Lucene search

K

85 matches found

CVE
CVE
added 2023/08/14 10:15 p.m.570 views

CVE-2023-21273

In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.8AI score0.00032EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.360 views

CVE-2023-21282

In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS8.9AI score0.00804EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.352 views

CVE-2023-21265

In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS7.2AI score0.00152EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.341 views

CVE-2023-21264

In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.9AI score0.00013EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.137 views

CVE-2023-21285

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00033EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.136 views

CVE-2023-21287

In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.4AI score0.00562EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.113 views

CVE-2023-21267

In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00005EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.109 views

CVE-2023-21134

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. U...

6.8CVSS6.7AI score0.00004EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.109 views

CVE-2023-21269

In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.105 views

CVE-2023-21272

In readFrom of Uri.java, there is a possible bad URI permission grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.104 views

CVE-2023-21276

In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00016EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.104 views

CVE-2023-21284

In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.104 views

CVE-2023-21289

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.2AI score0.00004EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.103 views

CVE-2023-21140

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. U...

6.8CVSS6.7AI score0.00004EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.102 views

CVE-2023-21268

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00018EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.102 views

CVE-2023-21277

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.100 views

CVE-2023-21286

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.99 views

CVE-2023-21281

In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitatio...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.97 views

CVE-2023-21133

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. U...

6.8CVSS6.7AI score0.00004EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.95 views

CVE-2023-21132

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. U...

6.8CVSS6.7AI score0.00004EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.95 views

CVE-2023-21242

In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.2AI score0.00901EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.95 views

CVE-2023-21278

In multiple locations, there is a possible way to obscure the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.3AI score0.00025EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.95 views

CVE-2023-21290

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.92 views

CVE-2023-21288

In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00065EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.88 views

CVE-2023-21271

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00022EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.88 views

CVE-2023-21283

In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5.2AI score0.00021EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.85 views

CVE-2023-21292

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.84 views

CVE-2023-21275

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.84 views

CVE-2023-21280

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00019EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.82 views

CVE-2023-20965

In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.1AI score0.01036EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.77 views

CVE-2023-21274

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00024EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.74 views

CVE-2023-21279

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00018EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.71 views

CVE-2023-20798

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.

4.4CVSS4.4AI score0.00017EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.70 views

CVE-2023-20780

In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.

4.4CVSS4.3AI score0.00019EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.63 views

CVE-2023-20811

In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

6.7CVSS6.7AI score0.00011EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.49 views

CVE-2023-20810

In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.

4.4CVSS4.3AI score0.00008EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.46 views

CVE-2023-20796

In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.

4.4CVSS4.8AI score0.0001EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.45 views

CVE-2023-20802

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.

6.5CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.44 views

CVE-2023-20805

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.

6.7CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.43 views

CVE-2023-20801

In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.

6.4CVSS6.6AI score0.00017EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.43 views

CVE-2023-35689

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.42 views

CVE-2023-20790

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.

4.4CVSS4.4AI score0.00014EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.42 views

CVE-2023-20809

In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198.

6.7CVSS6.7AI score0.00011EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.42 views

CVE-2023-21229

In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00003EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.41 views

CVE-2023-20804

In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.

6.7CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.40 views

CVE-2023-20785

In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628524; Issue ID: ALPS07628524.

6.4CVSS6.6AI score0.00016EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.39 views

CVE-2023-20797

In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.

6.7CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2023/08/07 4:15 a.m.39 views

CVE-2023-20800

In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.

6.5CVSS6.6AI score0.00025EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.39 views

CVE-2023-21234

In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ...

5.5CVSS5.7AI score0.00013EPSS
CVE
CVE
added 2023/08/07 2:15 a.m.39 views

CVE-2023-33909

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

5.5CVSS5.2AI score0.00011EPSS
Total number of security vulnerabilities85