type": "seen", "source": "https://t.me/cibsecurity/59119", "content": "\u203c CVE-2023-20946 \u203c\n\nIn onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-23T21:46:51.000000Z"}, {"uuid": "8f8d4190-270c-40b8-8be1-70487d609699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20948", "type": "seen", "source": "https://t.me/cibsecurity/59114", "content": "\u203c CVE-2023-20948 \u203c\n\nIn dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:39.000000Z"}, {"uuid": "b661a9fe-2642-41cc-990a-937bf36dbe91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20947", "type": "published-proof-of-concept", "source": "https://t.me/androidMalware/1922", "content": "Leveraging Android Permissions: A Solver Approach (CVE-2023-20947)\nhttps://blog.thalium.re/posts/leveraging-android-permissions/", "creation_timestamp": "2023-10-23T03:00:37.000000Z"}]}