CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21256
https://notcve.org/view.php?id=CVE-2023-21256
In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/apps/Settings/+/62fc1d269f5e754fc8f00b6167d79c3933b4c1f4 https://source.android.com/security/bulletin/2023-07-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21254
https://notcve.org/view.php?id=CVE-2023-21254
In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/fa539c85503dc63bfb53c76b6f12b3549f14a709 https://source.android.com/security/bulletin/2023-07-01 •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21251
https://notcve.org/view.php?id=CVE-2023-21251
In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/57946e2bb73850e817b3c01fa5350d705e178e39 https://source.android.com/security/bulletin/2023-07-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21250
https://notcve.org/view.php?id=CVE-2023-21250
In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ec573bc83f1ed6722f7cb29431dcb2db7f10bf28 https://source.android.com/security/bulletin/2023-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21249
https://notcve.org/view.php?id=CVE-2023-21249
In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/c00b7e7dbc1fa30339adef693d02a51254755d7f https://source.android.com/security/bulletin/2023-07-01 • CWE-281: Improper Preservation of Permissions •