Lucene search
K

2494 matches found

Cvelist
Cvelist
added 2023/05/15 12:0 a.m.15 views

CVE-2023-20914

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not...

5.3AI score0.0006EPSS
Exploits0References1
CVE
CVE
added 2023/05/15 12:0 a.m.182 views

CVE-2023-20914

CVE-2023-20914 affects Android 11 in the Framework via onSetRuntimePermissionGrantStateByDeviceAdmin (AdminRestrictedPermissionsUtils.java). It enables a permissions bypass that could allow the work profile to read SMS messages, causing local information disclosure with low privileges and no user...

5.5CVSS5AI score0.0006EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/10 1:41 p.m.4 views

okhttp: information disclosure via improperly used cryptographic function

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

7.5CVSS7.4AI score0.00877EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/05/08 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for flac (EulerOS-SA-2023-1731)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS6AI score0.00465EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.23 views

EulerOS Virtualization 3.0.2.0 : flac (EulerOS-SA-2023-1731)

According to the versions of the flac package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In appendtoverifyfifointerleaved of streamencoder.c, there is a possible out of bounds write due to a missing bounds check. This cou...

5.5CVSS6.1AI score0.00465EPSS
Exploits0References2
OSV
OSV
added 2023/04/19 8:15 p.m.2 views

CVE-2023-21098

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.4AI score0.00101EPSS
Exploits2References1
NVD
NVD
added 2023/04/19 8:15 p.m.21 views

CVE-2023-21099

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.7AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2023/04/19 8:15 p.m.17 views

CVE-2023-21081

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS7.8AI score0.00096EPSS
Exploits0References1
NVD
NVD
added 2023/04/19 8:15 p.m.24 views

CVE-2023-21085

In ncisndsetroutingcmd of ncihmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

8.8CVSS8.8AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2023/04/19 8:15 p.m.24 views

CVE-2023-21098

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.9AI score0.00101EPSS
Exploits2References1
NVD
NVD
added 2023/04/19 8:15 p.m.15 views

CVE-2023-21086

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User...

7.8CVSS7.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2023/04/19 8:15 p.m.11 views

CVE-2023-20950

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.7AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2023/04/19 8:15 p.m.21 views

CVE-2023-21092

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

7.8CVSS7.7AI score0.00091EPSS
Exploits0References1
Prion
Prion
added 2023/04/19 8:15 p.m.19 views

Design/Logic Flaw

In onNullBinding of CallScreeningServiceHelper.java, there is a possible way to record audio without showing a privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...

4.3CVSS7.6AI score0.00092EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/19 8:15 p.m.17 views

Code injection

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.3CVSS7.7AI score0.00095EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/19 8:15 p.m.19 views

Design/Logic Flaw

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.3CVSS7.6AI score0.00162EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/19 8:15 p.m.18 views

Design/Logic Flaw

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

4.3CVSS7.7AI score0.00096EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/19 8:15 p.m.19 views

Design/Logic Flaw

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

4.3CVSS7.9AI score0.00101EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/04/19 8:15 p.m.17 views

Input validation

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

4.3CVSS7.6AI score0.00091EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/04/19 8:15 p.m.18 views

Privilege escalation

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

1.7CVSS5.5AI score0.00178EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder