CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21213
https://notcve.org/view.php?id=CVE-2023-21213
28 Jun 2023 — In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235951 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21168
https://notcve.org/view.php?id=CVE-2023-21168
28 Jun 2023 — In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-253270285 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21183
https://notcve.org/view.php?id=CVE-2023-21183
28 Jun 2023 — In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235863754 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21190
https://notcve.org/view.php?id=CVE-2023-21190
28 Jun 2023 — In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251436534 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21181
https://notcve.org/view.php?id=CVE-2023-21181
28 Jun 2023 — In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-264880969 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21178
https://notcve.org/view.php?id=CVE-2023-21178
28 Jun 2023 — In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-140762419 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21184
https://notcve.org/view.php?id=CVE-2023-21184
28 Jun 2023 — In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-267809568 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21171
https://notcve.org/view.php?id=CVE-2023-21171
28 Jun 2023 — In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261085213 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21174
https://notcve.org/view.php?id=CVE-2023-21174
28 Jun 2023 — In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235822222 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21209
https://notcve.org/view.php?id=CVE-2023-21209
28 Jun 2023 — In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236273 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-502: Deserialization of Untrusted Data •