Search
Total
5785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20531 | 1 Google | 1 Android | 2024-01-12 | N/A | 5.5 MEDIUM |
| In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-4164 | 1 Google | 2 Android, Pixel | 2024-01-09 | N/A | 5.5 MEDIUM |
| There is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed. | |||||
| CVE-2023-6857 | 5 Apple, Debian, Google and 2 more | 7 Macos, Debian Linux, Android and 4 more | 2024-01-07 | N/A | 5.3 MEDIUM |
| When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. | |||||
| CVE-2023-6868 | 2 Google, Mozilla | 2 Android, Firefox | 2024-01-07 | N/A | 4.3 MEDIUM |
| In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. | |||||
| CVE-2023-6870 | 2 Google, Mozilla | 3 Android, Firefox, Firefox Focus | 2024-01-07 | N/A | 4.3 MEDIUM |
| Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. | |||||
| CVE-2023-45866 | 6 Apple, Bluproducts, Canonical and 3 more | 16 Ipad Os, Iphone Os, Iphone Se and 13 more | 2024-01-05 | N/A | 6.3 MEDIUM |
| Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | |||||
| CVE-2023-32891 | 2 Google, Mediatek | 46 Android, Lr13, Mt2735 and 43 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559. | |||||
| CVE-2023-32883 | 2 Google, Mediatek | 57 Android, Mt2713, Mt6580 and 54 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249. | |||||
| CVE-2023-32885 | 2 Google, Mediatek | 32 Android, Mt6761, Mt6765 and 29 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685. | |||||
| CVE-2023-32884 | 2 Google, Mediatek | 60 Android, Mt2713, Mt6580 and 57 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011. | |||||
| CVE-2023-32889 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-01-05 | N/A | 7.5 HIGH |
| In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895). | |||||
| CVE-2023-32878 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 4.4 MEDIUM |
| In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. | |||||
| CVE-2023-32882 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. | |||||
| CVE-2023-32881 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 4.4 MEDIUM |
| In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080. | |||||
| CVE-2023-32877 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. | |||||
| CVE-2023-32880 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 4.4 MEDIUM |
| In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076. | |||||
| CVE-2023-32879 | 2 Google, Mediatek | 22 Android, Mt6762, Mt6765 and 19 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064. | |||||
| CVE-2023-32876 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-01-05 | N/A | 4.4 MEDIUM |
| In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. | |||||
| CVE-2023-32875 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-01-05 | N/A | 4.4 MEDIUM |
| In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. | |||||
| CVE-2023-32872 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2024-01-05 | N/A | 6.7 MEDIUM |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. | |||||
| CVE-2021-38641 | 2 Google, Microsoft | 2 Android, Edge | 2023-12-28 | 4.0 MEDIUM | 6.1 MEDIUM |
| Microsoft Edge for Android Spoofing Vulnerability | |||||
| CVE-2021-26439 | 2 Google, Microsoft | 2 Android, Edge | 2023-12-28 | 4.3 MEDIUM | 4.6 MEDIUM |
| Microsoft Edge for Android Information Disclosure Vulnerability | |||||
| CVE-2014-9940 | 2 Google, Linux | 2 Android, Linux Kernel | 2023-12-28 | 7.6 HIGH | 7.0 HIGH |
| The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | |||||
| CVE-2022-26475 | 3 Google, Linuxfoundation, Mediatek | 42 Android, Yocto, Mt6761 and 39 more | 2023-12-22 | N/A | 6.7 MEDIUM |
| In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310743; Issue ID: ALPS07310743. | |||||
| CVE-2023-40094 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40089 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21163 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMR_ReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40074 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35668 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21162 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXUnbackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35690 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21402 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In MMU_UnmapPages of mmu_common.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-45776 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40098 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40077 | 1 Google | 1 Android | 2023-12-22 | N/A | 8.1 HIGH |
| In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-45781 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40088 | 1 Google | 1 Android | 2023-12-22 | N/A | 8.8 HIGH |
| In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21263 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-45773 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40097 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2023-40096 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-45774 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40095 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21217 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In PMRWritePMPageList of TBD, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-45775 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40090 | 1 Google | 1 Android | 2023-12-22 | N/A | 6.5 MEDIUM |
| In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-45777 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21166 | 1 Google | 1 Android | 2023-12-22 | N/A | 9.8 CRITICAL |
| In RGXBackingZSBuffer of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40103 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40092 | 1 Google | 1 Android | 2023-12-22 | N/A | 5.5 MEDIUM |
| In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||