Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-21136	In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to... Description: In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246542285 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21135	In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation.... Description: In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21131	In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error... Description: In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265015796 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21130	In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote... Description: In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-273502002 EPSS Score: 0.1% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21129	In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the... Description: In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-274759612 EPSS Score: 0.05% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21128	In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This... Description: In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21127	In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code... Description: In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191 EPSS Score: 0.12% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21126	In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent.... Description: In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21124	In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of... Description: In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)
CVE-2023-21123	In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing... Description: In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 EPSS Score: 0.04% Source: CVE December 19th, 2024 (4 months ago)