CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21243
https://notcve.org/view.php?id=CVE-2023-21243
In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/5b49b8711efaadadf5052ba85288860c2d7ca7a6 https://source.android.com/security/bulletin/2023-07-01 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21241
https://notcve.org/view.php?id=CVE-2023-21241
In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/system/nfc/+/907d17eeefec6f672ea824e126406e6d8f6b56d8 https://source.android.com/security/bulletin/2023-07-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21240
https://notcve.org/view.php?id=CVE-2023-21240
In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/69119d1d3102e27b6473c785125696881bce9563 https://source.android.com/security/bulletin/2023-07-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21239
https://notcve.org/view.php?id=CVE-2023-21239
In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/c451aa5710e1da19139eb3716e39a5d6f04de5c2 https://source.android.com/security/bulletin/2023-07-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21238
https://notcve.org/view.php?id=CVE-2023-21238
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/91bfcbbd87886049778142618a655352b16cd911 https://source.android.com/security/bulletin/2023-07-01 •