CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20932
https://notcve.org/view.php?id=CVE-2023-20932
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 • https://source.android.com/security/bulletin/2023-02-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20481
https://notcve.org/view.php?id=CVE-2022-20481
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 • https://source.android.com/security/bulletin/2023-02-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20455
https://notcve.org/view.php?id=CVE-2022-20455
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 • https://source.android.com/security/bulletin/2023-02-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20944
https://notcve.org/view.php?id=CVE-2023-20944
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 • https://source.android.com/security/bulletin/2023-02-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20933
https://notcve.org/view.php?id=CVE-2023-20933
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 • https://source.android.com/security/bulletin/2023-02-01 • CWE-416: Use After Free •