CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21127
https://notcve.org/view.php?id=CVE-2023-21127
15 Jun 2023 — In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191 • https://source.android.com/security/bulletin/2023-06-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21095
https://notcve.org/view.php?id=CVE-2023-21095
15 Jun 2023 — In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576 • https://source.android.com/security/bulletin/2023-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21143
https://notcve.org/view.php?id=CVE-2023-21143
15 Jun 2023 — In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777 • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21128
https://notcve.org/view.php?id=CVE-2023-21128
15 Jun 2023 — In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183 • https://source.android.com/security/bulletin/2023-06-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-21144
https://notcve.org/view.php?id=CVE-2023-21144
15 Jun 2023 — In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417 • https://github.com/hshivhare67/Framework_base_AOSP10_r33_CVE-2023-21144_old • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21115
https://notcve.org/view.php?id=CVE-2023-21115
15 Jun 2023 — In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 • https://source.android.com/security/bulletin/2023-06-01 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 43EXPL: 0CVE-2023-20725
https://notcve.org/view.php?id=CVE-2023-20725
06 Jun 2023 — In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only). • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20724
https://notcve.org/view.php?id=CVE-2023-20724
06 Jun 2023 — In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20723
https://notcve.org/view.php?id=CVE-2023-20723
06 Jun 2023 — In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 37EXPL: 0CVE-2023-20716
https://notcve.org/view.php?id=CVE-2023-20716
06 Jun 2023 — In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-787: Out-of-bounds Write •