CVE-2023-21490
https://notcve.org/view.php?id=CVE-2023-21490
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-284: Improper Access Control •
CVE-2023-2467
https://notcve.org/view.php?id=CVE-2023-2467
Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html https://crbug.com/1413586 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF https://security.gentoo.org/glsa/202309-17 https://www.deb •
CVE-2023-2463
https://notcve.org/view.php?id=CVE-2023-2463
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html https://crbug.com/1406120 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6P5RJ6UD37IPBWU3GPQNMIUFVOVCGSLY https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3V6GPGMY6ZWVWPECMQGGOKQVATXJ5BA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4JI552XDFD6DYFU6WNCRBCAXWOFOOSF https://security.gentoo.org/glsa/202309-17 https://www.deb •
CVE-2023-21098
https://notcve.org/view.php?id=CVE-2023-21098
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 • https://source.android.com/security/bulletin/2023-04-01 •
CVE-2023-21080
https://notcve.org/view.php?id=CVE-2023-21080
In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245916076 • https://source.android.com/security/bulletin/2023-04-01 • CWE-125: Out-of-bounds Read •