CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20976
https://notcve.org/view.php?id=CVE-2023-20976
24 Mar 2023 — In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20947
https://notcve.org/view.php?id=CVE-2023-20947
24 Mar 2023 — In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237405974 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20910
https://notcve.org/view.php?id=CVE-2023-20910
24 Mar 2023 — In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20982
https://notcve.org/view.php?id=CVE-2023-20982
24 Mar 2023 — In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21009
https://notcve.org/view.php?id=CVE-2023-21009
24 Mar 2023 — In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029925 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21005
https://notcve.org/view.php?id=CVE-2023-21005
24 Mar 2023 — In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21016
https://notcve.org/view.php?id=CVE-2023-21016
24 Mar 2023 — In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213905884 • https://source.android.com/security/bulletin/pixel/2023-03-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20996
https://notcve.org/view.php?id=CVE-2023-20996
24 Mar 2023 — In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749764 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21006
https://notcve.org/view.php?id=CVE-2023-21006
24 Mar 2023 — In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030027 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21033
https://notcve.org/view.php?id=CVE-2023-21033
24 Mar 2023 — In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-400: Uncontrolled Resource Consumption •