Action not permitted
Modal body text goes here.
wid-sec-w-2023-2778
Vulnerability from csaf_certbund
Published
2023-10-30 23:00
Modified
2023-10-30 23:00
Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen und seine Privilegien zu erhöhen.
Betroffene Betriebssysteme
- Android
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erh\u00f6hen.", "title": "Angriff" }, { "category": "general", "text": "- Android", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2778 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2778.json" }, { "category": "self", "summary": "WID-SEC-2023-2778 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2778" }, { "category": "external", "summary": "https://source.android.com/docs/security/bulletin/android-14 vom 2023-10-30", "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "source_lang": "en-US", "title": "Google Android: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-10-30T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:49:30.723+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2778", "initial_release_date": "2023-10-30T23:00:00.000+00:00", "revision_history": [ { "date": "2023-10-30T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Google Android \u003c 14", "product": { "name": "Google Android \u003c 14", "product_id": "T030833", "product_identification_helper": { "cpe": "cpe:/o:google:android:14" } } } ], "category": "vendor", "name": "Google" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-45780", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-45780" }, { "cve": "CVE-2023-40101", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-40101" }, { "cve": "CVE-2023-21398", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21398" }, { "cve": "CVE-2023-21397", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21397" }, { "cve": "CVE-2023-21396", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21396" }, { "cve": "CVE-2023-21395", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21395" }, { "cve": "CVE-2023-21394", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21394" }, { "cve": "CVE-2023-21393", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21393" }, { "cve": "CVE-2023-21392", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21392" }, { "cve": "CVE-2023-21391", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21391" }, { "cve": "CVE-2023-21390", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21390" }, { "cve": "CVE-2023-21389", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21389" }, { "cve": "CVE-2023-21388", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21388" }, { "cve": "CVE-2023-21387", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21387" }, { "cve": "CVE-2023-21386", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21386" }, { "cve": "CVE-2023-21385", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21385" }, { "cve": "CVE-2023-21384", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21384" }, { "cve": "CVE-2023-21383", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21383" }, { "cve": "CVE-2023-21382", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21382" }, { "cve": "CVE-2023-21381", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21381" }, { "cve": "CVE-2023-21380", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21380" }, { "cve": "CVE-2023-21379", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21379" }, { "cve": "CVE-2023-21378", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21378" }, { "cve": "CVE-2023-21377", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21377" }, { "cve": "CVE-2023-21376", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21376" }, { "cve": "CVE-2023-21375", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21375" }, { "cve": "CVE-2023-21374", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21374" }, { "cve": "CVE-2023-21373", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21373" }, { "cve": "CVE-2023-21372", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21372" }, { "cve": "CVE-2023-21371", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21371" }, { "cve": "CVE-2023-21370", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21370" }, { "cve": "CVE-2023-21369", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21369" }, { "cve": "CVE-2023-21368", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21368" }, { "cve": "CVE-2023-21367", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21367" }, { "cve": "CVE-2023-21366", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21366" }, { "cve": "CVE-2023-21365", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21365" }, { "cve": "CVE-2023-21364", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21364" }, { "cve": "CVE-2023-21362", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21362" }, { "cve": "CVE-2023-21361", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21361" }, { "cve": "CVE-2023-21360", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21360" }, { "cve": "CVE-2023-21359", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21359" }, { "cve": "CVE-2023-21358", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21358" }, { "cve": "CVE-2023-21357", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21357" }, { "cve": "CVE-2023-21356", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21356" }, { "cve": "CVE-2023-21355", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21355" }, { "cve": "CVE-2023-21354", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21354" }, { "cve": "CVE-2023-21353", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21353" }, { "cve": "CVE-2023-21352", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21352" }, { "cve": "CVE-2023-21351", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21351" }, { "cve": "CVE-2023-21350", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21350" }, { "cve": "CVE-2023-21349", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21349" }, { "cve": "CVE-2023-21348", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21348" }, { "cve": "CVE-2023-21347", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21347" }, { "cve": "CVE-2023-21346", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21346" }, { "cve": "CVE-2023-21345", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21345" }, { "cve": "CVE-2023-21344", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21344" }, { "cve": "CVE-2023-21343", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21343" }, { "cve": "CVE-2023-21342", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21342" }, { "cve": "CVE-2023-21341", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21341" }, { "cve": "CVE-2023-21340", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21340" }, { "cve": "CVE-2023-21339", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21339" }, { "cve": "CVE-2023-21338", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21338" }, { "cve": "CVE-2023-21337", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21337" }, { "cve": "CVE-2023-21336", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21336" }, { "cve": "CVE-2023-21335", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21335" }, { "cve": "CVE-2023-21334", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21334" }, { "cve": "CVE-2023-21333", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21333" }, { "cve": "CVE-2023-21332", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21332" }, { "cve": "CVE-2023-21331", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21331" }, { "cve": "CVE-2023-21330", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21330" }, { "cve": "CVE-2023-21329", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21329" }, { "cve": "CVE-2023-21328", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21328" }, { "cve": "CVE-2023-21327", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21327" }, { "cve": "CVE-2023-21326", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21326" }, { "cve": "CVE-2023-21325", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21325" }, { "cve": "CVE-2023-21324", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21324" }, { "cve": "CVE-2023-21323", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21323" }, { "cve": "CVE-2023-21321", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21321" }, { "cve": "CVE-2023-21320", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21320" }, { "cve": "CVE-2023-21319", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21319" }, { "cve": "CVE-2023-21318", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21318" }, { "cve": "CVE-2023-21317", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21317" }, { "cve": "CVE-2023-21316", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21316" }, { "cve": "CVE-2023-21315", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21315" }, { "cve": "CVE-2023-21314", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21314" }, { "cve": "CVE-2023-21313", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21313" }, { "cve": "CVE-2023-21312", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21312" }, { "cve": "CVE-2023-21311", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21311" }, { "cve": "CVE-2023-21310", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21310" }, { "cve": "CVE-2023-21309", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21309" }, { "cve": "CVE-2023-21308", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21308" }, { "cve": "CVE-2023-21307", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21307" }, { "cve": "CVE-2023-21306", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21306" }, { "cve": "CVE-2023-21305", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21305" }, { "cve": "CVE-2023-21304", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21304" }, { "cve": "CVE-2023-21303", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21303" }, { "cve": "CVE-2023-21302", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21302" }, { "cve": "CVE-2023-21301", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21301" }, { "cve": "CVE-2023-21300", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21300" }, { "cve": "CVE-2023-21299", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21299" }, { "cve": "CVE-2023-21298", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21298" }, { "cve": "CVE-2023-21297", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21297" }, { "cve": "CVE-2023-21296", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21296" }, { "cve": "CVE-2023-21295", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21295" }, { "cve": "CVE-2023-21294", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21294" }, { "cve": "CVE-2023-21293", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2023-21293" }, { "cve": "CVE-2022-29824", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2022-29824" }, { "cve": "CVE-2022-27404", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2022-27404" }, { "cve": "CVE-2022-20531", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2022-20531" }, { "cve": "CVE-2022-20264", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2022-20264" }, { "cve": "CVE-2021-39810", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden." } ], "release_date": "2023-10-30T23:00:00Z", "title": "CVE-2021-39810" } ] }
cve-2023-21398
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:30
Severity ?
EPSS score ?
Summary
In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.657Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21398", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:29:33.386518Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:30:52.147Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:39.442Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21398", "datePublished": "2023-10-30T17:01:39.442Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-09-06T18:30:52.147Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21362
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:21
Severity ?
EPSS score ?
Summary
In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.519Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21362", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:19:54.608704Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:21:30.092Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:31.494Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21362", "datePublished": "2023-10-30T16:56:39.102Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-06T20:21:30.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21293
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:34
Severity ?
EPSS score ?
Summary
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21293", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:34:21.399279Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:34:29.171Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:06.198Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21293", "datePublished": "2023-10-30T16:18:54.387Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:34:29.171Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21356
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.528Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:29.226Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21356", "datePublished": "2023-10-30T16:56:37.946Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-08-02T09:36:33.528Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21311
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:09
Severity ?
EPSS score ?
Summary
In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.946Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21311", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:09:27.826201Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:09:38.853Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:12.921Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21311", "datePublished": "2023-10-30T16:56:29.479Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:09:38.853Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21387
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:49
Severity ?
EPSS score ?
