Android SDK
by Google
CVEs (1,765)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21027 | 0.00 | — | 0.00 | Mar 24, 2023 | In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-20957 | 0.00 | — | 0.00 | Mar 24, 2023 | In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-20990 | 0.00 | — | 0.00 | Mar 24, 2023 | In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-20992 | 0.00 | — | 0.00 | Mar 24, 2023 | In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-20975 | 0.00 | — | 0.00 | Mar 24, 2023 | In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is… | |||
| CVE-2023-21018 | 0.00 | — | 0.00 | Mar 24, 2023 | In UnwindingWorker of unwinding.cc, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21035 | 0.00 | — | 0.00 | Mar 24, 2023 | In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2023-21021 | 0.00 | — | 0.00 | Mar 24, 2023 | In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User… | |||
| CVE-2023-21000 | 0.00 | — | 0.00 | Mar 24, 2023 | In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:… | |||
| CVE-2023-21032 | 0.00 | — | 0.00 | Mar 24, 2023 | In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2022-20467 | 0.00 | — | 0.00 | Mar 24, 2023 | In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:… | |||
| CVE-2023-20983 | 0.00 | — | 0.00 | Mar 24, 2023 | In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-20952 | 0.00 | — | 0.00 | Mar 24, 2023 | In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-20972 | 0.00 | — | 0.00 | Mar 24, 2023 | In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-21003 | 0.00 | — | 0.00 | Mar 24, 2023 | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-20936 | 0.00 | — | 0.00 | Mar 24, 2023 | In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2023-20984 | 0.00 | — | 0.00 | Mar 24, 2023 | In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2023-20982 | 0.00 | — | 0.00 | Mar 24, 2023 | In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-20955 | 0.00 | — | 0.00 | Mar 24, 2023 | In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges… | |||
| CVE-2022-20481 | 0.00 | — | 0.00 | Feb 28, 2023 | In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… |
- CVE-2023-21027Mar 24, 2023risk 0.00cvss —epss 0.00
In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for…
- CVE-2023-20957Mar 24, 2023risk 0.00cvss —epss 0.00
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2023-20990Mar 24, 2023risk 0.00cvss —epss 0.00
In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-20992Mar 24, 2023risk 0.00cvss —epss 0.00
In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for…
- CVE-2023-20975Mar 24, 2023risk 0.00cvss —epss 0.00
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is…
- CVE-2023-21018Mar 24, 2023risk 0.00cvss —epss 0.00
In UnwindingWorker of unwinding.cc, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21035Mar 24, 2023risk 0.00cvss —epss 0.00
In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2023-21021Mar 24, 2023risk 0.00cvss —epss 0.00
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2023-21000Mar 24, 2023risk 0.00cvss —epss 0.00
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:…
- CVE-2023-21032Mar 24, 2023risk 0.00cvss —epss 0.00
In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2022-20467Mar 24, 2023risk 0.00cvss —epss 0.00
In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:…
- CVE-2023-20983Mar 24, 2023risk 0.00cvss —epss 0.00
In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-20952Mar 24, 2023risk 0.00cvss —epss 0.00
In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-20972Mar 24, 2023risk 0.00cvss —epss 0.00
In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-21003Mar 24, 2023risk 0.00cvss —epss 0.00
In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2023-20936Mar 24, 2023risk 0.00cvss —epss 0.00
In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2023-20984Mar 24, 2023risk 0.00cvss —epss 0.00
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2023-20982Mar 24, 2023risk 0.00cvss —epss 0.00
In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for…
- CVE-2023-20955Mar 24, 2023risk 0.00cvss —epss 0.00
In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges…
- CVE-2022-20481Feb 28, 2023risk 0.00cvss —epss 0.00
In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
Page 21 of 89