CVE-2023-20905
- EPSS 0.14%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 03.04.2025 21:15:38
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...
CVE-2023-20908
- EPSS 0.12%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 03.04.2025 21:15:38
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.P...
CVE-2023-20912
- EPSS 0.13%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:51
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. Us...
CVE-2023-20913
- EPSS 0.13%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:51
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User exe...
CVE-2023-20915
- EPSS 0.14%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:51
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution priv...
CVE-2023-20916
- EPSS 0.13%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:51
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no addi...
CVE-2023-20919
- EPSS 0.14%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:51
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...
CVE-2023-20920
- EPSS 0.14%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:52
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: ...
CVE-2023-20921
- EPSS 0.27%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:52
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges n...
CVE-2023-20922
- EPSS 0.12%
- Veröffentlicht 26.01.2023 21:18:11
- Zuletzt bearbeitet 02.04.2025 15:15:52
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...