Summary
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.636Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21387", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:49:35.406187Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:49:49.381Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:37.310Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21387", "datePublished": "2023-10-30T17:01:37.310Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:49:49.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21318
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:17
Severity ?
EPSS score ?
Summary
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21318", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:17:29.597495Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:17:37.838Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:15.534Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21318", "datePublished": "2023-10-30T16:56:30.858Z", "dateReserved": "2022-11-03T22:37:50.659Z", "dateUpdated": "2024-09-06T20:17:37.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21369
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 20:12
Severity ?
EPSS score ?
Summary
In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.551Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21369", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:07.343345Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:12:05.687Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:33.696Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21369", "datePublished": "2023-10-30T16:59:26.560Z", "dateReserved": "2022-11-03T22:37:50.664Z", "dateUpdated": "2024-09-06T20:12:05.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45780
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 20:03
Severity ?
EPSS score ?
Summary
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:29:32.366Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-45780", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:18:06.755503Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:03:02.310Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:39.813Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-45780", "datePublished": "2023-10-30T17:01:39.813Z", "dateReserved": "2023-10-12T15:46:50.769Z", "dateUpdated": "2024-09-06T20:03:02.310Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21368
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 20:12
Severity ?
EPSS score ?
Summary
In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21368", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:18.651260Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:12:34.208Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:33.327Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21368", "datePublished": "2023-10-30T16:59:26.371Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-06T20:12:34.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21305
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:30
Severity ?
EPSS score ?
Summary
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21305", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:29:58.550053Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:30:09.991Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:10.653Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21305", "datePublished": "2023-10-30T16:56:28.317Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:30:09.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21367
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 20:12
Severity ?
EPSS score ?
Summary
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21367", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:38.384827Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:12:53.440Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:32.929Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21367", "datePublished": "2023-10-30T16:59:26.099Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-06T20:12:53.440Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21316
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:18
Severity ?
EPSS score ?
Summary
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21316", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:18:06.620582Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:18:14.729Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:14.818Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21316", "datePublished": "2023-10-30T16:56:30.471Z", "dateReserved": "2022-11-03T22:37:50.659Z", "dateUpdated": "2024-09-06T20:18:14.729Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21358
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.445Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:29.985Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21358", "datePublished": "2023-10-30T16:56:38.333Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-08-02T09:36:33.445Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21352
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:38
Severity ?
EPSS score ?
Summary
In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.576Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21352", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:37:57.666835Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:38:10.430Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:27.737Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21352", "datePublished": "2023-10-30T16:56:37.186Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:38:10.430Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21336
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:47
Severity ?
EPSS score ?
Summary
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.197Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21336", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:47:08.345273Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:47:22.895Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:21.875Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21336", "datePublished": "2023-10-30T16:56:34.159Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:47:22.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21296
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:33
Severity ?
EPSS score ?
Summary
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.894Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21296", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:33:07.632271Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:33:16.135Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:07.299Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21296", "datePublished": "2023-10-30T16:18:54.940Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:33:16.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21355
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:26
Severity ?
EPSS score ?
Summary
In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21355", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:25:50.744345Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:26:12.993Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:28.850Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21355", "datePublished": "2023-10-30T16:56:37.756Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:26:12.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21364
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:14
Severity ?
EPSS score ?
Summary
In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.482Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21364", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:59.127345Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:14:30.378Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:31.841Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21364", "datePublished": "2023-10-30T16:56:39.335Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-06T20:14:30.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21306
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:28
Severity ?
EPSS score ?
Summary
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.119Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21306", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:28:16.447260Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:28:33.093Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:11.021Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21306", "datePublished": "2023-10-30T16:56:28.509Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:28:33.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21382
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:52
Severity ?
EPSS score ?
Summary
In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.707Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21382", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:52:13.627875Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:52:23.589Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:36.502Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21382", "datePublished": "2023-10-30T17:01:36.502Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:52:23.589Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20531
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-08-03 02:17
Severity ?
EPSS score ?
Summary
In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:17:52.888Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:05.843Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20531", "datePublished": "2023-10-30T16:18:54.199Z", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-03T02:17:52.888Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21302
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:30
Severity ?
EPSS score ?
Summary
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.212Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21302", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:30:41.935677Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:30:50.635Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:09.577Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21302", "datePublished": "2023-10-30T16:56:27.736Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:30:50.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21327
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:04
Severity ?
EPSS score ?
Summary
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.129Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21327", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:02:57.989401Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:04:06.289Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:18.503Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21327", "datePublished": "2023-10-30T16:56:32.367Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:04:06.289Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21380
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:36.112Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21380", "datePublished": "2023-10-30T17:01:36.112Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-08-02T09:36:33.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21319
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:17
Severity ?
EPSS score ?
Summary
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21319", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:16:59.627411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:17:08.134Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:15.896Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21319", "datePublished": "2023-10-30T16:56:31.063Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:17:08.134Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21373
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 19:18
Severity ?
EPSS score ?
Summary
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.535Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21373", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:18:05.384466Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:18:53.778Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:34.762Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21373", "datePublished": "2023-10-30T17:01:34.762Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T19:18:53.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21297
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:19
Severity ?
EPSS score ?
Summary
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21297", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:19:51.704703Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:19:59.175Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:07.650Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21297", "datePublished": "2023-10-30T16:56:26.759Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:19:59.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21315
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:14.449Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21315", "datePublished": "2023-10-30T16:56:30.266Z", "dateReserved": "2022-11-03T22:37:50.658Z", "dateUpdated": "2024-08-02T09:36:33.248Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21375
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 19:13
Severity ?
EPSS score ?
Summary
In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21375", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:12:19.549866Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:13:15.529Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:35.124Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21375", "datePublished": "2023-10-30T17:01:35.124Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T19:13:15.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21309
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:11
Severity ?
EPSS score ?
Summary
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21309", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:11:22.429441Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:11:37.594Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:12.141Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21309", "datePublished": "2023-10-30T16:56:29.094Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:11:37.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21370
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 19:25
Severity ?
EPSS score ?
Summary
In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.559Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21370", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:24:41.498832Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:25:11.541Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:34.054Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21370", "datePublished": "2023-10-30T16:59:26.758Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T19:25:11.541Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21388
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:48
Severity ?
EPSS score ?
Summary
In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.635Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21388", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:47:36.456167Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:48:34.768Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:37.495Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21388", "datePublished": "2023-10-30T17:01:37.495Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:48:34.768Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21392
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:34.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:38.267Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21392", "datePublished": "2023-10-30T17:01:38.267Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-08-02T09:36:34.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21345
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:43
Severity ?
EPSS score ?
Summary
In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21345", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:42:34.379137Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:43:35.825Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:25.218Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21345", "datePublished": "2023-10-30T16:56:35.885Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:43:35.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21374
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 19:17
Severity ?
EPSS score ?
Summary
In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21374", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:15:12.953945Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:17:12.329Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:34.944Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21374", "datePublished": "2023-10-30T17:01:34.944Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T19:17:12.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21312
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:08
Severity ?
EPSS score ?
Summary
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.157Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21312", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:08:23.811137Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:08:34.774Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:13.312Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21312", "datePublished": "2023-10-30T16:56:29.671Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:08:34.774Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21354
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:28
Severity ?
EPSS score ?
Summary
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21354", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:27:49.180773Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:28:00.850Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:28.478Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21354", "datePublished": "2023-10-30T16:56:37.580Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:28:00.850Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21333
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:54
Severity ?
EPSS score ?
Summary
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.223Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21333", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:52:27.457982Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:54:31.172Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:20.746Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21333", "datePublished": "2023-10-30T16:56:33.584Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:54:31.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21397
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:33
Severity ?
EPSS score ?
Summary
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:34.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21397", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:31:49.770846Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:33:01.274Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:39.250Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21397", "datePublished": "2023-10-30T17:01:39.250Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-09-06T18:33:01.274Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21332
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:55
Severity ?
EPSS score ?
Summary
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.252Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21332", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:55:34.748424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:55:47.022Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:20.363Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21332", "datePublished": "2023-10-30T16:56:33.400Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:55:47.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21381
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:55
Severity ?
EPSS score ?
Summary
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21381", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:54:58.043944Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:55:22.999Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:36.310Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21381", "datePublished": "2023-10-30T17:01:36.310Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:55:22.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-39810
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:36
Severity ?
EPSS score ?
Summary
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:20:33.343Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-39810", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:35:19.699902Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:36:48.297Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:05.113Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2021-39810", "datePublished": "2023-10-30T16:18:53.654Z", "dateReserved": "2021-08-23T19:27:46.249Z", "dateUpdated": "2024-09-06T20:36:48.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21394
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.740Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/68dca62035c49e14ad26a54f614199cb29a3393f" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-12-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-22T00:16:41.693Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/68dca62035c49e14ad26a54f614199cb29a3393f" }, { "url": "https://source.android.com/security/bulletin/2023-12-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21394", "datePublished": "2023-10-30T17:01:38.666Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-08-02T09:36:33.740Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21325
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:11
Severity ?
