Tim Yu

Researcher fromGoogle
#15177of 53,619
17.6Total CVSS
Vulnerabilities · 4
Low
2
Medium
2
PT-2023-27285
5.5
2023-10-27
Google · Android · CVE-2023-40133
**Name of the Vulnerable Software and Affected Versions** No specific software name or versions are mentioned in the provided descriptions. **Description** The issue is related to a confused deputy in multiple locations, potentially allowing an attacker to view another user's images. This could lead to local information disclosure without requiring additional execution privileges. User interaction is not necessary for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27288
3.3
2023-10-27
Unknown · Dialogfillui.Java · CVE-2023-40136
**Name of the Vulnerable Software and Affected Versions** DialogFillUi.java (affected versions not specified) **Description** The issue is related to a confused deputy in the setHeader of DialogFillUi.java, allowing an attacker to view another user's images. This could lead to local information disclosure without requiring additional execution privileges. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27289
3.3
2023-10-27
Google · Android · CVE-2023-40137
**Name of the Vulnerable Software and Affected Versions** No specific software name or versions are mentioned in the provided descriptions. **Description** The issue is related to a confused deputy in multiple functions, potentially allowing an attacker to view another user's images. This could lead to local information disclosure without requiring additional execution privileges or user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-27291
5.5
2023-10-27
Fillui · Fillui · CVE-2023-40139
**Name of the Vulnerable Software and Affected Versions** FillUi (affected versions not specified) **Description** The issue in FillUi.java allows for local information disclosure due to a confused deputy, enabling the viewing of another user's images without requiring additional execution privileges or user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.