CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-20956
https://notcve.org/view.php?id=CVE-2023-20956
In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240140929 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20962
https://notcve.org/view.php?id=CVE-2023-20962
In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21000
https://notcve.org/view.php?id=CVE-2023-21000
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918 • https://source.android.com/security/bulletin/pixel/2023-03-01 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20975
https://notcve.org/view.php?id=CVE-2023-20975
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-20980
https://notcve.org/view.php?id=CVE-2023-20980
In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260230274 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •