U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:google:android:2.3
There are 759 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2023-21303

In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:48 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21302

In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:48 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21301

In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:48 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21300

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21299

In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21298

In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21297

In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-21296

In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21295

In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21294

In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21293

In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-39810

In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:47 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2021-26277

The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.

Published: February 17, 2023; 5:15:11 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-39914

Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.

Published: December 08, 2022; 11:15:13 AM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-39913

Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.

Published: December 08, 2022; 11:15:13 AM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-39912

Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.

Published: December 08, 2022; 11:15:12 AM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-23729

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.

Published: March 04, 2022; 11:15:10 AM -0500
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2022-23728

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.

Published: January 21, 2022; 2:15:10 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 6.6 MEDIUM
CVE-2021-25439

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

Published: July 08, 2021; 10:15:08 AM -0400
V3.1: 3.3 LOW
V2.0: 2.1 LOW