Total
4638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21288 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21257 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21248 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21247 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21234 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21185 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-266700762 | |||||
| CVE-2023-21177 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410 | |||||
| CVE-2023-21173 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In multiple methods of DataUsageList.java, there is a possible way to learn about admin user's network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262741858 | |||||
| CVE-2023-21149 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270050709References: N/A | |||||
| CVE-2023-21140 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21134 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21133 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21132 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.8 MEDIUM |
| In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21123 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 | |||||
| CVE-2023-21122 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191 | |||||
| CVE-2023-20899 | 1 Vmware | 2 Sd-wan Edge, Sd-wan Edge Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. | |||||
| CVE-2023-20833 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764. | |||||
| CVE-2023-20826 | 2 Google, Mediatek | 27 Android, Mt6580, Mt6761 and 24 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550. | |||||
| CVE-2023-20825 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413. | |||||
| CVE-2023-20824 | 2 Google, Mediatek | 46 Android, Mt2713, Mt6580 and 43 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402. | |||||