Total
8334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2348 | 1 Google | 1 Android | 2023-11-07 | 6.9 MEDIUM | N/A |
| Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | |||||
| CVE-2009-2999 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656. | |||||
| CVE-2009-1754 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
| CVE-2023-40101 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21393 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21398 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21392 | 1 Google | 1 Android | 2023-11-07 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21388 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21391 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.5 HIGH |
| In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21389 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21336 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21344 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21333 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21387 | 1 Google | 1 Android | 2023-11-07 | N/A | 4.4 MEDIUM |
| In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21335 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21334 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21331 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21329 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21328 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21332 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||