EPSS score ?
Summary
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21325", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:58.959640Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:11:12.406Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:17.735Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21325", "datePublished": "2023-10-30T16:56:31.988Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:11:12.406Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21326
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:10
Severity ?
EPSS score ?
Summary
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21326", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:29.378280Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:10:37.694Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:18.085Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21326", "datePublished": "2023-10-30T16:56:32.181Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:10:37.694Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21379
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:35.923Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21379", "datePublished": "2023-10-30T17:01:35.923Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-08-02T09:36:33.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21341
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:04
Severity ?
EPSS score ?
Summary
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.540Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21341", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:03:32.823886Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:04:41.218Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:23.781Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21341", "datePublished": "2023-10-30T16:56:35.108Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T20:04:41.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21361
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:31.082Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21361", "datePublished": "2023-10-30T16:56:38.921Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-08-02T09:36:33.569Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21378
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:57
Severity ?
EPSS score ?
Summary
In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21378", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:56:14.222310Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:57:10.680Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:35.735Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21378", "datePublished": "2023-10-30T17:01:35.735Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T18:57:10.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21328
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:02
Severity ?
EPSS score ?
Summary
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21328", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:01:23.326961Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:02:08.969Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:18.878Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21328", "datePublished": "2023-10-30T16:56:32.558Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:02:08.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21339
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:08
Severity ?
EPSS score ?
Summary
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.202Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21339", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:06:11.255986Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:08:26.452Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:23.025Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21339", "datePublished": "2023-10-30T16:56:34.720Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T20:08:26.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21353
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:37
Severity ?
EPSS score ?
Summary
In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21353", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:35:56.183743Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:37:11.045Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:28.095Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21353", "datePublished": "2023-10-30T16:56:37.386Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:37:11.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21347
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:25.939Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21347", "datePublished": "2023-10-30T16:56:36.248Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-08-02T09:36:33.568Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21376
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:35.326Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21376", "datePublished": "2023-10-30T17:01:35.326Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-08-02T09:36:33.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21372
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-17 13:21
Severity ?
EPSS score ?
Summary
In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21372", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T15:41:28.608527Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T13:21:35.399Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:34.591Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21372", "datePublished": "2023-10-30T17:01:34.591Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-17T13:21:35.399Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21298
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:21
Severity ?
EPSS score ?
Summary
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21298", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:20:15.346385Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:21:14.565Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:08.070Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21298", "datePublished": "2023-10-30T16:56:26.947Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:21:14.565Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21334
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:51
Severity ?
EPSS score ?
Summary
In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.208Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21334", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:50:57.307125Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:51:11.867Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:21.108Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21334", "datePublished": "2023-10-30T16:56:33.779Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:51:11.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21323
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:15
Severity ?
EPSS score ?
Summary
In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21323", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:15:06.795669Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:15:15.720Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:17.057Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21323", "datePublished": "2023-10-30T16:56:31.619Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:15:15.720Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21331
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:58
Severity ?
EPSS score ?
Summary
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21331", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:57:52.851575Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:58:06.508Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:19.998Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21331", "datePublished": "2023-10-30T16:56:33.193Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:58:06.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21384
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 20:11
Severity ?
EPSS score ?
Summary
In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21384", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:09:55.359658Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:11:46.030Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:36.889Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21384", "datePublished": "2023-10-30T17:01:36.889Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T20:11:46.030Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21351
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-16 14:36
Severity ?
EPSS score ?
Summary
In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.275Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "12l" } ] }, { "cpes": [ "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "13.0" } ] }, { "cpes": [ "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "12.0" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21351", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-16T04:01:17.085832Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-16T14:36:07.588Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" } ] } ], "descriptions": [ { "lang": "en", "value": "In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-15T21:56:29.985Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/26522c0e82fd3a9bcbd01409217291d97dcdabcf" }, { "url": "https://source.android.com/security/bulletin/2024-08-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21351", "datePublished": "2023-10-30T16:56:36.993Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-08-16T14:36:07.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21329
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:00
Severity ?
EPSS score ?
Summary
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21329", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:00:02.373464Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:00:11.022Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:19.279Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21329", "datePublished": "2023-10-30T16:56:32.762Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:00:11.022Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21371
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 19:22
Severity ?
EPSS score ?
