Filtered by NVD-CWE-Other
Total 29112 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-21449 1 Samsung 1 Android 2024-08-02 4 Medium
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
CVE-2023-21454 1 Samsung 1 Android 2024-08-02 2.4 Low
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.
CVE-2023-21457 1 Samsung 1 Android 2024-08-02 4.1 Medium
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
CVE-2023-21452 1 Samsung 1 Android 2024-08-02 3.3 Low
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.
CVE-2023-21455 1 Samsung 2 Exynos, Exynos Firmware 2024-08-02 5.9 Medium
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
CVE-2023-21485 1 Samsung 1 Android 2024-08-02 5.3 Medium
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
CVE-2023-21461 1 Samsung 1 Android 2024-08-02 4 Medium
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
CVE-2023-21463 2 Google, Samsung 2 Android, Myfiles 2024-08-02 4 Medium
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.
CVE-2023-21486 1 Samsung 1 Android 2024-08-02 5.3 Medium
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
CVE-2023-21464 2 Google, Samsung 2 Android, Calendar 2024-08-02 4 Medium
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.
CVE-2023-21394 1 Google 1 Android 2024-08-02 5.5 Medium
In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21172 1 Google 1 Android 2024-08-02 7.8 High
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015
CVE-2023-21103 1 Google 1 Android 2024-08-02 5.5 Medium
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622
CVE-2023-21116 1 Google 1 Android 2024-08-02 6.7 Medium
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273
CVE-2023-21105 1 Google 1 Android 2024-08-02 5.5 Medium
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568
CVE-2023-21098 1 Google 1 Android 2024-08-02 7.8 High
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867
CVE-2023-21087 1 Google 1 Android 2024-08-02 5.5 Medium
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753
CVE-2023-20929 1 Google 1 Android 2024-08-02 5.5 Medium
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700
CVE-2023-20964 1 Google 1 Android 2024-08-02 7.8 High
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121
CVE-2023-20957 1 Google 1 Android 2024-08-02 7.8 High
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561