{"vulnerability": "cve-2023-4013", "sightings": [{"uuid": "cda6817c-63d5-4482-8419-cf69b97abbb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40132", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgbybvyeja2r", "content": "", "creation_timestamp": "2025-01-21T23:16:07.332804Z"}, {"uuid": "916947e9-5c21-4cc9-8c5f-3d427d611000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40132", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2594", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-40132\n\ud83d\udd39 Description: In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.\n\ud83d\udccf Published: 2025-01-21T23:04:42.269Z\n\ud83d\udccf Modified: 2025-01-22T17:45:35.456Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2025-01-01", "creation_timestamp": "2025-01-22T18:02:20.000000Z"}, {"uuid": "4f82f418-3382-4e74-9e0e-180c3fc08273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40132", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8461", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-40132\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.\n\ud83d\udccf Published: 2025-01-21T23:04:42.269Z\n\ud83d\udccf Modified: 2025-03-24T16:18:57.207Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2025-01-01", "creation_timestamp": "2025-03-24T16:22:50.000000Z"}, {"uuid": "cc67963b-c2ec-43af-b44a-d55eff3cb22c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40130", "type": "seen", "source": "https://t.me/cibsecurity/73094", "content": "\u203c CVE-2023-40130 \u203c\n\nIn onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:35.000000Z"}, {"uuid": "7880ba8f-7a5d-4c31-8ba8-b2fc5efa09ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40135", "type": "seen", "source": "https://t.me/cibsecurity/73092", "content": "\u203c CVE-2023-40135 \u203c\n\nIn applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:32.000000Z"}, {"uuid": "5156679d-61da-4aa0-839d-bc705903a69b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4013", "type": "seen", "source": "https://t.me/cibsecurity/69440", "content": "\u203c CVE-2023-4013 \u203c\n\nThe GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T18:12:23.000000Z"}, {"uuid": "f6c507c7-172c-4c52-90b9-bd951bf28193", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40134", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "5d3abe5d-95b0-4563-9c78-1b1b69227387", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40138", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "7ee8da5b-0291-4d60-9e7f-33d1ffce2b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40139", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "26ec57b5-edc3-44ae-a1cb-46ea6c83e9ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40137", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "40689d06-5ffb-44b7-b7ae-d4581f67f418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40135", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "1da1c9cf-d794-4bd4-828e-97b0d78d3c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40133", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "d9ced9e9-1db5-44fc-a966-5eb4c2f53a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40136", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/cf59c148-4047-4ccd-8ba0-26fb7197899c", "content": "", "creation_timestamp": "2025-02-03T19:33:09.293698Z"}, {"uuid": "2a938356-1df2-4306-9bd2-a21321c8f897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40136", "type": "seen", "source": "https://t.me/cibsecurity/73081", "content": "\u203c CVE-2023-40136 \u203c\n\nIn setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T00:17:21.000000Z"}, {"uuid": "d14085dc-5eb9-456a-8927-c1681aadb9de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-40139", "type": "seen", "source": "https://t.me/cibsecurity/73080", "content": "\u203c CVE-2023-40139 \u203c\n\nIn FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-28T06:42:35.000000Z"}]}