Summary
In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21371", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:20:55.416685Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:22:09.354Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:34.417Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21371", "datePublished": "2023-10-30T16:59:26.950Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T19:22:09.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21377
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:59
Severity ?
EPSS score ?
Summary
In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21377", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:59:02.076168Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:59:14.204Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:35.538Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21377", "datePublished": "2023-10-30T17:01:35.538Z", "dateReserved": "2022-11-03T22:37:50.665Z", "dateUpdated": "2024-09-06T18:59:14.204Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21294
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:34
Severity ?
EPSS score ?
Summary
In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.008Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21294", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:33:55.588081Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:34:03.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:06.571Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21294", "datePublished": "2023-10-30T16:18:54.572Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:34:03.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21310
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:12.547Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21310", "datePublished": "2023-10-30T16:56:29.294Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-08-02T09:36:32.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21340
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:05
Severity ?
EPSS score ?
Summary
In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.547Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21340", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:05:29.370216Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:05:37.163Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:23.413Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21340", "datePublished": "2023-10-30T16:56:34.912Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T20:05:37.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21391
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:40
Severity ?
EPSS score ?
Summary
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.725Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21391", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:38:50.756831Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:40:26.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:38.064Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21391", "datePublished": "2023-10-30T17:01:38.064Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:40:26.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21304
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:31
Severity ?
EPSS score ?
Summary
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21304", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:30:55.843508Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:31:32.237Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:10.299Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21304", "datePublished": "2023-10-30T16:56:28.113Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:31:32.237Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21300
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:21
Severity ?
EPSS score ?
Summary
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.200Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21300", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:21:39.364924Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:21:46.687Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:08.831Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21300", "datePublished": "2023-10-30T16:56:27.352Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:21:46.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21349
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-12 20:07
Severity ?
EPSS score ?
Summary
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.493Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21349", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T15:50:46.502823Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-12T20:07:58.803Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:26.665Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21349", "datePublished": "2023-10-30T16:56:36.612Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-12T20:07:58.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21393
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:36
Severity ?
EPSS score ?
Summary
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:34.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21393", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:36:03.480698Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:36:39.370Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:38.471Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21393", "datePublished": "2023-10-30T17:01:38.471Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-09-06T18:36:39.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20264
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-10-29 20:47
Severity ?
EPSS score ?
Summary
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:02:31.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-20264", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:34:54.875654Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T20:47:34.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:05.491Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2022-20264", "datePublished": "2023-10-30T16:18:53.844Z", "dateReserved": "2021-10-14T22:41:32.780Z", "dateUpdated": "2024-10-29T20:47:34.493Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21299
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-10-11 18:08
Severity ?
EPSS score ?
Summary
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.928Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21299", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T17:51:54.466387Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T18:08:21.358Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:08.460Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21299", "datePublished": "2023-10-30T16:56:27.133Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-10-11T18:08:21.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21389
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:45
Severity ?
EPSS score ?
Summary
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.739Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21389", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:44:26.042270Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:45:51.800Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:37.682Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21389", "datePublished": "2023-10-30T17:01:37.682Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:45:51.800Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21313
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:07
Severity ?
EPSS score ?
Summary
In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21313", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:06:45.757388Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:07:32.720Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:13.672Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21313", "datePublished": "2023-10-30T16:56:29.849Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:07:32.720Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21324
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:12
Severity ?
EPSS score ?
Summary
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.080Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21324", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:11:42.139681Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:12:42.924Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:17.408Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21324", "datePublished": "2023-10-30T16:56:31.805Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:12:42.924Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21390
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-05 20:07
Severity ?
EPSS score ?
Summary
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.740Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21390", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-05T20:05:56.890859Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-05T20:07:57.605Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:37.870Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21390", "datePublished": "2023-10-30T17:01:37.870Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-05T20:07:57.605Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21338
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:16
Severity ?
EPSS score ?
Summary
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.220Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21338", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:07:24.542782Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:16:24.626Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:22.639Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21338", "datePublished": "2023-10-30T16:56:34.529Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T20:16:24.626Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21314
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:14.063Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21314", "datePublished": "2023-10-30T16:56:30.060Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-08-02T09:36:33.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21366
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-17 13:24
Severity ?
EPSS score ?
Summary
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.587Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21366", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T15:42:20.294199Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T13:24:14.228Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:32.567Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21366", "datePublished": "2023-10-30T16:56:39.728Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-17T13:24:14.228Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21303
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:31
Severity ?
EPSS score ?
Summary
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.178Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21303", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:31:08.669517Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:31:16.322Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:09.940Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21303", "datePublished": "2023-10-30T16:56:27.919Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:31:16.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-27404
Vulnerability from cvelistv5
Published
2022-04-22 00:00
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:25:32.670Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138" }, { "name": "FEDORA-2022-2dd60f1f00", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" }, { "name": "FEDORA-2022-0985b0cb9f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" }, { "name": "FEDORA-2022-7ece4f6d74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" }, { "name": "FEDORA-2022-5e45671294", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" }, { "name": "FEDORA-2022-80e1724780", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" }, { "name": "GLSA-202402-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-03T10:06:23.309904", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138" }, { "name": "FEDORA-2022-2dd60f1f00", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/" }, { "name": "FEDORA-2022-0985b0cb9f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/" }, { "name": "FEDORA-2022-7ece4f6d74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/" }, { "name": "FEDORA-2022-5e45671294", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/" }, { "name": "FEDORA-2022-80e1724780", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/" }, { "name": "GLSA-202402-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202402-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27404", "datePublished": "2022-04-22T00:00:00", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-08-03T05:25:32.670Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21383
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:51
Severity ?
EPSS score ?
Summary
In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.770Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21383", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:50:54.645524Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:51:08.045Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:36.693Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21383", "datePublished": "2023-10-30T17:01:36.693Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T18:51:08.045Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21385
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 20:11
Severity ?
EPSS score ?
Summary
In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.655Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21385", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:09:48.615196Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:11:17.368Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:37.089Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21385", "datePublished": "2023-10-30T17:01:37.089Z", "dateReserved": "2022-11-03T22:37:50.666Z", "dateUpdated": "2024-09-06T20:11:17.368Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21337
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:14
Severity ?
EPSS score ?
Summary
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.517Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21337", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:13:28.935717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:14:25.438Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:22.279Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21337", "datePublished": "2023-10-30T16:56:34.340Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T20:14:25.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21321
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:15
Severity ?
EPSS score ?
Summary
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21321", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:15:49.904061Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:15:58.839Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:16.673Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21321", "datePublished": "2023-10-30T16:56:31.437Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:15:58.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21396
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:34
Severity ?
EPSS score ?
Summary
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:34.495Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21396", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T18:34:11.997059Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T18:34:54.782Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:39.070Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21396", "datePublished": "2023-10-30T17:01:39.070Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-09-06T18:34:54.782Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21357
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:59
Severity ?
EPSS score ?
Summary
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.621Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21357", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:59:18.911446Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:59:31.552Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:29.624Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21357", "datePublished": "2023-10-30T16:56:38.133Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-06T19:59:31.552Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21295
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:33
Severity ?
EPSS score ?
Summary
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21295", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:33:30.656017Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:33:39.239Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:06.926Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21295", "datePublished": "2023-10-30T16:18:54.755Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:33:39.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29824
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:42.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" }, { "name": "FEDORA-2022-9136d646e4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" }, { "name": "FEDORA-2022-be6d83642a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/" }, { "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html" }, { "name": "FEDORA-2022-f624aad735", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/" }, { "name": "DSA-5142", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5142" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" }, { "name": "GLSA-202210-03", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-03" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" }, { "name": "FEDORA-2022-9136d646e4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" }, { "name": "FEDORA-2022-be6d83642a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/" }, { "name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html" }, { "name": "FEDORA-2022-f624aad735", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/" }, { "name": "DSA-5142", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5142" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" }, { "url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220715-0006/" }, { "name": "GLSA-202210-03", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-03" }, { "url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29824", "datePublished": "2022-05-03T00:00:00", "dateReserved": "2022-04-27T00:00:00", "dateUpdated": "2024-08-03T06:33:42.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21343
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:46
Severity ?
EPSS score ?
Summary
In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.593Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21343", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:45:45.701833Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:46:29.190Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:24.493Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21343", "datePublished": "2023-10-30T16:56:35.513Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:46:29.190Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21320
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:16
Severity ?
EPSS score ?
Summary
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21320", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:16:26.319415Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:16:38.879Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:16.281Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21320", "datePublished": "2023-10-30T16:56:31.245Z", "dateReserved": "2022-11-03T22:37:50.660Z", "dateUpdated": "2024-09-06T20:16:38.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21360
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.532Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:30.706Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21360", "datePublished": "2023-10-30T16:56:38.737Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-08-02T09:36:33.532Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21365
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:13
Severity ?
