CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21168
https://notcve.org/view.php?id=CVE-2023-21168
In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-253270285 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21189
https://notcve.org/view.php?id=CVE-2023-21189
In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21183
https://notcve.org/view.php?id=CVE-2023-21183
In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235863754 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21173
https://notcve.org/view.php?id=CVE-2023-21173
In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-862: Missing Authorization •
CVSS: 3.3EPSS: 0%CPEs: 57EXPL: 0CVE-2023-21512
https://notcve.org/view.php?id=CVE-2023-21512
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •