CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20931
https://notcve.org/view.php?id=CVE-2023-20931
24 Mar 2023 — In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242535997 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20467
https://notcve.org/view.php?id=CVE-2022-20467
24 Mar 2023 — In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20906
https://notcve.org/view.php?id=CVE-2023-20906
24 Mar 2023 — In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20910
https://notcve.org/view.php?id=CVE-2023-20910
24 Mar 2023 — In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/modules/Wifi/+/8827591ae680c4d0bd0e373d4ca20cb35f53faa6 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20917
https://notcve.org/view.php?id=CVE-2023-20917
24 Mar 2023 — In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242605257 • https://source.android.com/security/bulletin/2023-03-01 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2023-20911
https://notcve.org/view.php?id=CVE-2023-20911
24 Mar 2023 — In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498 • https://github.com/Trinadh465/frameworks_base_AOSP10_r33_CVE-2023-20911 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 3CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-20963
24 Mar 2023 — In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. • https://github.com/Ailenchick/CVE-2023-20963 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20936
https://notcve.org/view.php?id=CVE-2023-20936
24 Mar 2023 — In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-226927612 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20951
https://notcve.org/view.php?id=CVE-2023-20951
24 Mar 2023 — In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258652631 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20952
https://notcve.org/view.php?id=CVE-2023-20952
24 Mar 2023 — In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518 • https://source.android.com/security/bulletin/2023-03-01 • CWE-787: Out-of-bounds Write •