1662 matches found
CVE-2023-21013
CVE-2023-21013 is an out-of-bounds read in hostapd.cpp (forceStaDisconnection) on Android 13. The vulnerability could allow local information disclosure with system-level privileges and requires no user interaction. Connected sources consistently describe the issue without public exploit details....
CVE-2023-21024
In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2023-21016
CVE-2023-21016 affects Android 13 via AccountTypePreference.java, where improper input validation can mislead users about installed accounts, enabling local denial of service with no extra privileges and no user interaction required. The issue is described across multiple feeds (NVD, Red Hat, PRi...
CVE-2023-21030
In Confirmation of keystorecliv2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2023-20979
In GetNextSourceDataPacket of btaavco.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...
CVE-2023-20947
In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20931
In avdtscbhdlwritereq of avdtscbact.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...
Shein's Android App Caught Transmitting Clipboard Data to Remote Servers
An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The iss...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from Google, Inc. A resource management error vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...
Google Android elevation of privilege vulnerability (CNVD-2024-21191)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by a privilege bypass in several functions of MediaCodec.cpp. An attacker can exploit this vulnerability to gain elevated privileges...
CVE-2023-20934
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-20551
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2023-20943
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...
CVE-2022-34909
CVE-2022-34909 concerns A4N (Aremis 4 Nomad) Android app 1.5.0. The issue is a SQL Injection vulnerability in the application’s authentication flow that allows an attacker to bypass authentication and retrieve data stored in the database. The available connected data confirms the affected product...
JSA10553 - 2013-03: Security Bulletin: Pulse Secure Mobile: Android client privilege escalation
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A security issue has been found in the Pulse Secure Mobile for Android. This issue could only be carried out on an Android phone that was "rooted". An issue in the Pulse Secure Mobile f...
CVE-2023-20921
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the American company Google. Google Android OS has a security vulnerability. An attacker exploits the vulnerability to cause local privilege escalation in BLE...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from the American company Google. Google Android OS has a security vulnerability. An attacker exploits the vulnerability to cause local elevation of privilege...
Android Security Bulletin—January 2023Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-01-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
CVE-2022-42529
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A...