Lucene search
K

769 matches found

Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.5 views

PT-2023-12650 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue allows for the preservation of WiFi settings due to residual data after a reset, potentially leading to local information disclosure without requiring additional execution...

5.5CVSS5.1AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.5 views

PT-2023-17732 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a path traversal error in the clearApplicationUserData function of ActivityManagerService.java. This error could allow the removal of system files, potentiall...

7.8CVSS7.4AI score0.00184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.6 views

PT-2023-17733 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a possible escalation of privilege due to unsafe deserialization in the ChooseTypeAndAccountActivity.java file. This could lead to local escalation of privile...

7.8CVSS7.4AI score0.00189EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.1 views

SUSE CVE-2019-9423

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android...

7.8CVSS7.7AI score0.00293EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.4 views

SUSE CVE-2019-9475

In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID:...

5.5CVSS6.7AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-0093

In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

5CVSS8.3AI score0.00301EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.5 views

SUSE CVE-2020-0182

In exifentrygetvalue of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android I...

5.3CVSS6.7AI score0.01106EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-0305

In cdevget of chardev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-153467744...

6.4CVSS6.5AI score0.0017EPSS
Exploits0References26
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.2 views

SUSE CVE-2020-0470

In extendframehighbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS6.6AI score0.00691EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.5 views

Google Android Automotive OS 安全漏洞

Google Android Automotive OS is an operating system and platform from Google Inc. that runs directly on in-vehicle hardware. Android Automotive OS AAOS suffers from a security vulnerability that stems from a privilege bypass in AndroidManifest.xml, which could potentially grant signing privileges...

7.8CVSS7.5AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2023/02/09 7:15 p.m.5 views

CVE-2023-21441

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q10, 3.1.21.10 in Android R11 and 3.5.2.23 in Android S12 allows local attacker to access protected files via unused code...

5.5CVSS6.1AI score0.001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/09 12:0 a.m.4 views

PT-2023-18208 · Google · Android

Name of the Vulnerable Software and Affected Versions: Routine versions prior to 2.6.30.6 in Android Q10 Routine versions prior to 3.1.21.10 in Android R11 Routine versions prior to 3.5.2.23 in Android S12 Description: The issue allows a local attacker to access protected files via unused code du...

7.4CVSS5.4AI score0.001EPSS
Exploits0References3
OSV
OSV
added 2023/01/26 9:18 p.m.5 views

CVE-2023-20905

In MfcTransceive of phNxpExtnsMifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.2AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.3 views

CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

7.3CVSS7.2AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.4 views

CVE-2023-20920

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-...

7.8CVSS7.2AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:18 p.m.5 views

CVE-2023-20913

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is...

7.8CVSS7.2AI score0.00125EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:15 p.m.4 views

CVE-2022-20494

In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

5.5CVSS5.9AI score0.00429EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:15 p.m.3 views

CVE-2022-20461

In pinReplyNative of comandroidbluetoothbtserviceAdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS5.9AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:15 p.m.3 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS5.9AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:15 p.m.2 views

CVE-2022-20215

In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder