CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21200
https://notcve.org/view.php?id=CVE-2023-21200
28 Jun 2023 — In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236688764 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21196
https://notcve.org/view.php?id=CVE-2023-21196
28 Jun 2023 — In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261857395 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21202
https://notcve.org/view.php?id=CVE-2023-21202
28 Jun 2023 — In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568359 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21199
https://notcve.org/view.php?id=CVE-2023-21199
28 Jun 2023 — In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445961 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21172
https://notcve.org/view.php?id=CVE-2023-21172
28 Jun 2023 — In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015 • https://source.android.com/security/bulletin/pixel/2023-06-01 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21192
https://notcve.org/view.php?id=CVE-2023-21192
28 Jun 2023 — In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 6%CPEs: 1EXPL: 0CVE-2023-21237 – Android Pixel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-21237
28 Jun 2023 — In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912 Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foregro... • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.3EPSS: 0%CPEs: 57EXPL: 0CVE-2023-21512
https://notcve.org/view.php?id=CVE-2023-21512
28 Jun 2023 — Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06 • CWE-269: Improper Privilege Management CWE-276: Incorrect Default Permissions •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21169
https://notcve.org/view.php?id=CVE-2023-21169
28 Jun 2023 — In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-274443441 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21173
https://notcve.org/view.php?id=CVE-2023-21173
28 Jun 2023 — In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 • https://source.android.com/security/bulletin/pixel/2023-06-01 • CWE-862: Missing Authorization •