Total
7900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20935 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256589724 | |||||
| CVE-2023-20934 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 | |||||
| CVE-2023-20933 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | |||||
| CVE-2023-20932 | 1 Google | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 | |||||
| CVE-2023-20931 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242535997 | |||||
| CVE-2023-20930 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066 | |||||
| CVE-2023-20929 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700 | |||||
| CVE-2023-20928 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel | |||||
| CVE-2023-20927 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503 | |||||
| CVE-2023-20926 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 | |||||
| CVE-2023-20925 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A | |||||
| CVE-2023-20924 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A | |||||
| CVE-2023-20923 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | |||||
| CVE-2023-20922 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548 | |||||
| CVE-2023-20921 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.3 HIGH |
| In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132 | |||||
| CVE-2023-20920 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366 | |||||
| CVE-2023-20919 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068 | |||||
| CVE-2023-20918 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
| In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-20917 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242605257 | |||||
| CVE-2023-20916 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049 | |||||