CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21267
https://notcve.org/view.php?id=CVE-2023-21267
In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c https://android.googlesource.com/platform/frameworks/base/+/cecddcd865f72d76f7aacb1cf4479365847299f9 https://android.googlesource.com/platform/frameworks/base/+/e205cd30e91d8eeadf562140c34c306ebf7d6394 https://source.android.com/security/bulletin/2024-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21265
https://notcve.org/view.php?id=CVE-2023-21265
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4 https://source.android.com/security/bulletin/2023-08-01 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 76EXPL: 0CVE-2023-30701
https://notcve.org/view.php?id=CVE-2023-30701
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 •
CVSS: 5.3EPSS: 0%CPEs: 76EXPL: 0CVE-2023-30700
https://notcve.org/view.php?id=CVE-2023-30700
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 •
CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2023-30699
https://notcve.org/view.php?id=CVE-2023-30699
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 • CWE-787: Out-of-bounds Write •