PT-2023-17957 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the inviteInternal function of p2p iface.cpp due to a missing bounds check. This could lead to local information disclosure, requiring System...

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

CVE-2023-21130

In btmbleperiodicadvsynclost of btmblegap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

CVE-2023-29544

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

PT-2023-22396 · Unknown · The Thaiger

Name of the Vulnerable Software and Affected Versions: The Thaiger version 1.2 Description: An issue in The Thaiger for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. Recommendations: For The Thaiger version 1.2, consider restricting...

PT-2023-22377 · Unknown · Bt21 X Bts Wallpaper

Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 for Android Description: The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the...

CVE-2021-0877

CVE-2021-0877 is linked in connected documents to Imagination Technologies as an issue affecting PowerVR-GPU on Android SoC. The CVE entry carries a high severity (CVSSv3.1 base score 9.8, CRITICAL) with network attack vector, no user interaction, and impact to confidentiality, integrity, and ava...

CVE-2023-21088

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

SUSE CVE-2023-1817

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-20976

In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed...

CVE-2023-20998

In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

PT-2023-17805 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the getAvailabilityStatus of several Transcode Permission Controllers. This could lead to a local escalation of privilege with no additional...

CVE-2023-21020

In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

CVE-2023-20954

In SDPAddAttribute of sdpdb.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

CVE-2023-20911

In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2023-17819 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the UidObserverController.java register. This could lead to local information disclosure of app usage, requiring User execution privileges. No user...

Google Chrome 安全漏洞

Google Chrome is a web browser from the American company Google Google. A security vulnerability exists in Google Chrome on Android versions prior to 111.0.5563.64. An attacker exploits the vulnerability to perform domain spoofing via specially crafted HTML pages...

vocabletrainer 路径遍历漏洞

vocabletrainer is a Vocable trainer for Android 4+ phones with text field input and multiple choice tests by hgzojer individual developer. A path traversal vulnerability exists in versions of vocabletrainer prior to 1.3.1, which stems from a problem with the file...

CVE-2022-32906

This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections...

SUSE CVE-2016-5204

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...