CVE-2023-21286
- EPSS 0.18%
- Veröffentlicht 14.08.2023 22:15:13
- Zuletzt bearbeitet 21.11.2024 07:42:34
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
CVE-2023-21287
- EPSS 0.42%
- Veröffentlicht 14.08.2023 22:15:13
- Zuletzt bearbeitet 21.11.2024 07:42:34
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21288
- EPSS 0.17%
- Veröffentlicht 14.08.2023 22:15:13
- Zuletzt bearbeitet 21.11.2024 07:42:34
In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for expl...
CVE-2023-21289
- EPSS 0.09%
- Veröffentlicht 14.08.2023 22:15:13
- Zuletzt bearbeitet 21.11.2024 07:42:34
In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat...
CVE-2023-21290
- EPSS 0.07%
- Veröffentlicht 14.08.2023 22:15:13
- Zuletzt bearbeitet 21.11.2024 07:42:34
In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitatio...
CVE-2023-21292
- EPSS 0.09%
- Veröffentlicht 14.08.2023 22:15:13
- Zuletzt bearbeitet 21.11.2024 07:42:34
In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User ...
CVE-2023-21230
- EPSS 0.08%
- Veröffentlicht 14.08.2023 22:15:12
- Zuletzt bearbeitet 21.11.2024 07:42:25
In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information...
CVE-2023-21231
- EPSS 0.09%
- Veröffentlicht 14.08.2023 22:15:12
- Zuletzt bearbeitet 21.11.2024 07:42:25
In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no ...
CVE-2023-21232
- EPSS 0.08%
- Veröffentlicht 14.08.2023 22:15:12
- Zuletzt bearbeitet 21.11.2024 07:42:25
In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-21233
- EPSS 0.34%
- Veröffentlicht 14.08.2023 22:15:12
- Zuletzt bearbeitet 21.11.2024 07:42:26
In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.