| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-20928 |
416 |
|
|
2023-01-26 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel |
|
2 |
CVE-2023-20925 |
416 |
|
|
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A |
|
3 |
CVE-2023-20924 |
287 |
|
Bypass |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A |
|
4 |
CVE-2023-20923 |
|
|
Bypass |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A |
|
5 |
CVE-2023-20922 |
400 |
|
DoS |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548 |
|
6 |
CVE-2023-20921 |
670 |
|
Exec Code |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132 |
|
7 |
CVE-2023-20920 |
416 |
|
|
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366 |
|
8 |
CVE-2023-20919 |
|
|
Exec Code |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068 |
|
9 |
CVE-2023-20916 |
862 |
|
Bypass |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049 |
|
10 |
CVE-2023-20915 |
670 |
|
Exec Code |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197 |
|
11 |
CVE-2023-20913 |
1021 |
|
|
2023-01-26 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785 |
|
12 |
CVE-2023-20912 |
862 |
|
|
2023-01-26 |
2023-02-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995 |
|
13 |
CVE-2023-20908 |
400 |
|
DoS |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861 |
|
14 |
CVE-2023-20905 |
787 |
|
|
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741 |
|
15 |
CVE-2023-20904 |
|
|
Exec Code |
2023-01-26 |
2023-02-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272 |
|
16 |
CVE-2023-0474 |
416 |
|
|
2023-01-30 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) |
|
17 |
CVE-2023-0473 |
843 |
|
|
2023-01-30 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
|
18 |
CVE-2023-0472 |
416 |
|
|
2023-01-30 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
19 |
CVE-2023-0471 |
416 |
|
|
2023-01-30 |
2023-02-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|
20 |
CVE-2023-0141 |
|
|
|
2023-01-10 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
|
21 |
CVE-2023-0138 |
787 |
|
Overflow |
2023-01-10 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
|
22 |
CVE-2023-0135 |
416 |
|
|
2023-01-10 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) |
|
23 |
CVE-2023-0134 |
416 |
|
|
2023-01-10 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) |
|
24 |
CVE-2023-0131 |
|
|
Bypass |
2023-01-10 |
2023-01-17 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) |
|
25 |
CVE-2023-0129 |
787 |
|
Overflow |
2023-01-10 |
2023-01-13 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) |
|
26 |
CVE-2022-42544 |
20 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In getView of AddAppNetworksFragment.java, there is a possible way to mislead the user about network add requests due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224545390 |
|
27 |
CVE-2022-42543 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-249998113References: N/A |
|
28 |
CVE-2022-42542 |
787 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231445184 |
|
29 |
CVE-2022-42535 |
89 |
|
Sql |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770183 |
|
30 |
CVE-2022-42534 |
20 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible privilege escalation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237838301References: N/A |
|
31 |
CVE-2022-42533 |
190 |
|
Overflow |
2022-11-17 |
2022-11-22 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In shared_metadata_init of SharedMetadata.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239415718References: N/A |
|
32 |
CVE-2022-42532 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242332610References: N/A |
|
33 |
CVE-2022-42531 |
770 |
|
Bypass |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation bypass due to Permissive Memory Allocation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-231500967References: N/A |
|
34 |
CVE-2022-42530 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Pixel firmware, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242331893References: N/A |
|
35 |
CVE-2022-42529 |
|
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Product: AndroidVersions: Android kernelAndroid ID: A-235292841References: N/A |
|
36 |
CVE-2022-42527 |
|
|
DoS Exec Code |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244448906References: N/A |
|
37 |
CVE-2022-42526 |
787 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509880References: N/A |
|
38 |
CVE-2022-42525 |
787 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243509750References: N/A |
|
39 |
CVE-2022-42524 |
125 |
|
Exec Code |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243401445References: N/A |
|
40 |
CVE-2022-42523 |
787 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376893References: N/A |
|
41 |
CVE-2022-42522 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In DoSetCarrierConfig of miscservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130038References: N/A |
|
42 |
CVE-2022-42521 |
787 |
|
Exec Code |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In encode of wlandata.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130019References: N/A |
|
43 |
CVE-2022-42520 |
416 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A |
|
44 |
CVE-2022-42519 |
787 |
|
Exec Code Mem. Corr. |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, there is a possible stack clash leading to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242540694References: N/A |
|
45 |
CVE-2022-42518 |
787 |
|
Exec Code |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242536278References: N/A |
|
46 |
CVE-2022-42517 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763682References: N/A |
|
47 |
CVE-2022-42516 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderlegacy.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763577References: N/A |
|
48 |
CVE-2022-42515 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763503References: N/A |
|
49 |
CVE-2022-42514 |
125 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763298References: N/A |
|
50 |
CVE-2022-42513 |
787 |
|
|
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241763204References: N/A |
