Lucene search

K

1423 matches found

CVE
CVE
added 2023/06/15 7:15 p.m.87 views

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 And...

5.5CVSS5AI score0.00012EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.87 views

CVE-2023-21244

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.87 views

CVE-2023-21262

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

3.1CVSS4AI score0.0004EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.87 views

CVE-2023-21292

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.87 views

CVE-2023-35679

In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5AI score0.00031EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.87 views

CVE-2023-40076

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.00008EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.87 views

CVE-2023-40087

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.7AI score0.00079EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.87 views

CVE-2023-40097

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.7AI score0.00029EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.87 views

CVE-2023-40098

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00052EPSS
CVE
CVE
added 2023/04/11 12:15 p.m.86 views

CVE-2022-47335

In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.86 views

CVE-2023-21120

In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-25...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.86 views

CVE-2023-21142

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

5.5CVSS5.1AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.86 views

CVE-2023-21275

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.86 views

CVE-2023-21280

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00019EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.86 views

CVE-2023-40079

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00006EPSS
CVE
CVE
added 2023/03/10 9:15 p.m.85 views

CVE-2022-47460

In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.

5.5CVSS5.5AI score0.00022EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.85 views

CVE-2023-20957

In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.85 views

CVE-2023-20993

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.85 views

CVE-2023-35666

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.84 views

CVE-2023-20965

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.1AI score0.01036EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.84 views

CVE-2023-21087

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

5.5CVSS5.3AI score0.00032EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.84 views

CVE-2023-40095

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.84 views

CVE-2023-40136

In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2023/04/06 6:15 p.m.83 views

CVE-2023-20655

In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.

7.8CVSS7.8AI score0.00036EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.83 views

CVE-2023-21090

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2599...

5CVSS5AI score0.00027EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.83 views

CVE-2023-21091

In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploita...

5.5CVSS5.3AI score0.00018EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.83 views

CVE-2023-21109

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2023/11/06 4:15 a.m.83 views

CVE-2023-32832

In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.

7CVSS7.1AI score0.00027EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.83 views

CVE-2023-35665

In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.83 views

CVE-2023-40075

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for expl...

5.5CVSS5.3AI score0.00066EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.83 views

CVE-2023-40130

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2023/01/03 9:15 p.m.82 views

CVE-2022-32636

In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07510064.

6.7CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2023/02/06 8:15 p.m.82 views

CVE-2023-20602

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107.

6.7CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.82 views

CVE-2023-20971

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

7.8CVSS7.7AI score0.00009EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.82 views

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

5.5CVSS5.1AI score0.00003EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.82 views

CVE-2023-21246

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.82 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5.4AI score0.00015EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.82 views

CVE-2023-40091

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.81 views

CVE-2021-0877

Product: AndroidVersions: Android SoCAndroid ID: A-273754094

9.8CVSS9.1AI score0.00054EPSS
CVE
CVE
added 2023/06/28 6:15 p.m.81 views

CVE-2022-20443

In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

7.8CVSS7.7AI score0.00005EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.81 views

CVE-2023-20849

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

6.5CVSS6.7AI score0.00021EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.81 views

CVE-2023-21144

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.5CVSS7.4AI score0.18862EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.81 views

CVE-2023-21253

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00058EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.81 views

CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00089EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.81 views

CVE-2023-40080

In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00039EPSS
CVE
CVE
added 2023/01/03 9:15 p.m.80 views

CVE-2022-32635

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573237.

7.8CVSS7.7AI score0.0003EPSS
CVE
CVE
added 2023/01/03 9:15 p.m.80 views

CVE-2022-32637

In hevc decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07491374; Issue ID: ALPS07491374.

6.7CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.80 views

CVE-2022-44435

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.80 views

CVE-2023-20694

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue I...

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2023/09/04 3:15 a.m.80 views

CVE-2023-20832

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.

6.7CVSS6.7AI score0.0002EPSS
Total number of security vulnerabilities1423