Search Results (Refine Search)
- CPE Product Version: cpe:/o:google:android:-
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-35649 |
In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Published: October 11, 2023; 4:15:10 PM -0400 |
V3.1: 7.2 HIGH V2.0:(not available) |
CVE-2023-35648 |
In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. Published: October 11, 2023; 4:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-35647 |
In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. Published: October 11, 2023; 4:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-35646 |
In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Published: October 11, 2023; 4:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-35645 |
In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Published: October 11, 2023; 3:15:10 PM -0400 |
V3.1: 6.4 MEDIUM V2.0:(not available) |
CVE-2023-31014 |
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. Published: September 19, 2023; 10:15:20 PM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2023-4907 |
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) Published: September 12, 2023; 5:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-4903 |
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Published: September 12, 2023; 5:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-4900 |
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) Published: September 12, 2023; 5:15:08 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-4363 |
Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) Published: August 15, 2023; 2:15:13 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-4361 |
Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) Published: August 15, 2023; 2:15:12 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-4350 |
Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Published: August 15, 2023; 2:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-2312 |
Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Published: August 15, 2023; 2:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-21264 |
In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Published: August 14, 2023; 5:15:11 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2023-3736 |
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Published: August 01, 2023; 7:15:33 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-4926 |
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) Published: July 28, 2023; 8:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2022-4917 |
Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) Published: July 28, 2023; 8:15:11 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-35692 |
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Published: July 14, 2023; 12:15:14 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-35694 |
In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Published: July 12, 2023; 8:15:24 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-35693 |
In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Published: July 12, 2023; 8:15:24 PM -0400 |
V3.1: 6.7 MEDIUM V2.0:(not available) |