CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-20928 416 2023-01-26 2023-02-06
0.0
None ??? ??? ??? ??? ??? ???
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel
2 CVE-2023-20925 416 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A
3 CVE-2023-20924 287 Bypass 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
4 CVE-2023-20923 Bypass 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A
5 CVE-2023-20922 400 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548
6 CVE-2023-20921 670 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132
7 CVE-2023-20920 416 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366
8 CVE-2023-20919 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068
9 CVE-2023-20916 862 Bypass 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049
10 CVE-2023-20915 670 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197
11 CVE-2023-20913 1021 2023-01-26 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
12 CVE-2023-20912 862 2023-01-26 2023-02-02
0.0
None ??? ??? ??? ??? ??? ???
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995
13 CVE-2023-20908 400 DoS 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861
14 CVE-2023-20905 787 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741
15 CVE-2023-20904 Exec Code 2023-01-26 2023-02-01
0.0
None ??? ??? ??? ??? ??? ???
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272
16 CVE-2023-0474 416 2023-01-30 2023-02-06
0.0
None ??? ??? ??? ??? ??? ???
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium)
17 CVE-2023-0473 843 2023-01-30 2023-02-06
0.0
None ??? ??? ??? ??? ??? ???
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
18 CVE-2023-0472 416 2023-01-30 2023-02-06
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
19 CVE-2023-0471 416 2023-01-30 2023-02-06
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
20 CVE-2023-0141 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
21 CVE-2023-0138 787 Overflow 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
22 CVE-2023-0135 416 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
23 CVE-2023-0134 416 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium)
24 CVE-2023-0131 Bypass 2023-01-10 2023-01-17
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium)
25 CVE-2023-0129 787 Overflow 2023-01-10 2023-01-13
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High)
26 CVE-2022-42544 20 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390
27 CVE-2022-42543 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A
28 CVE-2022-42542 787 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184
29 CVE-2022-42535 89 Sql 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183
30 CVE-2022-42534 20 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A
31 CVE-2022-42533 190 Overflow 2022-11-17 2022-11-22
0.0
None ??? ??? ??? ??? ??? ???
In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A
32 CVE-2022-42532 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A
33 CVE-2022-42531 770 Bypass 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A
34 CVE-2022-42530 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A
35 CVE-2022-42529 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A
36 CVE-2022-42527 DoS Exec Code 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A
37 CVE-2022-42526 787 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509880References: N/A
38 CVE-2022-42525 787 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509750References: N/A
39 CVE-2022-42524 125 Exec Code 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A
40 CVE-2022-42523 787 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376893References: N/A
41 CVE-2022-42522 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A
42 CVE-2022-42521 787 Exec Code 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A
43 CVE-2022-42520 416 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A
44 CVE-2022-42519 787 Exec Code Mem. Corr. 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A
45 CVE-2022-42518 787 Exec Code 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A
46 CVE-2022-42517 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763682References: N/A
47 CVE-2022-42516 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763577References: N/A
48 CVE-2022-42515 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763503References: N/A
49 CVE-2022-42514 125 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A
50 CVE-2022-42513 787 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A
Total number of vulnerabilities : 826   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.