CVSS: 6.7EPSS: 0%CPEs: 57EXPL: 0CVE-2023-20754
https://notcve.org/view.php?id=CVE-2023-20754
04 Jul 2023 — In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21189
https://notcve.org/view.php?id=CVE-2023-21189
28 Jun 2023 — In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-667: Improper Locking •
CVSS: 7.2EPSS: 0%CPEs: 57EXPL: 0CVE-2023-21513
https://notcve.org/view.php?id=CVE-2023-21513
28 Jun 2023 — Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21185
https://notcve.org/view.php?id=CVE-2023-21185
28 Jun 2023 — In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-266700762 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21205
https://notcve.org/view.php?id=CVE-2023-21205
28 Jun 2023 — In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245376 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21207
https://notcve.org/view.php?id=CVE-2023-21207
28 Jun 2023 — In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236670 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21208
https://notcve.org/view.php?id=CVE-2023-21208
28 Jun 2023 — In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262245254 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21170
https://notcve.org/view.php?id=CVE-2023-21170
28 Jun 2023 — In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252764410 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21198
https://notcve.org/view.php?id=CVE-2023-21198
28 Jun 2023 — In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245517503 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21191
https://notcve.org/view.php?id=CVE-2023-21191
28 Jun 2023 — In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-269738057 • https://source.android.com/security/bulletin/pixel/2023-06-01 •