CVE Daily
← All tags

Tag: Android OS

All CVEs associated with "Android OS". Page 8/76 • 9114 CVEs.

Subscribe CVEs: RSS for “Android OS”  ·  RSS (High+Critical only)

About “Android OS”

A curated feed of “Android OS”-related CVEs appears below. We currently track 9114 CVEs for this tag (all time). In the last 365 days, 361 were published. Average CVSS is 6.8 (all time; 6.1 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-926 - Improper Export of Android Application Components, CWE-451 - User Interface (UI) Misrepresentation of Critical Information, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-06-15
High

CVE-2023-21124

In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. U…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21123

In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalati…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-21122

In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-21121

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21120

In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. U…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21115

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additio…

CVSS: 8.8 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
High

CVE-2023-21108

In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with n…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privile…

CVSS: 5.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2023-21101

In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2023-21095

In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additiona…

CVSS: 4.7 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2023-06-14
Medium

CVE-2023-2976

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps…

CVSS: 5.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
2023-06-13
Medium

CVE-2023-29501

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verificati…

CVSS: 4.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2023-06-09
Medium

CVE-2023-29753

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2023-29751

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD
Medium

CVE-2023-29767

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-29766

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-29761

An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-29759

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-29758

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

CVSS: 5.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-29757

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

CVSS: 7.8 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Medium

CVE-2023-29756

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

CVSS: 5.5 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2023-29755

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

CVSS: 7.8 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
High

CVE-2023-29752

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-29749

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

CVSS: 7.8 CWE: N/A View on NVD
2023-06-06
Medium

CVE-2022-33227

Memory corruption in Linux android due to double free while calling unregister provider after register call.

CVSS: 6.7 CWE: CWE-415 - Double Free View on NVD
2023-06-02
High

CVE-2023-29551

Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-29550

Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited…

CVSS: 8.8 CWE: N/A View on NVD
Medium

CVE-2023-29549

Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such…

CVSS: 6.5 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
Medium

CVE-2023-29548

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for An…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2023-29544

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, F…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-29541

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certa…

CVSS: 8.8 CWE: CWE-116 - Improper Encoding or Escaping of Output View on NVD
Medium

CVE-2023-29540

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>.…

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
High

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download atta…

CVSS: 8.8 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-29538

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. This leaked directory paths on the…

CVSS: 4.3 CWE: CWE-668 - Exposure of Resource to Wrong Sphere View on NVD
High

CVE-2023-29537

Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112,…

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-29536

An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. T…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2023-29535

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerabilit…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2023-29533

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> c…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-28159

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for A…

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2023-25749

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-25748

By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for A…

CVSS: 4.3 CWE: CWE-1021 - Improper Restriction of Rendered UI Layers or Frames View on NVD
Medium

CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be d…

CVSS: 6.5 CWE: N/A View on NVD
Critical

CVE-2023-29746

An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.

CVSS: 9.8 CWE: N/A View on NVD
Medium

CVE-2023-29725

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferenc…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2023-29724

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and wil…

CVSS: 7.8 CWE: N/A View on NVD
2023-06-01
Critical

CVE-2023-29736

Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code exe…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-29723

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's per…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2023-29722

The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal pref…

CVSS: 9.1 CWE: N/A View on NVD
High

CVE-2023-29748

Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a l…

CVSS: 7.5 CWE: N/A View on NVD
2023-05-31
Critical

CVE-2023-29747

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to mod…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-29745

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.

CVSS: 7.1 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2023-29742

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database.

CVSS: 7.8 CWE: N/A View on NVD
2023-05-30
High

CVE-2023-29743

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.

CVSS: 7.5 CWE: CWE-346 - Origin Validation Error View on NVD
Critical

CVE-2023-29741

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-29740

An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database.

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2023-29739

An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-29738

An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files.

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2023-29728

The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.

CVSS: 9.8 CWE: CWE-346 - Origin Validation Error View on NVD
Critical

CVE-2023-29727

The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects th…

CVSS: 9.8 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
High

CVE-2023-29726

The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the application s…

CVSS: 7.5 CWE: CWE-404 - Improper Resource Shutdown or Release View on NVD
Medium

CVE-2023-29735

An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Critical

CVE-2023-29734

An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-29733

The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by un…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2023-29732

SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any Shared…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-29731

SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into a…

CVSS: 7.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2022-47028

An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.

CVSS: 5.5 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2023-29737

An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.

CVSS: 5.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2023-05-29
Medium

CVE-2023-28153

An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting…

CVSS: 6.4 CWE: N/A View on NVD
2023-05-27
Medium

CVE-2023-33188

Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through a…

CVSS: 6.3 CWE: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy') View on NVD
2023-05-25
Low

CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This wi…

CVSS: 3.7 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
2023-05-24
Low

CVE-2023-2863

A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite D…

CVSS: 2.3 CWE: CWE-313 - Cleartext Storage in a File or on Disk View on NVD
2023-05-18
Low

CVE-2023-28369

Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which ma…

CVSS: 3.3 CWE: N/A View on NVD
2023-05-16
High

CVE-2023-2722

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2023-05-15
Medium

CVE-2023-21118

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-21117

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local es…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-21116

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local esca…

CVSS: 6.7 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2023-21112

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges nee…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-21111

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service wit…

CVSS: 5.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21110

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execut…

CVSS: 7.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-21109

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional…

CVSS: 7.8 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
High

CVE-2023-21107

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privil…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-21106

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2023-21104

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges need…

CVSS: 5.5 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2023-21102

In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additiona…

CVSS: 7.8 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
Medium

CVE-2023-20930

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional ex…

CVSS: 5.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-20914

In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lea…

CVSS: 5.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
Critical

CVE-2021-0877

Product: AndroidVersions: Android SoCAndroid ID: A-273754094

CVSS: 9.8 CWE: N/A View on NVD
2023-05-10
Medium

CVE-2023-25772

Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local ac…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-25179

Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2023-23573

Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.

CVSS: 4.4 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-46645

Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-46279

Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2022-41801

Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2022-41769

Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS: 4.8 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2023-28932

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.

CVSS: 5.9 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-05-09
Medium

CVE-2023-32060

DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Ca…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-05-08
Low

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My C…

CVSS: 3.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-05-04
Medium

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbo…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
Medium

CVE-2023-21485

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbo…

CVSS: 5.3 CWE: CWE-926 - Improper Export of Android Application Components View on NVD
2023-05-03
Medium

CVE-2023-2467

Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security sev…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2023-2463

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (C…

CVSS: 4.3 CWE: N/A View on NVD
2023-05-01
Medium

CVE-2022-48186

A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.

CVSS: 6.2 CWE: CWE-295 - Improper Certificate Validation View on NVD
2023-04-19
High

CVE-2023-21100

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User i…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2023-21099

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-21098

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privil…

CVSS: 7.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2023-21097

In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privilege…

CVSS: 7.8 CWE: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere View on NVD
Critical

CVE-2023-21096

In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed fo…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-21094

In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2023-21093

In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. This could lead to local escalation of…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2023-21092

In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2023-21091

In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user bo…

CVSS: 5.5 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2023-21090

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed…

CVSS: 5.0 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2023-21089

In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privile…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-21088

In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalat…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2023-21087

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed…

CVSS: 5.5 CWE: CWE-248 - Uncaught Exception View on NVD
High

CVE-2023-21086

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local e…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-21085

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional exec…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD