CVE-2023-20962

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-926
View all →

Vulnerability Description

In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210

Related Vulnerabilities

CVE-2021-25397

MEDIUM
CVSS:5.5(Medium)

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

CWE-9262021

CVE-2021-25526

MEDIUM
CVSS:5.5(Medium)

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.

CWE-9262021

CVE-2025-20934

MEDIUM
CVSS:5.5(Medium)

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

CWE-9262025

CVE-2021-4438

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the f...

CWE-9262021

CVE-2023-41827

MEDIUM
CVSS:5.1(Medium)

An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.

CWE-9262023

CVE-2023-41816

MEDIUM
CVSS:5.0(Medium)

An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database.

CWE-9262023