Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Android
(Google)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 6927 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-28 | CVE-2023-21175 | In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262243574 | Android | 7.8 | ||
| 2023-06-28 | CVE-2023-21176 | In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222287335 | Android | 4.4 | ||
| 2023-06-28 | CVE-2023-21177 | In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273906410 | Android | 5.5 | ||
| 2022-07-12 | CVE-2022-33689 | Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. | Android | 3.3 | ||
| 2022-07-12 | CVE-2022-33702 | Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | Android | 5.5 | ||
| 2022-08-05 | CVE-2022-33715 | Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | Android | 5.5 | ||
| 2022-05-03 | CVE-2022-28782 | Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. | Android | 4.6 | ||
| 2022-06-07 | CVE-2022-30715 | Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | Android | 5.3 | ||
| 2022-04-11 | CVE-2022-27835 | Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | Android | 7.8 | ||
| 2023-03-24 | CVE-2023-20968 | In multiple functions of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235935 | Android | 4.4 |