Total
29817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21486 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | |||||
| CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | |||||
| CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | |||||
| CVE-2023-21461 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | |||||
| CVE-2023-21457 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.1 MEDIUM |
| Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. | |||||
| CVE-2023-21455 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. | |||||
| CVE-2023-21454 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 2.4 LOW |
| Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | |||||
| CVE-2023-21452 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
| Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | |||||
| CVE-2023-21449 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
| Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | |||||
| CVE-2023-21407 | 1 Axis | 1 License Plate Verifier | 2024-11-21 | N/A | 8.8 HIGH |
| A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. | |||||
| CVE-2023-21394 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21312 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21292 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21289 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21285 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21283 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-21279 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21239 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21238 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
| In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||