U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:google:android:2.3
There are 759 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2023-21379

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-21378

In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21377

In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21376

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21375

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21372

In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21371

In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:52 PM -0400
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2023-21370

In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:52 PM -0400
V3.1: 6.7 MEDIUM
V2.0:(not available)
CVE-2023-21369

In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

Published: October 30, 2023; 1:15:52 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21368

In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:52 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21367

In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:52 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21365

In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21364

In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21362

In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21349

In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-21348

In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-21347

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:51 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-21346

In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:50 PM -0400
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-21345

In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:50 PM -0400
V3.1: 3.3 LOW
V2.0:(not available)