U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
There are 1,150 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Published: December 08, 2023; 1:15:45 AM -0500
V3.1: 6.3 MEDIUM
V2.0:(not available)
CVE-2023-45780

In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Published: October 30, 2023; 2:15:10 PM -0400
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2023-40101

In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21398

In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21396

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21395

In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-21394

In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21393

In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21392

In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-21391

In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-21390

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21389

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21388

In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21387

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 4.4 MEDIUM
V2.0:(not available)
CVE-2023-21385

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21384

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21383

In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21382

In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21381

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: October 30, 2023; 2:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)