CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21254
https://notcve.org/view.php?id=CVE-2023-21254
In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/fa539c85503dc63bfb53c76b6f12b3549f14a709 https://source.android.com/security/bulletin/2023-07-01 • CWE-863: Incorrect Authorization •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21251
https://notcve.org/view.php?id=CVE-2023-21251
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/57946e2bb73850e817b3c01fa5350d705e178e39 https://source.android.com/security/bulletin/2023-07-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21250
https://notcve.org/view.php?id=CVE-2023-21250
In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ec573bc83f1ed6722f7cb29431dcb2db7f10bf28 https://source.android.com/security/bulletin/2023-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21249
https://notcve.org/view.php?id=CVE-2023-21249
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/c00b7e7dbc1fa30339adef693d02a51254755d7f https://source.android.com/security/bulletin/2023-07-01 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21248
https://notcve.org/view.php?id=CVE-2023-21248
In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/edd4023805bc7fa54ae31de222cde02b9012bbc4 https://source.android.com/security/bulletin/2023-07-01 • CWE-862: Missing Authorization •