EPSS score ?
Summary
In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.568Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21365", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:10:54.344428Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:13:24.635Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:32.206Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21365", "datePublished": "2023-10-30T16:56:39.539Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-09-06T20:13:24.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21307
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:11.401Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21307", "datePublished": "2023-10-30T16:56:28.709Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-08-02T09:36:32.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21317
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:16
Severity ?
EPSS score ?
Summary
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.195Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21317", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:12:26.458030Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:16:03.763Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:15.181Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21317", "datePublished": "2023-10-30T16:56:30.670Z", "dateReserved": "2022-11-03T22:37:50.659Z", "dateUpdated": "2024-09-06T20:16:03.763Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21344
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:44
Severity ?
EPSS score ?
Summary
In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.586Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21344", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:44:35.794935Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:44:53.616Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:24.861Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21344", "datePublished": "2023-10-30T16:56:35.698Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:44:53.616Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21346
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:41
Severity ?
EPSS score ?
Summary
In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.571Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21346", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:41:01.388175Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:41:14.158Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:25.564Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21346", "datePublished": "2023-10-30T16:56:36.057Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:41:14.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21342
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:05
Severity ?
EPSS score ?
Summary
In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "android", "vendor": "google", "versions": [ { "lessThan": "14.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-21342", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:00:54.743362Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:05:01.311Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:24.136Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21342", "datePublished": "2023-10-30T16:56:35.319Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T20:05:01.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21330
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:58
Severity ?
EPSS score ?
Summary
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21330", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:58:38.259526Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:58:52.460Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:19.644Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21330", "datePublished": "2023-10-30T16:56:32.976Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:58:52.460Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21359
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.578Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:30.356Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21359", "datePublished": "2023-10-30T16:56:38.524Z", "dateReserved": "2022-11-03T22:37:50.663Z", "dateUpdated": "2024-08-02T09:36:33.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21350
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:39
Severity ?
EPSS score ?
Summary
In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.433Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21350", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:38:52.290147Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:39:04.078Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:27.019Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21350", "datePublished": "2023-10-30T16:56:36.800Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:39:04.078Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21395
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
EPSS score ?
Summary
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:34.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:38.879Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21395", "datePublished": "2023-10-30T17:01:38.879Z", "dateReserved": "2022-11-03T22:37:50.667Z", "dateUpdated": "2024-08-02T09:36:34.216Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21308
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:13
Severity ?
EPSS score ?
Summary
In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.145Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21308", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:12:58.635129Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:13:11.940Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:11.782Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21308", "datePublished": "2023-10-30T16:56:28.906Z", "dateReserved": "2022-11-03T22:37:50.657Z", "dateUpdated": "2024-09-06T20:13:11.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21348
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:40
Severity ?
EPSS score ?
Summary
In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21348", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:39:58.382420Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:40:13.222Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:26.315Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21348", "datePublished": "2023-10-30T16:56:36.438Z", "dateReserved": "2022-11-03T22:37:50.662Z", "dateUpdated": "2024-09-06T19:40:13.222Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21301
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:30
Severity ?
EPSS score ?
Summary
In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:32.859Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21301", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T20:30:14.735350Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T20:30:22.107Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:09.199Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21301", "datePublished": "2023-10-30T16:56:27.543Z", "dateReserved": "2022-11-03T22:37:50.656Z", "dateUpdated": "2024-09-06T20:30:22.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40101
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-17 13:20
Severity ?
EPSS score ?
Summary
In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:24:54.931Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40101", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T15:44:54.295370Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T13:20:31.525Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:39.631Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-40101", "datePublished": "2023-10-30T17:01:39.631Z", "dateReserved": "2023-08-09T02:29:30.483Z", "dateUpdated": "2024-09-17T13:20:31.525Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21335
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:48
Severity ?
EPSS score ?
Summary
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:36:33.583Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/docs/security/bulletin/android-14" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21335", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-06T19:48:33.529349Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-06T19:48:47.928Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "14" } ] } ], "descriptions": [ { "lang": "en", "value": "In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-30T17:01:21.525Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/docs/security/bulletin/android-14" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21335", "datePublished": "2023-10-30T16:56:33.967Z", "dateReserved": "2022-11-03T22:37:50.661Z", "dateUpdated": "2024-09-06T19:48:47.928Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.