CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20443
https://notcve.org/view.php?id=CVE-2022-20443
In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194480991 • https://source.android.com/security/bulletin/android-13 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21182
https://notcve.org/view.php?id=CVE-2023-21182
In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764175 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21185
https://notcve.org/view.php?id=CVE-2023-21185
In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-266700762 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21198
https://notcve.org/view.php?id=CVE-2023-21198
In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245517503 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21209
https://notcve.org/view.php?id=CVE-2023-21209
In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236273 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-502: Deserialization of Untrusted Data •