CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-21419 2023-02-09 2023-02-17
0.0
None ??? ??? ??? ??? ??? ???
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
2 CVE-2023-20949 787 Overflow 2023-02-15 2023-02-23
0.0
None ??? ??? ??? ??? ??? ???
In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323133References: N/A
3 CVE-2023-20948 125 Overflow 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526
4 CVE-2023-20946 Bypass 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In onStart of BluetoothSwitchPreferenceController.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-244423101
5 CVE-2023-20945 787 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269
6 CVE-2023-20944 502 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-244154558
7 CVE-2023-20943 22 Dir. Trav. 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240267890
8 CVE-2023-20940 347 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256237041
9 CVE-2023-20939 667 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981
10 CVE-2023-20938 416 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel
11 CVE-2023-20937 416 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel
12 CVE-2023-20934 Bypass 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042
13 CVE-2023-20933 416 Exec Code 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753
14 CVE-2023-20932 20 2023-02-28 2023-03-06
0.0
None ??? ??? ??? ??? ??? ???
In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018
15 CVE-2023-20928 416 2023-01-26 2023-02-06
0.0
None ??? ??? ??? ??? ??? ???
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel
16 CVE-2023-20927 Bypass 2023-02-15 2023-02-23
0.0
None ??? ??? ??? ??? ??? ???
In permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503
17 CVE-2023-20925 416 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A
18 CVE-2023-20924 287 Bypass 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
19 CVE-2023-20923 Bypass 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A
20 CVE-2023-20922 400 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548
21 CVE-2023-20921 670 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132
22 CVE-2023-20920 416 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366
23 CVE-2023-20919 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068
24 CVE-2023-20916 862 Bypass 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049
25 CVE-2023-20915 670 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197
26 CVE-2023-20913 1021 2023-01-26 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
27 CVE-2023-20912 862 2023-01-26 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995
28 CVE-2023-20908 400 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861
29 CVE-2023-20905 787 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741
30 CVE-2023-20904 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272
31 CVE-2023-1236 2023-03-07 2023-03-10
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)
32 CVE-2023-1235 843 2023-03-07 2023-03-10
0.0
None ??? ??? ??? ??? ??? ???
Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)
33 CVE-2023-1233 +Info 2023-03-07 2023-03-10
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)
34 CVE-2023-1232 +Info 2023-03-07 2023-03-10
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)
35 CVE-2023-1229 276 Bypass 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
36 CVE-2023-1226 Bypass 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
37 CVE-2023-1224 Bypass 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
38 CVE-2023-1222 787 Overflow 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
39 CVE-2023-1221 Bypass 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
40 CVE-2023-1220 787 Overflow 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
41 CVE-2023-1219 787 Overflow 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
42 CVE-2023-1218 416 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
43 CVE-2023-1216 416 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
44 CVE-2023-1215 843 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
45 CVE-2023-1214 843 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
46 CVE-2023-1213 416 2023-03-07 2023-03-11
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
47 CVE-2023-0941 416 2023-02-22 2023-02-28
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
48 CVE-2023-0933 190 Overflow 2023-02-22 2023-02-28
0.0
None ??? ??? ??? ??? ??? ???
Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
49 CVE-2023-0931 416 2023-02-22 2023-02-28
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
50 CVE-2023-0930 787 Overflow 2023-02-22 2023-02-28
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.