CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21136
https://notcve.org/view.php?id=CVE-2023-21136
15 Jun 2023 — In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285 • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21127
https://notcve.org/view.php?id=CVE-2023-21127
15 Jun 2023 — In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191 • https://source.android.com/security/bulletin/2023-06-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21143
https://notcve.org/view.php?id=CVE-2023-21143
15 Jun 2023 — In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268193777 • https://source.android.com/security/bulletin/2023-06-01 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21128
https://notcve.org/view.php?id=CVE-2023-21128
15 Jun 2023 — In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183 • https://source.android.com/security/bulletin/2023-06-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2023-21144
https://notcve.org/view.php?id=CVE-2023-21144
15 Jun 2023 — In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252766417 • https://github.com/hshivhare67/Framework_base_AOSP10_r33_CVE-2023-21144_old • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21115
https://notcve.org/view.php?id=CVE-2023-21115
15 Jun 2023 — In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 • https://source.android.com/security/bulletin/2023-06-01 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20724
https://notcve.org/view.php?id=CVE-2023-20724
06 Jun 2023 — In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-20723
https://notcve.org/view.php?id=CVE-2023-20723
06 Jun 2023 — In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843845. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-30915
https://notcve.org/view.php?id=CVE-2023-30915
06 Jun 2023 — In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-30914
https://notcve.org/view.php?id=CVE-2023-30914
06 Jun 2023 — In email service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1664822361414762498 • CWE-862: Missing Authorization •