Total
2641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21005 | 1 Google | 1 Android | 2023-03-29 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946 | |||||
| CVE-2023-21004 | 1 Google | 1 Android | 2023-03-29 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664 | |||||
| CVE-2023-21003 | 1 Google | 1 Android | 2023-03-29 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711 | |||||
| CVE-2023-21002 | 1 Google | 1 Android | 2023-03-29 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935 | |||||
| CVE-2023-21001 | 1 Google | 1 Android | 2023-03-29 | N/A | 7.8 HIGH |
| In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 | |||||
| CVE-2023-20926 | 1 Google | 1 Android | 2023-03-29 | N/A | 6.8 MEDIUM |
| In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 | |||||
| CVE-2023-20959 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848 | |||||
| CVE-2023-20955 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | |||||
| CVE-2022-47462 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 6.7 MEDIUM |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47461 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 6.7 MEDIUM |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47480 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47481 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2023-27462 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 4.3 MEDIUM |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The client query handler of the affected application fails to check for proper permissions for specific read queries. This could allow authenticated remote attackers to access data they are not authorized for. | |||||
| CVE-2023-27310 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to otherwise non-privileged user accounts. | |||||
| CVE-2023-27309 | 1 Siemens | 1 Ruggedcom Crossbow | 2023-03-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). The client query handler of the affected application fails to check for proper permissions for specific write queries. This could allow an authenticated remote attacker to perform unauthorized actions. | |||||
| CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2023-03-17 | N/A | 8.8 HIGH |
| HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | |||||
| CVE-2022-47483 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47482 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47484 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-16 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | |||||
| CVE-2022-47479 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-15 | N/A | 5.5 MEDIUM |
| In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | |||||