U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:google:android:3.2.6
There are 743 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2023-21344

In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:50 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21343

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:50 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21342

In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:50 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21341

In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21340

In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21339

In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-21338

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21337

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21336

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21335

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21334

In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21333

In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21332

In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21331

In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21330

In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21329

In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21328

In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21327

In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21326

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21325

In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 1:15:49 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)