CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-33906
https://notcve.org/view.php?id=CVE-2023-33906
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1687281677639942145 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21260
https://notcve.org/view.php?id=CVE-2023-21260
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation. • https://source.android.com/security/bulletin/aaos/2023-07-01 • CWE-346: Origin Validation Error •
CVSS: 3.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21262
https://notcve.org/view.php?id=CVE-2023-21262
In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation. • https://android.googlesource.com/platform/frameworks/av/+/2c8973c39478cd3c8cf11d9f27cc0556a106d006 https://source.android.com/security/bulletin/2023-07-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21257
https://notcve.org/view.php?id=CVE-2023-21257
In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/1aec7feaf07e6d4568ca75d18158445dbeac10f6 https://source.android.com/security/bulletin/2023-07-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21256
https://notcve.org/view.php?id=CVE-2023-21256
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/62fc1d269f5e754fc8f00b6167d79c3933b4c1f4 https://source.android.com/security/bulletin/2023-07-01 • CWE-863: Incorrect Authorization •