Filtered by vendor Google
Subscriptions
Filtered by product Android
Subscriptions
Total
8700 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21241 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21240 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21239 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21238 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21235 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21234 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21233 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21232 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21231 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21230 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21229 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21228 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21227 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In HTBLogKM of htbserver.c, there is a possible information disclosure due to log information disclosure. This could lead to local information disclosure in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21218 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21217 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21215 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21202 | 1 Google | 1 Android | 2024-11-21 | 4.5 Medium |
| In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568359 | ||||
| CVE-2023-21196 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261857395 | ||||
| CVE-2023-21195 | 1 Google | 1 Android | 2024-11-21 | 4.5 Medium |
| In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233879420 | ||||
| CVE-2023-21166 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||