Total
3136 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42539 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.5 HIGH |
Information disclosure | |||||
CVE-2023-42695 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2023-12-10 | N/A | 7.8 HIGH |
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
CVE-2023-35687 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21298 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-44125 | 2 Google, Lg | 2 Android, V60 Thin Q 5g | 2023-12-10 | N/A | 7.8 HIGH |
The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | |||||
CVE-2023-35674 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21269 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21393 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-38456 | 2 Google, Unisoc | 9 Android, Sc7731e, Sc9832e and 6 more | 2023-12-10 | N/A | 7.8 HIGH |
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges | |||||
CVE-2023-21241 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21375 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-33914 | 2 Google, Unisoc | 5 Android, S8000, T760 and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed | |||||
CVE-2021-39810 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-32837 | 2 Google, Mediatek | 7 Android, Mt6883, Mt6885 and 4 more | 2023-12-10 | N/A | 7.8 HIGH |
In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357. | |||||
CVE-2023-21390 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21339 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.5 HIGH |
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-21265 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.5 HIGH |
In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40635 | 2 Google, Unisoc | 11 Android, S8000, Sc9863a and 8 more | 2023-12-10 | N/A | 7.8 HIGH |
In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | |||||
CVE-2023-21229 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.8 HIGH |
In registerServiceLocked of ManagedServices.java, there is a possible bypass of background activity launch restrictions due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-45780 | 1 Google | 1 Android | 2023-12-10 | N/A | 7.3 HIGH |
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |