CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21110
https://notcve.org/view.php?id=CVE-2023-21110
15 May 2023 — In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365 • https://source.android.com/security/bulletin/2023-05-01 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21112
https://notcve.org/view.php?id=CVE-2023-21112
15 May 2023 — In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983 • https://source.android.com/security/bulletin/2023-05-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21116
https://notcve.org/view.php?id=CVE-2023-21116
15 May 2023 — In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 • https://source.android.com/security/bulletin/2023-05-01 • CWE-863: Incorrect Authorization •
CVSS: 6.7EPSS: 0%CPEs: 54EXPL: 0CVE-2023-20708
https://notcve.org/view.php?id=CVE-2023-20708
15 May 2023 — In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 4.4EPSS: 0%CPEs: 54EXPL: 0CVE-2023-20709
https://notcve.org/view.php?id=CVE-2023-20709
15 May 2023 — In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 4.4EPSS: 0%CPEs: 54EXPL: 0CVE-2023-20710
https://notcve.org/view.php?id=CVE-2023-20710
15 May 2023 — In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 4.4EPSS: 0%CPEs: 57EXPL: 0CVE-2023-20711
https://notcve.org/view.php?id=CVE-2023-20711
15 May 2023 — In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581668; Issue ID: ALPS07581668. • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-44419
https://notcve.org/view.php?id=CVE-2022-44419
09 May 2023 — In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2022-44420
https://notcve.org/view.php?id=CVE-2022-44420
09 May 2023 — In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2022-47485
https://notcve.org/view.php?id=CVE-2022-47485
09 May 2023 — In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. • https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761 • CWE-787: Out-of-bounds Write •