CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35675
https://notcve.org/view.php?id=CVE-2023-35675
11 Sep 2023 — In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En loadMediaResumptionControls de MediaResumeListener.kt, existe una forma posible de reproducir y escuchar archivos multimedia reproducidos por otro usuario en el mismo dispo... • https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-35674 – Android Framework Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-35674
11 Sep 2023 — In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En onCreate de WindowState.java, existe una forma posible de iniciar una actividad en segundo plano debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adici... • https://github.com/Thampakon/CVE-2023-35674 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35673
https://notcve.org/view.php?id=CVE-2023-35673
11 Sep 2023 — In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En build_read_multi_rsp de gatt_sr.cc, existe una posible escritura fuera de límites debido a un Desbordamiento de Enteros. Esto podría conducir a la ejecución remota de código (próximo/adyacente) sin necesidad de privilegios de ejecución adiciona... • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-35671
https://notcve.org/view.php?id=CVE-2023-35671
11 Sep 2023 — In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En onHostEmulationData de HostEmulationManager.java, existe una forma posible para que un lector NFC de uso general lea el número comp... • https://github.com/MrTiz/CVE-2023-35671 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35670
https://notcve.org/view.php?id=CVE-2023-35670
11 Sep 2023 — In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En ComputeValuesFromData de FileUtils.java, existe una forma posible de insertar archivos en directorios privados externos de otras aplicaciones debido a un error de path traversal. Esto podría conducir a un... • https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35669
https://notcve.org/view.php?id=CVE-2023-35669
11 Sep 2023 — In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En checkKeyIntentParceledCorrectly de AccountManagerService.java, existe una forma posible de controlar otras actividades en ejecución debido a una deserialización insegura. Esto podría conducir a una escalada... • https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35667
https://notcve.org/view.php?id=CVE-2023-35667
11 Sep 2023 — In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En updateList de NotificationAccessSettings.java, existe una forma posible de ocultar los oyentes de notificaciones aprobados en la configuración debido a un error lógico en el código. Esto podría condu... • https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35666
https://notcve.org/view.php?id=CVE-2023-35666
11 Sep 2023 — In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En bta_av_rc_msg de bta_av_act.cc, existe un posible Use After Free debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35665
https://notcve.org/view.php?id=CVE-2023-35665
11 Sep 2023 — In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En varios archivos, existe una forma posible de importar un contacto de otro usuario debido a que falta una verificación de permiso. Esto podría conducir a una escalada local de privilegios sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/packages/services/Telephony/+/674039e70e1c5bf29b808899ac80c709acc82290 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35658
https://notcve.org/view.php?id=CVE-2023-35658
11 Sep 2023 — In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En gatt_process_prep_write_rsp de gatt_cl.cc, existe una posible escalada de privilegios debido a un uso posterior a la liberación. Esto podría conducir a la ejecución remota de código (próximo/adyacente) sin necesidad de privilegios de ejecu... • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192 • CWE-416: Use After Free •