CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40076
https://notcve.org/view.php?id=CVE-2023-40076
04 Dec 2023 — In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En createPendingIntent de CredentialManagerUi.java, existe una forma posible de acceder a las credenciales de otros usuarios debido a una omisión de permisos. Esto podría conducir a una escalada local de privilegios sin ne... • https://android.googlesource.com/platform/frameworks/base/+/9b68987df85b681f9362a3cadca6496796d23bbc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40075
https://notcve.org/view.php?id=CVE-2023-40075
04 Dec 2023 — In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation. En forceReplaceShortcutInner de ShortcutPackage.java, existe una forma posible de registrar paquetes ilimitados debido a una verificación de los límites faltantes. Esto podría provocar una denegación de ... • https://android.googlesource.com/platform/frameworks/base/+/ae768fbb9975fdab267f525831cb52f485ab0ecc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40074
https://notcve.org/view.php?id=CVE-2023-40074
04 Dec 2023 — In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. En saveToXml de PersistableBundle.java, los datos no válidos podrían provocar una denegación de servicio persistente local sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • https://android.googlesource.com/platform/frameworks/base/+/40e4ea759743737958dde018f3606d778f7a53f3 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40073
https://notcve.org/view.php?id=CVE-2023-40073
04 Dec 2023 — In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En visitUris de Notification.java, existe una posible lectura de medios entre usuarios debido a Confused Deputy. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/fe6fef4f9c1f75c12bffa4a1d16d9990cc3fbc35 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35690
https://notcve.org/view.php?id=CVE-2023-35690
04 Dec 2023 — In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Hay elevación de privilegios. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35668
https://notcve.org/view.php?id=CVE-2023-35668
04 Dec 2023 — In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En visitUris de Notification.java, existe una forma posible de mostrar imágenes de otro usuario debido a un diputado confundido. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/b7bd7df91740da680a5c3a84d8dd91b4ca6956dd •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21403
https://notcve.org/view.php?id=CVE-2023-21403
04 Dec 2023 — In RGXDestroyZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Hay elevación de privilegios. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21402
https://notcve.org/view.php?id=CVE-2023-21402
04 Dec 2023 — In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Hay elevación de privilegios. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21401
https://notcve.org/view.php?id=CVE-2023-21401
04 Dec 2023 — In DevmemIntChangeSparse of devicemem_server.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Hay elevación de privilegios. • https://source.android.com/security/bulletin/2023-12-01 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21263
https://notcve.org/view.php?id=CVE-2023-21263
04 Dec 2023 — In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Hay elevación de privilegios. • https://source.android.com/security/bulletin/2023-12-01 •