Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-20948 |
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 Published: February 28, 2023; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-20946 |
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101 Published: February 28, 2023; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-20945 |
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 Published: February 28, 2023; 12:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20944 |
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20943 |
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20940 |
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20939 |
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20938 |
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20937 |
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20934 |
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20933 |
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-20932 |
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2022-20551 |
In createTrack of AudioFlinger.cpp, there is a possible way to record audio without a privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243376549 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.7 MEDIUM V2.0:(not available) |
CVE-2022-20481 |
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241927115 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-20455 |
In addAutomaticZenRule of ZenModeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242537431 Published: February 28, 2023; 12:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2022-32906 |
This issue was addressed with using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.9.10 for Android. A user in a privileged network position may intercept SSL/TLS connections. Published: February 27, 2023; 3:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2022-32846 |
A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. Published: February 27, 2023; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-32836 |
This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data. Published: February 27, 2023; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-46841 |
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity. Published: February 27, 2023; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0:(not available) |
CVE-2022-34910 |
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. Published: February 27, 2023; 8:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |