CVE-2023-20951
https://notcve.org/view.php?id=CVE-2023-20951
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258652631 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVE-2023-21454
https://notcve.org/view.php?id=CVE-2023-21454
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •
CVE-2023-21461
https://notcve.org/view.php?id=CVE-2023-21461
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •
CVE-2023-21456
https://notcve.org/view.php?id=CVE-2023-21456
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-21452
https://notcve.org/view.php?id=CVE-2023-21452
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •