CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21289
https://notcve.org/view.php?id=CVE-2023-21289
In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185 https://source.android.com/security/bulletin/2023-08-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21288
https://notcve.org/view.php?id=CVE-2023-21288
In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c https://source.android.com/security/bulletin/2023-08-01 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21287
https://notcve.org/view.php?id=CVE-2023-21287
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6 https://source.android.com/security/bulletin/2023-08-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21286
https://notcve.org/view.php?id=CVE-2023-21286
In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/a65429742caf05205ea7f1c2fdd1119ca652b810 https://source.android.com/security/bulletin/2023-08-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21285
https://notcve.org/view.php?id=CVE-2023-21285
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/0c3b7ec3377e7fb645ec366be3be96bb1a252ca1 https://source.android.com/security/bulletin/2023-08-01 •