CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21240
https://notcve.org/view.php?id=CVE-2023-21240
12 Jul 2023 — In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/69119d1d3102e27b6473c785125696881bce9563 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21238
https://notcve.org/view.php?id=CVE-2023-21238
12 Jul 2023 — In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21238 • CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21145
https://notcve.org/view.php?id=CVE-2023-21145
12 Jul 2023 — In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/44aeef1b82ecf21187d4903c9e3666a118bdeaf3 • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 2CVE-2023-20918
https://notcve.org/view.php?id=CVE-2023-20918
12 Jul 2023 — In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/pazhanivel07/platform_frameworks_base_AOSP_10_r33_CVE-2023-20918 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.1EPSS: 0%CPEs: 17EXPL: 0CVE-2022-48451
https://notcve.org/view.php?id=CVE-2022-48451
12 Jul 2023 — In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2023-33905
https://notcve.org/view.php?id=CVE-2023-33905
12 Jul 2023 — In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2023-33904
https://notcve.org/view.php?id=CVE-2023-33904
12 Jul 2023 — In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2022-48450
https://notcve.org/view.php?id=CVE-2022-48450
12 Jul 2023 — In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073 •
CVSS: 4.4EPSS: 0%CPEs: 17EXPL: 0CVE-2023-33903
https://notcve.org/view.php?id=CVE-2023-33903
12 Jul 2023 — In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073 •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 1CVE-2023-33902
https://notcve.org/view.php?id=CVE-2023-33902
12 Jul 2023 — In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. • https://github.com/uthrasri/CVE-2023-33902_single_file • CWE-862: Missing Authorization •