Bitdefender Box 命令注入漏洞

Bitdefender BOX is a smart home security control device from Bitdefender, Romania. A command injection vulnerability exists in Bitdefender Box version 1.3.11.490, which stems from the presence of a command injection in the checkimageandtriggerrecovery API endpoint, which could lead to remote code...

CVE-2023-20912

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...