Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

650 matches found

Vulnrichment
Vulnrichmentadded 2023/03/24 12:0 a.m.25 views

CVE-2023-20955

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/03/24 12:0 a.m.7 views

CVE-2023-20989

In btmblewriteadvenablecomplete of btmblegap.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Andro...

4.3AI score0.00096EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/03/24 12:0 a.m.10 views

CVE-2023-21008

In multiple locations of p2piface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

4.3AI score0.00096EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/03/24 12:0 a.m.6 views

CVE-2023-21017

In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/03/24 12:0 a.m.3 views

PT-2023-17802 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In multiple locations of p2p iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. Us...

4.4CVSS4.3AI score0.00096EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2023/03/24 12:0 a.m.4 views

PT-2023-17798 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In multiple locations of p2p iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. Us...

4.4CVSS4.3AI score0.00096EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2023/03/24 12:0 a.m.5 views

CVE-2023-20951

In gattprocessprepwritersp of gattcl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

9.4AI score0.00496EPSS
Exploits0References1
OSV
OSVadded 2023/03/21 6:37 a.m.5 views

SUSE-SU-2023:0835-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR bsc1209173: - CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android - CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android -...

8.8CVSS8.4AI score0.00798EPSS
Exploits0References15
Wired Threat Level
Wired Threat Leveladded 2023/03/18 1:0 p.m.22 views

Security News This Week: Ring Is in a Standoff With Hackers

Plus: A SpaceX supplier ransom, critical vulnerabilities in dozens of Android phones, and more...

3.9AI score
Exploits0
Malwarebytes
Malwarebytesadded 2023/03/13 1:0 a.m.15 views

A week in security (March 6 - 12)

Last week on Malwarebytes Labs: 8 cybersecurity tips to keep you safe when travelling National Cybersecurity Strategy Document: What you need to know Intel CPU vulnerabilities fixed. But should you update? Warning issued over Royal ransomware Play ransomware gang leaks City of Oakland data...

1.5AI score
Exploits0
NCSC
NCSCadded 2023/03/07 12:0 a.m.5 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

9.8CVSS7.1AI score0.01445EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2023/02/28 12:0 a.m.3 views

CVE-2022-20551

In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:...

6.7AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/02/09 12:0 a.m.3 views

PT-2023-18210 · Samsung · Samsung Flow

Name of the Vulnerable Software and Affected Versions: Samsung Flow for Android versions prior to 4.9.04 Description: The issue is related to an improper cryptographic implementation, allowing adjacent attackers to decrypt encrypted messages or inject commands. Recommendations: For versions prior...

8.8CVSS8.4AI score0.00192EPSS
Exploits0References2
NCSC
NCSCadded 2023/02/07 12:0 a.m.7 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc and Mediatek. The vulnerabilities potentially enable a malicious party to perform attacks that result in the following categories...

9.8CVSS6.9AI score0.03763EPSS
Exploits14
Vulnrichment
Vulnrichmentadded 2023/01/24 12:0 a.m.4 views

CVE-2023-20922

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

6.9AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2023/01/24 12:0 a.m.6 views

CVE-2023-20920

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-...

7.3AI score0.00136EPSS
Exploits0References1
NCSC
NCSCadded 2023/01/04 12:0 a.m.61 views

Vulnerabilities fixed in Google Android and Samsung Mobile

Google has fixed vulnerabilities in Android. Also fixed vulnerabilities in closed-source parts of Android that are developed by third parties, such as Qualcomm, Unisoc, Imagination Technologies and Mediatek. The vulnerabilities allow a malicious party potentially able to launch attacks that lead ...

9.8CVSS7.2AI score0.03763EPSS
Exploits4
Vulnrichment
Vulnrichmentadded 2022/12/16 12:0 a.m.6 views

CVE-2022-20538

In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not...

5AI score0.00119EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/12/13 12:0 a.m.6 views

CVE-2022-20501

In onCreate of EnableAccountPreferenceActivity.java, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.3AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/12/13 12:0 a.m.5 views

CVE-2022-20411

In avdtmsgasmbl of avdtmsg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

8.1AI score0.01868EPSS
Exploits0References1
Rows per page
Query Builder