CVSS: 6.7EPSS: 0%CPEs: 44EXPL: 0CVE-2023-20768
https://notcve.org/view.php?id=CVE-2023-20768
04 Jul 2023 — In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07559800. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 55EXPL: 0CVE-2023-20766
https://notcve.org/view.php?id=CVE-2023-20766
04 Jul 2023 — In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 57EXPL: 0CVE-2023-20753
https://notcve.org/view.php?id=CVE-2023-20753
04 Jul 2023 — In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 57EXPL: 0CVE-2023-20755
https://notcve.org/view.php?id=CVE-2023-20755
04 Jul 2023 — In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.7EPSS: 0%CPEs: 57EXPL: 0CVE-2023-20754
https://notcve.org/view.php?id=CVE-2023-20754
04 Jul 2023 — In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.2EPSS: 0%CPEs: 57EXPL: 0CVE-2023-21513
https://notcve.org/view.php?id=CVE-2023-21513
28 Jun 2023 — Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 3.3EPSS: 0%CPEs: 57EXPL: 0CVE-2023-21512
https://notcve.org/view.php?id=CVE-2023-21512
28 Jun 2023 — Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21129
https://notcve.org/view.php?id=CVE-2023-21129
15 Jun 2023 — In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612 • https://source.android.com/security/bulletin/2023-06-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21123
https://notcve.org/view.php?id=CVE-2023-21123
15 Jun 2023 — In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 • https://source.android.com/security/bulletin/2023-06-01 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21108
https://notcve.org/view.php?id=CVE-2023-21108
15 Jun 2023 — In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876 • https://source.android.com/security/bulletin/2023-06-01 • CWE-416: Use After Free •