Lucene search
K

106 matches found

Cvelist
Cvelist
added 2023/09/04 2:28 a.m.20 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

6.9AI score0.00088EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/04 2:28 a.m.12 views

CVE-2023-32805

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892...

7.2AI score0.00088EPSS
Exploits0References1
NVD
NVD
added 2023/08/14 10:15 p.m.18 views

CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00088EPSS
Exploits0References1
Prion
Prion
added 2023/08/14 10:15 p.m.27 views

Design/Logic Flaw

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

4.3CVSS7.7AI score0.00088EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/14 9:9 p.m.9 views

CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.1AI score0.00088EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/28 6:15 p.m.2 views

CVE-2023-21219

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

7.5CVSS7.3AI score0.0032EPSS
Exploits0References2
Prion
Prion
added 2023/06/28 6:15 p.m.30 views

Information disclosure

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

5CVSS7.1AI score0.0032EPSS
Exploits0References1
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21219

CVE-2023-21219 affects the Android kernel (Pixel/Android devices) where an insecure default enables unencrypted transport over cellular networks, potentially allowing remote information disclosure without extra privileges. Exploitation is described as network-based with no user interaction, and t...

7.5CVSS7.1AI score0.0032EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/28 12:0 a.m.12 views

CVE-2023-21219

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroi...

6.6AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2023/06/01 12:0 a.m.8 views

PUB-A-264698379

there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS6.5AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.5 views

CVE-2022-20342

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

3.3CVSS5.9AI score0.00094EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/08/12 3:15 p.m.6 views

CVE-2022-20308

In hostapd, there is a possible insecure configuration due to an insecure default value. This could lead to remote denial of service of the wifi hotspot with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.5CVSS7.2AI score0.00495EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/11 3:31 p.m.23 views

CVE-2022-20342

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID...

5AI score0.00094EPSS
Exploits0References1
OSV
OSV
added 2022/08/11 3:15 p.m.4 views

CVE-2022-20245

In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

2.4CVSS5.9AI score0.00124EPSS
Exploits0References1
OSV
OSV
added 2022/06/15 2:15 p.m.5 views

CVE-2022-20207

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References1
Prion
Prion
added 2022/06/15 2:15 p.m.14 views

Design/Logic Flaw

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.6CVSS7.7AI score0.00112EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2022/03/30 4:15 p.m.19 views

CVE-2021-39767

In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS0.00107EPSS
Exploits0References1
Prion
Prion
added 2022/03/30 4:15 p.m.11 views

Design/Logic Flaw

In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.6CVSS7.8AI score0.00107EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/06/22 11:15 a.m.13 views

Design/Logic Flaw

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

4.6CVSS7.6AI score0.00117EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/06/01 12:0 a.m.5 views

PUB-A-170639543

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00117EPSS
Exploits0References2
Rows per page
Query Builder