CVE-2023-22473

LOW Year: 2023
CVSS v3 Score
2.1
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2.

Related Vulnerabilities

CVE-2020-16241

LOW
CVSS:2.1(Low)

Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-2842020

CVE-2024-29206

LOW
CVSS:2.2(Low)

An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect EV S...

CWE-2842024

CVE-2019-5452

LOW
CVSS:2.4(Low)

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.

CWE-2842019

CVE-2021-25340

LOW
CVSS:2.4(Low)

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.

CWE-2842021

CVE-2022-33706

LOW
CVSS:2.4(Low)

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

CWE-2842022

CVE-2022-33720

LOW
CVSS:2.4(Low)

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

CWE-2842022