CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20930
https://notcve.org/view.php?id=CVE-2023-20930
15 May 2023 — In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 • https://source.android.com/security/bulletin/2023-05-01 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21103
https://notcve.org/view.php?id=CVE-2023-21103
15 May 2023 — In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622 • https://source.android.com/security/bulletin/2023-05-01 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-21104
https://notcve.org/view.php?id=CVE-2023-21104
15 May 2023 — In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771 • https://source.android.com/security/bulletin/2023-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21107
https://notcve.org/view.php?id=CVE-2023-21107
15 May 2023 — In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017 • https://source.android.com/security/bulletin/2023-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21109
https://notcve.org/view.php?id=CVE-2023-21109
15 May 2023 — In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597 • https://source.android.com/security/bulletin/2023-05-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21110
https://notcve.org/view.php?id=CVE-2023-21110
15 May 2023 — In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 • https://source.android.com/security/bulletin/2023-05-01 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21112
https://notcve.org/view.php?id=CVE-2023-21112
15 May 2023 — In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983 • https://source.android.com/security/bulletin/2023-05-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21116
https://notcve.org/view.php?id=CVE-2023-21116
15 May 2023 — In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 • https://source.android.com/security/bulletin/2023-05-01 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20704
https://notcve.org/view.php?id=CVE-2023-20704
15 May 2023 — In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20705
https://notcve.org/view.php?id=CVE-2023-20705
15 May 2023 — In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •