Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21209 | 0.00 | — | 0.00 | Jun 28, 2023 | In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21208 | 0.00 | — | 0.00 | Jun 28, 2023 | In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21170 | 0.00 | — | 0.00 | Jun 28, 2023 | In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21211 | 0.00 | — | 0.00 | Jun 28, 2023 | In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android… | |||
| CVE-2023-21213 | 0.00 | — | 0.00 | Jun 28, 2023 | In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-21199 | 0.00 | — | 0.00 | Jun 28, 2023 | In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21200 | 0.00 | — | 0.00 | Jun 28, 2023 | In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21187 | 0.00 | — | 0.00 | Jun 28, 2023 | In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-21176 | 0.00 | — | 0.00 | Jun 28, 2023 | In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21179 | 0.00 | — | 0.00 | Jun 28, 2023 | In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-21181 | 0.00 | — | 0.00 | Jun 28, 2023 | In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21153 | 0.00 | — | 0.00 | Jun 28, 2023 | In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21204 | 0.00 | — | 0.00 | Jun 28, 2023 | In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21149 | 0.00 | — | 0.00 | Jun 28, 2023 | In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not… | |||
| CVE-2023-21197 | 0.00 | — | 0.00 | Jun 28, 2023 | In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21205 | 0.00 | — | 0.00 | Jun 28, 2023 | In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21185 | 0.00 | — | 0.00 | Jun 28, 2023 | In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21188 | 0.00 | — | 0.00 | Jun 28, 2023 | In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-21172 | 0.00 | — | 0.00 | Jun 28, 2023 | In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not… | |||
| CVE-2023-21190 | 0.00 | — | 0.00 | Jun 28, 2023 | In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed.… |
- CVE-2023-21209Jun 28, 2023risk 0.00cvss —epss 0.00
In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21208Jun 28, 2023risk 0.00cvss —epss 0.00
In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21170Jun 28, 2023risk 0.00cvss —epss 0.00
In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21211Jun 28, 2023risk 0.00cvss —epss 0.00
In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android…
- CVE-2023-21213Jun 28, 2023risk 0.00cvss —epss 0.00
In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for…
- CVE-2023-21199Jun 28, 2023risk 0.00cvss —epss 0.00
In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21200Jun 28, 2023risk 0.00cvss —epss 0.00
In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21187Jun 28, 2023risk 0.00cvss —epss 0.00
In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2023-21176Jun 28, 2023risk 0.00cvss —epss 0.00
In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21179Jun 28, 2023risk 0.00cvss —epss 0.00
In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2023-21181Jun 28, 2023risk 0.00cvss —epss 0.00
In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21153Jun 28, 2023risk 0.00cvss —epss 0.00
In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21204Jun 28, 2023risk 0.00cvss —epss 0.00
In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21149Jun 28, 2023risk 0.00cvss —epss 0.00
In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- CVE-2023-21197Jun 28, 2023risk 0.00cvss —epss 0.00
In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21205Jun 28, 2023risk 0.00cvss —epss 0.00
In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21185Jun 28, 2023risk 0.00cvss —epss 0.00
In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21188Jun 28, 2023risk 0.00cvss —epss 0.00
In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-21172Jun 28, 2023risk 0.00cvss —epss 0.00
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- CVE-2023-21190Jun 28, 2023risk 0.00cvss —epss 0.00
In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed.…
Page 13 of 89