CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21109
https://notcve.org/view.php?id=CVE-2023-21109
In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597 • https://source.android.com/security/bulletin/2023-05-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21111
https://notcve.org/view.php?id=CVE-2023-21111
In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769 • https://source.android.com/security/bulletin/2023-05-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20930
https://notcve.org/view.php?id=CVE-2023-20930
In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 • https://source.android.com/security/bulletin/2023-05-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.7EPSS: 0%CPEs: 45EXPL: 0CVE-2023-20673
https://notcve.org/view.php?id=CVE-2023-20673
In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21110
https://notcve.org/view.php?id=CVE-2023-21110
In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 • https://source.android.com/security/bulletin/2023-05-01 • CWE-400: Uncontrolled Resource Consumption •