https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sat, 09 May 2026 19:44:50 +0000 https://db.gcve.eu/sighting/6750c38b-8bff-455e-9707-dd0c64c737ac/export {"uuid": "6750c38b-8bff-455e-9707-dd0c64c737ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20903", "type": "seen", "source": "https://t.me/cibsecurity/60966", "content": "\u203c CVE-2023-20903 \u203c\n\nThis disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. It is expected that the UAA would reject a refresh token during a refresh token grant, but it does not (hence the vulnerability). It will continue to issue access tokens to request presenting such refresh tokens, as if the identity provider was still active. As a result, clients with refresh tokens issued through the deactivated identity provider would still have access to Cloud Foundry resources until their refresh token expires (which defaults to 30 days).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:46:12.000000Z"} {"uuid": "6750c38b-8bff-455e-9707-dd0c64c737ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20903", "type": "seen", "source": "https://t.me/cibsecurity/60966", "content": "\u203c CVE-2023-20903 \u203c\n\nThis disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. It is expected that the UAA would reject a refresh token during a refresh token grant, but it does not (hence the vulnerability). It will continue to issue access tokens to request presenting such refresh tokens, as if the identity provider was still active. As a result, clients with refresh tokens issued through the deactivated identity provider would still have access to Cloud Foundry resources until their refresh token expires (which defaults to 30 days).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T00:46:12.000000Z"} https://db.gcve.eu/sighting/6750c38b-8bff-455e-9707-dd0c64c737ac/export Wed, 29 Mar 2023 00:46:12 +0000 https://db.gcve.eu/sighting/950c46ae-67bd-4c32-a20f-e48e62bb32e9/export {"uuid": "950c46ae-67bd-4c32-a20f-e48e62bb32e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20900", "type": "seen", "source": "https://t.me/cibsecurity/69536", "content": "\u203c CVE-2023-20900 \u203c\n\nVMware Tools contains a SAML token signature bypass vulnerability.\u00c2\u00a0A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T14:12:53.000000Z"} {"uuid": "950c46ae-67bd-4c32-a20f-e48e62bb32e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20900", "type": "seen", "source": "https://t.me/cibsecurity/69536", "content": "\u203c CVE-2023-20900 \u203c\n\nVMware Tools contains a SAML token signature bypass vulnerability.\u00c2\u00a0A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-31T14:12:53.000000Z"} https://db.gcve.eu/sighting/950c46ae-67bd-4c32-a20f-e48e62bb32e9/export Thu, 31 Aug 2023 14:12:53 +0000 https://db.gcve.eu/sighting/1ef7421c-549e-4aa3-aba9-52dd6a919a9f/export {"uuid": "1ef7421c-549e-4aa3-aba9-52dd6a919a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20906", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20906\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T20:19:11.087Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-03-01", "creation_timestamp": "2025-02-28T20:26:59.000000Z"} {"uuid": "1ef7421c-549e-4aa3-aba9-52dd6a919a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20906", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5969", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20906\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-28T20:19:11.087Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-03-01", "creation_timestamp": "2025-02-28T20:26:59.000000Z"} https://db.gcve.eu/sighting/1ef7421c-549e-4aa3-aba9-52dd6a919a9f/export Fri, 28 Feb 2025 20:26:59 +0000 https://db.gcve.eu/sighting/643b7daa-b01d-44e8-9fcd-a488e2c876a0/export {"uuid": "643b7daa-b01d-44e8-9fcd-a488e2c876a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20908", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10353", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20908\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T20:12:08.908Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-01-01", "creation_timestamp": "2025-04-03T20:36:04.000000Z"} {"uuid": "643b7daa-b01d-44e8-9fcd-a488e2c876a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20908", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10353", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20908\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T20:12:08.908Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-01-01", "creation_timestamp": "2025-04-03T20:36:04.000000Z"} https://db.gcve.eu/sighting/643b7daa-b01d-44e8-9fcd-a488e2c876a0/export Thu, 03 Apr 2025 20:36:04 +0000 https://db.gcve.eu/sighting/7223da67-79be-4c41-9b8c-da1d7b82d6e9/export {"uuid": "7223da67-79be-4c41-9b8c-da1d7b82d6e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20905", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20905\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T20:11:31.837Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-01-01", "creation_timestamp": "2025-04-03T20:36:06.000000Z"} {"uuid": "7223da67-79be-4c41-9b8c-da1d7b82d6e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20905", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10355", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20905\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T20:11:31.837Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-01-01", "creation_timestamp": "2025-04-03T20:36:06.000000Z"} https://db.gcve.eu/sighting/7223da67-79be-4c41-9b8c-da1d7b82d6e9/export Thu, 03 Apr 2025 20:36:06 +0000 https://db.gcve.eu/sighting/27bbd74d-4020-4c71-a775-f4654cf2662e/export {"uuid": "27bbd74d-4020-4c71-a775-f4654cf2662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20904", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10356", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20904\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T20:11:00.615Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-01-01", "creation_timestamp": "2025-04-03T20:36:07.000000Z"} {"uuid": "27bbd74d-4020-4c71-a775-f4654cf2662e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-20904", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10356", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20904\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272\n\ud83d\udccf Published: 2023-01-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-03T20:11:00.615Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-01-01", "creation_timestamp": "2025-04-03T20:36:07.000000Z"} https://db.gcve.eu/sighting/27bbd74d-4020-4c71-a775-f4654cf2662e/export Thu, 03 Apr 2025 20:36:07 +0000