CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-20943
https://notcve.org/view.php?id=CVE-2023-20943
28 Feb 2023 — In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 • https://github.com/Trinadh465/frameworks_base_CVE-2023-20943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20946
https://notcve.org/view.php?id=CVE-2023-20946
28 Feb 2023 — In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 • https://source.android.com/security/bulletin/2023-02-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20455
https://notcve.org/view.php?id=CVE-2022-20455
28 Feb 2023 — In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 • https://source.android.com/security/bulletin/2023-02-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20927
https://notcve.org/view.php?id=CVE-2023-20927
15 Feb 2023 — In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503 • https://source.android.com/security/bulletin/aaos/2023-02-01 •
CVSS: 5.1EPSS: 0%CPEs: 78EXPL: 0CVE-2023-21424
https://notcve.org/view.php?id=CVE-2023-21424
09 Feb 2023 — Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 4.0EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21429
https://notcve.org/view.php?id=CVE-2023-21429
09 Feb 2023 — Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2023-21451
https://notcve.org/view.php?id=CVE-2023-21451
09 Feb 2023 — A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=04 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 78EXPL: 0CVE-2023-21428
https://notcve.org/view.php?id=CVE-2023-21428
09 Feb 2023 — Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 0CVE-2023-21423
https://notcve.org/view.php?id=CVE-2023-21423
09 Feb 2023 — Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21436
https://notcve.org/view.php?id=CVE-2023-21436
09 Feb 2023 — Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02 • CWE-285: Improper Authorization •