Total
3190 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-40083 | 1 Google | 1 Android | 2024-02-15 | N/A | 5.5 MEDIUM |
In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2022-2856 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-02-15 | N/A | 6.5 MEDIUM |
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page. | |||||
CVE-2021-38000 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2024-02-15 | 5.8 MEDIUM | 6.1 MEDIUM |
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. | |||||
CVE-2024-20016 | 2 Google, Mediatek | 35 Android, Mt6735, Mt6737 and 32 more | 2024-02-09 | N/A | 4.4 MEDIUM |
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901. | |||||
CVE-2024-20013 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-02-09 | N/A | 6.7 MEDIUM |
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | |||||
CVE-2024-20012 | 2 Google, Mediatek | 51 Android, Mt6580, Mt6731 and 48 more | 2024-02-09 | N/A | 6.7 MEDIUM |
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. | |||||
CVE-2024-20010 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-02-09 | N/A | 6.7 MEDIUM |
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560. | |||||
CVE-2024-20006 | 4 Google, Mediatek, Openwrt and 1 more | 8 Android, Mt2713, Mt6781 and 5 more | 2024-02-09 | N/A | 6.7 MEDIUM |
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. | |||||
CVE-2024-20001 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2024-02-09 | N/A | 6.7 MEDIUM |
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. | |||||
CVE-2024-20002 | 2 Google, Mediatek | 59 Android, Mt5583, Mt5586 and 56 more | 2024-02-09 | N/A | 6.7 MEDIUM |
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. | |||||
CVE-2021-0920 | 2 Debian, Google | 2 Debian Linux, Android | 2024-02-02 | 6.9 MEDIUM | 6.4 MEDIUM |
In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel | |||||
CVE-2023-40076 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40075 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40074 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40073 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40092 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40090 | 1 Google | 1 Android | 2024-02-02 | N/A | 6.5 MEDIUM |
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-40098 | 1 Google | 1 Android | 2024-02-02 | N/A | 5.5 MEDIUM |
In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2023-6857 | 5 Apple, Debian, Google and 2 more | 7 Macos, Debian Linux, Android and 4 more | 2024-02-02 | N/A | 5.3 MEDIUM |
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
CVE-2023-6870 | 2 Google, Mozilla | 3 Android, Firefox, Firefox Focus | 2024-02-02 | N/A | 4.3 MEDIUM |
Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. |