CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21267
https://notcve.org/view.php?id=CVE-2023-21267
14 Aug 2023 — In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/cb7e9c7549a2a076ec00db15e3da0d21b31b0b1c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21265
https://notcve.org/view.php?id=CVE-2023-21265
14 Aug 2023 — In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/system/ca-certificates/+/6065b4a4c7da9cc9ee01c2f6389575647d2724c4 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21242
https://notcve.org/view.php?id=CVE-2023-21242
14 Aug 2023 — In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/72e903f258b5040b8f492cf18edd124b5a1ac770 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21140
https://notcve.org/view.php?id=CVE-2023-21140
14 Aug 2023 — In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21134
https://notcve.org/view.php?id=CVE-2023-21134
14 Aug 2023 — In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21133
https://notcve.org/view.php?id=CVE-2023-21133
14 Aug 2023 — In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21132
https://notcve.org/view.php?id=CVE-2023-21132
14 Aug 2023 — In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-20965
https://notcve.org/view.php?id=CVE-2023-20965
14 Aug 2023 — In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/0d3cb609b0851ea9e5745cc6101e57c2e5e739f2 • CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 76EXPL: 0CVE-2023-30701
https://notcve.org/view.php?id=CVE-2023-30701
10 Aug 2023 — PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 •
CVSS: 5.3EPSS: 0%CPEs: 76EXPL: 0CVE-2023-30700
https://notcve.org/view.php?id=CVE-2023-30700
10 Aug 2023 — PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=08 •