CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20954
https://notcve.org/view.php?id=CVE-2023-20954
24 Mar 2023 — In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261867748 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-20955
https://notcve.org/view.php?id=CVE-2023-20955
24 Mar 2023 — In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 • https://github.com/Trinadh465/packages_apps_Settings_AOSP10_r33_CVE-2023-20955 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20957
https://notcve.org/view.php?id=CVE-2023-20957
24 Mar 2023 — In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 • https://source.android.com/security/bulletin/2023-03-01 • CWE-266: Incorrect Privilege Assignment •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20966
https://notcve.org/view.php?id=CVE-2023-20966
24 Mar 2023 — In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242299736 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21461
https://notcve.org/view.php?id=CVE-2023-21461
16 Mar 2023 — Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2023-21463
https://notcve.org/view.php?id=CVE-2023-21463
16 Mar 2023 — Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. • https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=03 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21457
https://notcve.org/view.php?id=CVE-2023-21457
16 Mar 2023 — Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 44EXPL: 0CVE-2023-21449
https://notcve.org/view.php?id=CVE-2023-21449
16 Mar 2023 — Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21452
https://notcve.org/view.php?id=CVE-2023-21452
16 Mar 2023 — Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •
CVSS: 2.4EPSS: 0%CPEs: 48EXPL: 0CVE-2023-21454
https://notcve.org/view.php?id=CVE-2023-21454
16 Mar 2023 — Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=03 • CWE-285: Improper Authorization •