Filtered by vendor Google
Subscribe
Total
11915 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20960 | 1 Google | 1 Android | 2023-03-28 | N/A | 8.8 HIGH |
| In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-250589026 | |||||
| CVE-2023-20962 | 1 Google | 1 Android | 2023-03-28 | N/A | 5.5 MEDIUM |
| In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210 | |||||
| CVE-2023-20959 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848 | |||||
| CVE-2023-20964 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 | |||||
| CVE-2023-20966 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242299736 | |||||
| CVE-2022-42528 | 1 Google | 1 Android | 2023-03-28 | N/A | 5.5 MEDIUM |
| In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242203672References: N/A | |||||
| CVE-2023-20952 | 1 Google | 1 Android | 2023-03-28 | N/A | 5.5 MEDIUM |
| In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518 | |||||
| CVE-2022-20467 | 1 Google | 1 Android | 2023-03-28 | N/A | 5.5 MEDIUM |
| In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741 | |||||
| CVE-2023-20958 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.1 HIGH |
| In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254803162 | |||||
| CVE-2023-20963 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | |||||
| CVE-2022-20532 | 1 Google | 1 Android | 2023-03-28 | N/A | 9.8 CRITICAL |
| In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894 | |||||
| CVE-2022-20499 | 1 Google | 1 Android | 2023-03-28 | N/A | 5.5 MEDIUM |
| In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931 | |||||
| CVE-2023-20955 | 1 Google | 1 Android | 2023-03-28 | N/A | 7.8 HIGH |
| In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | |||||
| CVE-2023-21462 | 2 Google, Samsung | 2 Android, Quick Share | 2023-03-23 | N/A | 3.3 LOW |
| The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission. | |||||
| CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2023-03-23 | N/A | 3.3 LOW |
| Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | |||||
| CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2023-03-23 | N/A | 3.3 LOW |
| Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | |||||
| CVE-2022-47462 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 6.7 MEDIUM |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47461 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 6.7 MEDIUM |
| In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | |||||
| CVE-2022-47460 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 5.5 MEDIUM |
| In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | |||||
| CVE-2022-47456 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-03-23 | N/A | 5.5 MEDIUM |
| In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | |||||