CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21233
https://notcve.org/view.php?id=CVE-2023-21233
14 Aug 2023 — In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21234
https://notcve.org/view.php?id=CVE-2023-21234
14 Aug 2023 — In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21235
https://notcve.org/view.php?id=CVE-2023-21235
14 Aug 2023 — In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/docs/security/bulletin/wear/2023/2023-08-01 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-35689
https://notcve.org/view.php?id=CVE-2023-35689
14 Aug 2023 — In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/wear/2023-08-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21292
https://notcve.org/view.php?id=CVE-2023-21292
14 Aug 2023 — In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21290
https://notcve.org/view.php?id=CVE-2023-21290
14 Aug 2023 — In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21289
https://notcve.org/view.php?id=CVE-2023-21289
14 Aug 2023 — In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21288
https://notcve.org/view.php?id=CVE-2023-21288
14 Aug 2023 — In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. • https://github.com/Trinadh465/platform_frameworks_base_CVE-2023-21288 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21287
https://notcve.org/view.php?id=CVE-2023-21287
14 Aug 2023 — In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21286
https://notcve.org/view.php?id=CVE-2023-21286
14 Aug 2023 — In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/Trinadh465/platform_frameworks_base_CVE-2023-21286 •