Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20983 | 1 Google | 1 Android | 2023-06-28 | N/A | 4.4 MEDIUM |
| In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449 | |||||
| CVE-2023-20982 | 1 Google | 1 Android | 2023-06-28 | N/A | 4.4 MEDIUM |
| In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083 | |||||
| CVE-2023-20981 | 1 Google | 1 Android | 2023-06-28 | N/A | 4.4 MEDIUM |
| In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737 | |||||
| CVE-2023-20980 | 1 Google | 1 Android | 2023-06-28 | N/A | 5.5 MEDIUM |
| In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260230274 | |||||
| CVE-2023-20979 | 1 Google | 1 Android | 2023-06-28 | N/A | 5.5 MEDIUM |
| In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364 | |||||
| CVE-2023-20977 | 1 Google | 1 Android | 2023-06-28 | N/A | 4.4 MEDIUM |
| In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445952 | |||||
| CVE-2023-20976 | 1 Google | 1 Android | 2023-06-28 | N/A | 7.3 HIGH |
| In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246 | |||||
| CVE-2023-20975 | 1 Google | 1 Android | 2023-06-28 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 | |||||
| CVE-2023-20974 | 1 Google | 1 Android | 2023-06-28 | N/A | 5.5 MEDIUM |
| In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260078907 | |||||
| CVE-2023-20973 | 1 Google | 1 Android | 2023-06-28 | N/A | 5.5 MEDIUM |
| In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568245 | |||||
| CVE-2023-20972 | 1 Google | 1 Android | 2023-06-28 | N/A | 5.5 MEDIUM |
| In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304665 | |||||
| CVE-2023-20971 | 1 Google | 1 Android | 2023-06-28 | N/A | 7.8 HIGH |
| In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225880325 | |||||
| CVE-2023-20968 | 1 Google | 1 Android | 2023-06-28 | N/A | 4.4 MEDIUM |
| In multiple functions of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235935 | |||||
| CVE-2022-27835 | 1 Google | 1 Android | 2023-06-28 | 9.3 HIGH | 7.8 HIGH |
| Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | |||||
| CVE-2022-26090 | 1 Google | 1 Android | 2023-06-27 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. | |||||
| CVE-2022-25817 | 1 Google | 1 Android | 2023-06-27 | 2.1 LOW | 3.3 LOW |
| Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||||
| CVE-2022-38690 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-06-27 | N/A | 5.5 MEDIUM |
| In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel. | |||||
| CVE-2022-22272 | 1 Google | 1 Android | 2023-06-27 | 2.1 LOW | 3.3 LOW |
| Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | |||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2023-06-27 | 4.6 MEDIUM | 7.8 HIGH |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2023-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||||