CVE-2023-21206

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245630

Related Vulnerabilities

CVE-2021-34393

MEDIUM
CVSS:4.4(Medium)

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deser...

CWE-5022021

CVE-2023-36736

MEDIUM
CVSS:4.4(Medium)

Microsoft Identity Linux Broker Remote Code Execution Vulnerability

CWE-5022023

CVE-2024-31308

MEDIUM
CVSS:4.4(Medium)

Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.

CWE-5022024

CVE-2024-32817

MEDIUM
CVSS:4.4(Medium)

Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2.

CWE-5022024

CVE-2024-34751

MEDIUM
CVSS:4.4(Medium)

Deserialization of Untrusted Data vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.9.

CWE-5022024

CVE-2024-27281

MEDIUM
CVSS:4.5(Medium)

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultan...

CWE-5022024