CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21019
https://notcve.org/view.php?id=CVE-2023-21019
24 Mar 2023 — In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242379731 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21020
https://notcve.org/view.php?id=CVE-2023-21020
24 Mar 2023 — In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256591441 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21457
https://notcve.org/view.php?id=CVE-2023-21457
16 Mar 2023 — Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21452
https://notcve.org/view.php?id=CVE-2023-21452
16 Mar 2023 — Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21461
https://notcve.org/view.php?id=CVE-2023-21461
16 Mar 2023 — Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21462
https://notcve.org/view.php?id=CVE-2023-21462
16 Mar 2023 — The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03 • CWE-215: Insertion of Sensitive Information Into Debugging Code •
CVSS: 4.4EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21460
https://notcve.org/view.php?id=CVE-2023-21460
16 Mar 2023 — Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-21463
https://notcve.org/view.php?id=CVE-2023-21463
16 Mar 2023 — Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03 • CWE-284: Improper Access Control •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-21453
https://notcve.org/view.php?id=CVE-2023-21453
16 Mar 2023 — Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21456
https://notcve.org/view.php?id=CVE-2023-21456
16 Mar 2023 — Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •