Total
29112 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-21449 | 1 Samsung | 1 Android | 2024-08-02 | 4 Medium |
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | ||||
CVE-2023-21454 | 1 Samsung | 1 Android | 2024-08-02 | 2.4 Low |
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | ||||
CVE-2023-21457 | 1 Samsung | 1 Android | 2024-08-02 | 4.1 Medium |
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. | ||||
CVE-2023-21452 | 1 Samsung | 1 Android | 2024-08-02 | 3.3 Low |
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | ||||
CVE-2023-21455 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-08-02 | 5.9 Medium |
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. | ||||
CVE-2023-21485 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
CVE-2023-21461 | 1 Samsung | 1 Android | 2024-08-02 | 4 Medium |
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | ||||
CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2024-08-02 | 4 Medium |
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | ||||
CVE-2023-21486 | 1 Samsung | 1 Android | 2024-08-02 | 5.3 Medium |
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2024-08-02 | 4 Medium |
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | ||||
CVE-2023-21394 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
CVE-2023-21172 | 1 Google | 1 Android | 2024-08-02 | 7.8 High |
In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243015 | ||||
CVE-2023-21103 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622 | ||||
CVE-2023-21116 | 1 Google | 1 Android | 2024-08-02 | 6.7 Medium |
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273 | ||||
CVE-2023-21105 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568 | ||||
CVE-2023-21098 | 1 Google | 1 Android | 2024-08-02 | 7.8 High |
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 | ||||
CVE-2023-21087 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261723753 | ||||
CVE-2023-20929 | 1 Google | 1 Android | 2024-08-02 | 5.5 Medium |
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700 | ||||
CVE-2023-20964 | 1 Google | 1 Android | 2024-08-02 | 7.8 High |
In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 | ||||
CVE-2023-20957 | 1 Google | 1 Android | 2024-08-02 | 7.8 High |
In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 |