Lucene search
K

2494 matches found

NVD
NVD
added 2023/05/15 10:15 p.m.20 views

CVE-2023-20914

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

5.5CVSS5AI score0.0006EPSS
Exploits0References1
NVD
NVD
added 2023/05/15 10:15 p.m.17 views

CVE-2023-21107

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

7.8CVSS7.7AI score0.00086EPSS
Exploits0References1
NVD
NVD
added 2023/05/15 10:15 p.m.27 views

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-1...

5.5CVSS5.4AI score0.00096EPSS
Exploits0References1
NVD
NVD
added 2023/05/15 10:15 p.m.13 views

CVE-2023-20930

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

5.5CVSS5.3AI score0.00085EPSS
Exploits0References1
Prion
Prion
added 2023/05/15 10:15 p.m.20 views

Out-of-bounds

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-...

1.7CVSS5AI score0.00087EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.21 views

Code injection

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

4.3CVSS7.7AI score0.00127EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.15 views

Session fixation

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.3CVSS7.7AI score0.00091EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.20 views

Heap overflow

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

1.7CVSS5.2AI score0.00201EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.15 views

Information disclosure

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

1.7CVSS5AI score0.0006EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.22 views

Design/Logic Flaw

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-1...

1.7CVSS5.3AI score0.00096EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.22 views

Code injection

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

4CVSS6.6AI score0.00091EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/05/15 10:15 p.m.17 views

Code injection

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

1.7CVSS5.3AI score0.00085EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/15 12:0 a.m.5 views

CVE-2023-20914

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

5.1AI score0.0006EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/15 12:0 a.m.23 views

CVE-2023-21118

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12...

5.5AI score0.00201EPSS
Exploits0References1
CVE
CVE
added 2023/05/15 12:0 a.m.169 views

CVE-2023-21111

CVE-2023-21111 affects Android 11–13 and is caused by improper input validation in several functions of PhoneAccountRegistrar.java, enabling a local Denial of Service without extra privileges or user interaction. The available sources confirm the affected component and the root cause, and describ...

6.2CVSS5.3AI score0.00088EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/15 12:0 a.m.29 views

CVE-2023-21116

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for...

6.8AI score0.00091EPSS
Exploits0References1
CVE
CVE
added 2023/05/15 12:0 a.m.158 views

CVE-2023-21110

The CVE 2023-21110 entry documents an elevation-of-privilege in Android related to SnoozeHelper.java, enabling a local attacker to gain notification access due to resource exhaustion. Affected products include Android 11, 12, and 12L/13, with a local-exploit path that does not require user intera...

7.8CVSS7.7AI score0.00091EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/15 12:0 a.m.22 views

CVE-2023-21110

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.9AI score0.00091EPSS
Exploits0References1
CVE
CVE
added 2023/05/15 12:0 a.m.183 views

CVE-2023-20914

CVE-2023-20914 affects Android 11 in the Framework via onSetRuntimePermissionGrantStateByDeviceAdmin (AdminRestrictedPermissionsUtils.java). It enables a permissions bypass that could allow the work profile to read SMS messages, causing local information disclosure with low privileges and no user...

5.5CVSS5AI score0.0006EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/15 12:0 a.m.21 views

CVE-2023-21111

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...

5.6AI score0.00088EPSS
Exploits0References1
Rows per page
Query Builder