Skip to main content

Android

7243 CVEs product

Monthly

CVE-2023-20642 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20641 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20640 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20639 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20638 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20637 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20636 MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20635 MEDIUM This Month

In keyinstall, there is a possible information disclosure due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20634 MEDIUM This Month

In widevine, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20633 MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20632 MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20630 MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20628 MEDIUM This Month

In thermal, there is a possible memory corruption due to an uncaught exception. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20627 MEDIUM This Month

In pqframework, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20626 MEDIUM This Month

In msdc, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20625 MEDIUM This Month

In adsp, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20624 MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20623 MEDIUM This Month

In ion, there is a possible escalation of privilege due to improper locking. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android Yocto
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20621 MEDIUM This Month

In tinysys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20620 MEDIUM This Month

In adsp, there is a possible escalation of privilege due to a logic error. Rated medium severity (CVSS 4.1). No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
4.1
EPSS
0.1%
CVE-2023-20948 HIGH PATCH This Week

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20946 CRITICAL PATCH Act Now

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-20945 HIGH PATCH This Week

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20944 HIGH PATCH This Week

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Google Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20943 HIGH PATCH This Week

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20940 HIGH PATCH This Week

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Jwt Attack Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20939 HIGH PATCH This Week

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20938 HIGH PATCH This Week

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-20937 HIGH POC PATCH This Week

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Google Use After Free Privilege Escalation Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20934 HIGH PATCH This Week

In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20933 HIGH PATCH This Week

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20932 LOW PATCH Monitor

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-20949 MEDIUM This Month

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20927 HIGH This Week

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21451 HIGH This Week

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21446 MEDIUM This Month

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21445 HIGH This Week

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21442 MEDIUM This Month

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21441 MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21440 MEDIUM This Month

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21439 HIGH This Week

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21438 LOW Monitor

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2023-21437 MEDIUM This Month

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21436 LOW Monitor

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-21435 MEDIUM This Month

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21430 HIGH This Week

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21429 LOW Monitor

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-21428 LOW Monitor

Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-21427 MEDIUM This Month

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-21426 MEDIUM This Month

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21425 MEDIUM This Month

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21424 LOW Monitor

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-21423 MEDIUM This Month

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21422 MEDIUM This Month

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21421 HIGH This Week

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21420 HIGH This Week

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21419 HIGH This Week

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-20619 MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20618 MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20616 MEDIUM This Month

In ion, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20615 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20614 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20613 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20612 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20611 MEDIUM This Month

In gpu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20610 MEDIUM This Month

In display drm, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20609 MEDIUM This Month

In ccu, there is a possible out of bounds read due to a logic error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20608 MEDIUM This Month

In display drm, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20607 MEDIUM This Month

In ccu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20606 MEDIUM This Month

In apusys, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20605 MEDIUM This Month

In keyinstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20604 MEDIUM This Month

In ged, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20602 MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20928 HIGH This Week

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20925 HIGH This Week

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20924 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-20923 MEDIUM This Month

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20922 MEDIUM This Month

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20921 HIGH This Week

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-20920 HIGH This Week

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20919 HIGH This Week

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20916 HIGH This Week

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20915 HIGH This Week

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20913 HIGH This Week

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20912 HIGH This Week

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20908 MEDIUM This Month

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20905 HIGH This Week

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20904 HIGH This Week

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42544 HIGH PATCH This Week

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-42543 MEDIUM This Month

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In keyinstall, there is a possible information disclosure due to an integer overflow. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In widevine, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In thermal, there is a possible memory corruption due to an uncaught exception. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In pqframework, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In msdc, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In adsp, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In ion, there is a possible escalation of privilege due to improper locking. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android Yocto
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In tinysys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

In adsp, there is a possible escalation of privilege due to a logic error. Rated medium severity (CVSS 4.1). No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google +1
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Google Deserialization +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Jwt Attack +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Google Use After Free +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Google Use After Free +3
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ion, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In gpu, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In display drm, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In ccu, there is a possible out of bounds read due to a logic error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In display drm, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In ccu, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In apusys, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In keyinstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ged, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ged, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free +3
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Privilege Escalation Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Buffer Overflow +1
NVD
Prev Page 30 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy