CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2023-20621
https://notcve.org/view.php?id=CVE-2023-20621
07 Mar 2023 — In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755. • https://corp.mediatek.com/product-security-bulletin/March-2023 • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-20932
https://notcve.org/view.php?id=CVE-2023-20932
28 Feb 2023 — In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 • https://source.android.com/security/bulletin/2023-02-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-20933
https://notcve.org/view.php?id=CVE-2023-20933
28 Feb 2023 — In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 • https://github.com/Trinadh465/frameworks_av_CVE-2023-20933 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20481
https://notcve.org/view.php?id=CVE-2022-20481
28 Feb 2023 — In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 • https://source.android.com/security/bulletin/2023-02-01 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-20944
https://notcve.org/view.php?id=CVE-2023-20944
28 Feb 2023 — In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 • https://github.com/Trinadh465/frameworks_base_CVE-2023-20944 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-20943
https://notcve.org/view.php?id=CVE-2023-20943
28 Feb 2023 — In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 • https://github.com/Trinadh465/frameworks_base_CVE-2023-20943 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-20946
https://notcve.org/view.php?id=CVE-2023-20946
28 Feb 2023 — In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 • https://source.android.com/security/bulletin/2023-02-01 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-20455
https://notcve.org/view.php?id=CVE-2022-20455
28 Feb 2023 — In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 • https://source.android.com/security/bulletin/2023-02-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.1EPSS: 0%CPEs: 78EXPL: 0CVE-2023-21424
https://notcve.org/view.php?id=CVE-2023-21424
09 Feb 2023 — Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 4.0EPSS: 0%CPEs: 128EXPL: 0CVE-2023-21429
https://notcve.org/view.php?id=CVE-2023-21429
09 Feb 2023 — Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01 • CWE-285: Improper Authorization •