CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21086
https://notcve.org/view.php?id=CVE-2023-21086
19 Apr 2023 — In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-238298970 • https://github.com/Trinadh465/packages_apps_Settings_CVE-2023-21086 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21087
https://notcve.org/view.php?id=CVE-2023-21087
19 Apr 2023 — In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 • https://source.android.com/security/bulletin/2023-04-01 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21089
https://notcve.org/view.php?id=CVE-2023-21089
19 Apr 2023 — In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237766679 • https://source.android.com/security/bulletin/2023-04-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21092
https://notcve.org/view.php?id=CVE-2023-21092
19 Apr 2023 — In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055 • https://source.android.com/security/bulletin/2023-04-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21093
https://notcve.org/view.php?id=CVE-2023-21093
19 Apr 2023 — In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-228450832 • https://source.android.com/security/bulletin/2023-04-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-21094
https://notcve.org/view.php?id=CVE-2023-21094
19 Apr 2023 — In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255 • https://github.com/Trinadh465/frameworks_native_AOSP-10_r33_CVE-2023-21094 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-21097
https://notcve.org/view.php?id=CVE-2023-21097
19 Apr 2023 — In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261858325 • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-21097 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21098
https://notcve.org/view.php?id=CVE-2023-21098
19 Apr 2023 — In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 • https://source.android.com/security/bulletin/2023-04-01 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21099
https://notcve.org/view.php?id=CVE-2023-21099
19 Apr 2023 — In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-243377226 • https://source.android.com/security/bulletin/2023-04-01 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-47468
https://notcve.org/view.php?id=CVE-2022-47468
11 Apr 2023 — In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. • https://www.unisoc.com/en_us/secy/announcementDetail/1645429273135218690 • CWE-476: NULL Pointer Dereference •