CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21028
https://notcve.org/view.php?id=CVE-2023-21028
24 Mar 2023 — In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180680572 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21008
https://notcve.org/view.php?id=CVE-2023-21008
24 Mar 2023 — In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20957
https://notcve.org/view.php?id=CVE-2023-20957
24 Mar 2023 — In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20991
https://notcve.org/view.php?id=CVE-2023-20991
24 Mar 2023 — In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255305114 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21034
https://notcve.org/view.php?id=CVE-2023-21034
24 Mar 2023 — In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21026
https://notcve.org/view.php?id=CVE-2023-21026
24 Mar 2023 — In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548 • https://source.android.com/security/bulletin/pixel/2023-03-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20467
https://notcve.org/view.php?id=CVE-2022-20467
24 Mar 2023 — In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20992
https://notcve.org/view.php?id=CVE-2023-20992
24 Mar 2023 — In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568750 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21017
https://notcve.org/view.php?id=CVE-2023-21017
24 Mar 2023 — In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236687884 • https://source.android.com/security/bulletin/pixel/2023-03-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20975
https://notcve.org/view.php?id=CVE-2023-20975
24 Mar 2023 — In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 • https://source.android.com/security/bulletin/pixel/2023-06-01 •