Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-21128	In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This... Description: In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-272042183 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21127	In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code... Description: In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191 EPSS Score: 0.12% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21126	In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent.... Description: In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21124	In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of... Description: In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-265798353 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21123	In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing... Description: In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050064 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21122	In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing... Description: In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-270050191 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21121	In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper... Description: In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-205460459 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21120	In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of... Description: In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21115	In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to... Description: In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033 EPSS Score: 0.05% Source: CVE December 19th, 2024 (6 months ago)
CVE-2023-21105	In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local... Description: In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261036568 EPSS Score: 0.04% Source: CVE December 19th, 2024 (6 months ago)