CVE-2023-20960

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product...

CVE-2022-20549

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

CVE-2022-20199

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Androi...

CVE-2023-21173

In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

PT-2022-14765 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a tapjacking/overlay attack in the onCreate method of LogAccessDialogActivity.java. This could allow bypassing a permission check, leading to local escalation of privilege with...

PT-2022-14721 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In the onAttach method of ConfigureWifiSettings.java, there is a possible way for a guest user to change WiFi settings due to a permissions bypass. This could lead to local escalation of privilege with...

CVE-2022-20283

In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233069336...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android version 13, which stems from an insecure default value in WindowManager that can be exploited by an attacker to obtain sensitive information...

PT-2022-14530 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a side channel information disclosure that could allow determination of a user's account, potentially leading to local information disclosure. This requires User execution privileges...