Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21329 | 0.00 | — | 0.00 | Oct 30, 2023 | In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-21328 | 0.00 | — | 0.00 | Oct 30, 2023 | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2023-21327 | 0.00 | — | 0.00 | Oct 30, 2023 | In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | |||
| CVE-2023-21320 | 0.00 | — | 0.00 | Oct 30, 2023 | In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed… | |||
| CVE-2023-21319 | 0.00 | — | 0.00 | Oct 30, 2023 | In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-21312 | 0.00 | — | 0.00 | Oct 30, 2023 | In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-21309 | 0.00 | — | 0.00 | Oct 30, 2023 | In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-21307 | 0.00 | — | 0.00 | Oct 30, 2023 | In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2023-21306 | 0.00 | — | 0.00 | Oct 30, 2023 | In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-21304 | 0.00 | — | 0.00 | Oct 30, 2023 | In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | |||
| CVE-2023-21300 | 0.00 | — | 0.00 | Oct 30, 2023 | In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | |||
| CVE-2023-21296 | 0.00 | — | 0.00 | Oct 30, 2023 | In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2022-20264 | 0.00 | — | 0.00 | Oct 30, 2023 | In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not… | |||
| CVE-2021-39810 | 0.00 | — | 0.00 | Oct 30, 2023 | In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution… | |||
| CVE-2023-40140 | 0.00 | — | 0.00 | Oct 27, 2023 | In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2023-40137 | 0.00 | — | 0.00 | Oct 27, 2023 | In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-40136 | 0.00 | — | 0.00 | Oct 27, 2023 | In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-40134 | 0.00 | — | 0.00 | Oct 27, 2023 | In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-40131 | 0.00 | — | 0.00 | Oct 27, 2023 | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2023-40121 | 0.00 | — | 0.00 | Oct 27, 2023 | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. |
- CVE-2023-21329Oct 30, 2023risk 0.00cvss —epss 0.00
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21328Oct 30, 2023risk 0.00cvss —epss 0.00
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed…
- CVE-2023-21327Oct 30, 2023risk 0.00cvss —epss 0.00
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- CVE-2023-21320Oct 30, 2023risk 0.00cvss —epss 0.00
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed…
- CVE-2023-21319Oct 30, 2023risk 0.00cvss —epss 0.00
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21312Oct 30, 2023risk 0.00cvss —epss 0.00
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21309Oct 30, 2023risk 0.00cvss —epss 0.00
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21307Oct 30, 2023risk 0.00cvss —epss 0.00
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…
- CVE-2023-21306Oct 30, 2023risk 0.00cvss —epss 0.00
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-21304Oct 30, 2023risk 0.00cvss —epss 0.00
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- CVE-2023-21300Oct 30, 2023risk 0.00cvss —epss 0.00
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- CVE-2023-21296Oct 30, 2023risk 0.00cvss —epss 0.00
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for…
- CVE-2022-20264Oct 30, 2023risk 0.00cvss —epss 0.00
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not…
- CVE-2021-39810Oct 30, 2023risk 0.00cvss —epss 0.00
In verifyDefaults of CardEmulationManager.java, there is a possible way to set a third party app as the default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution…
- CVE-2023-40140Oct 27, 2023risk 0.00cvss —epss 0.00
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2023-40137Oct 27, 2023risk 0.00cvss —epss 0.00
In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-40136Oct 27, 2023risk 0.00cvss —epss 0.00
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-40134Oct 27, 2023risk 0.00cvss —epss 0.00
In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-40131Oct 27, 2023risk 0.00cvss —epss 0.00
In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2023-40121Oct 27, 2023risk 0.00cvss —epss 0.00
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
Page 9 of 89