1085 matches found
CVE-2023-21097
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2023-21087
CVE-2023-21087 affects Android 11–13, with the root cause described as an uncaught exception in PreferencesHelper.java that can cause a boot loop. The consequence is a local persistent DoS without requiring user interaction. Connected sources repeatedly reference the same underlying issue and not...
CVE-2023-20950
CVE-2023-20950 affects Android (Android-11, Android-12, Android-12L) in AlarmManagerActivity.java, enabling a bypass of background activity launch restrictions via a pendingIntent. This could cause local elevation of privilege with no additional privileges or user interaction required. The Androi...
CVE-2023-21083
CVE-2023-21083 affects Android, specifically the onNullBinding path in CallScreeningServiceHelper.java. The root cause is a permissions bypass that can enable recording audio without a privacy indicator, allowing local elevation of privilege with user privileges and no user interaction required. ...
CVE-2023-21083
In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...
CVE-2023-21089
CVE-2023-21089 affects Android 11–13 and arises from a flaw in ActivityManagerService.startInstrumentation that could keep a foreground service alive when the app is in the background. This enables local escalation of privilege without additional execution privileges, with no user interaction req...
CVE-2023-21081
In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
CVE-2023-20909
CVE-2023-20909 describes a privilege-escalation flaw in Android’s RunningTasks.java: a missing privilege check could allow local information disclosure without requiring additional execution privileges. Affected: Android 11–13. Exploitation details, affected patches, and remediation are not speci...
CVE-2023-20909
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
CVE-2023-21080
In registernotificationrsp of btifrc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
CVE-2023-21086
In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User...
CVE-2023-21094
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-20993
In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2023-20963
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519...
CVE-2023-20955
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...
CVE-2023-20951
In gattprocessprepwritersp of gattcl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...
CVE-2023-20926
In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges...
CVE-2023-20947
In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20906
In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution...
CVE-2023-20952
In A2DPBuildCodecHeaderSbc of a2dpsbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...