Total
8334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21247 | 1 Google | 1 Android | 2023-07-25 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21250 | 1 Google | 1 Android | 2023-07-25 | N/A | 9.8 CRITICAL |
| In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21249 | 1 Google | 1 Android | 2023-07-25 | N/A | 5.5 MEDIUM |
| In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21248 | 1 Google | 1 Android | 2023-07-25 | N/A | 7.8 HIGH |
| In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21251 | 1 Google | 1 Android | 2023-07-25 | N/A | 7.3 HIGH |
| In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2022-22271 | 1 Google | 1 Android | 2023-07-24 | 2.1 LOW | 5.5 MEDIUM |
| A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. | |||||
| CVE-2022-36856 | 1 Google | 1 Android | 2023-07-21 | N/A | 3.3 LOW |
| Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | |||||
| CVE-2022-33720 | 1 Google | 1 Android | 2023-07-21 | N/A | 2.4 LOW |
| Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | |||||
| CVE-2022-33701 | 1 Google | 1 Android | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. | |||||
| CVE-2022-30717 | 1 Google | 1 Android | 2023-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | |||||
| CVE-2022-30751 | 1 Google | 1 Android | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | |||||
| CVE-2022-30750 | 1 Google | 1 Android | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | |||||
| CVE-2022-30752 | 1 Google | 1 Android | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | |||||
| CVE-2022-30757 | 1 Google | 1 Android | 2023-07-21 | 2.1 LOW | 3.3 LOW |
| Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | |||||
| CVE-2023-21257 | 1 Google | 1 Android | 2023-07-20 | N/A | 7.8 HIGH |
| In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21260 | 1 Google | 1 Android | 2023-07-20 | N/A | 5.5 MEDIUM |
| In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation. | |||||
| CVE-2023-35694 | 1 Google | 1 Android | 2023-07-20 | N/A | 7.5 HIGH |
| In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35691 | 1 Google | 1 Android | 2023-07-20 | N/A | 7.2 HIGH |
| there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35693 | 1 Google | 1 Android | 2023-07-20 | N/A | 6.7 MEDIUM |
| In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21262 | 1 Google | 1 Android | 2023-07-20 | N/A | 3.1 LOW |
| In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation. | |||||