Total
7791 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2344 | 1 Google | 1 Android | 2023-11-07 | 10.0 HIGH | N/A |
| Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. | |||||
| CVE-2011-1149 | 1 Google | 1 Android | 2023-11-07 | 7.2 HIGH | N/A |
| Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. | |||||
| CVE-2011-0680 | 1 Google | 1 Android | 2023-11-07 | 5.0 MEDIUM | N/A |
| data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service. | |||||
| CVE-2010-4832 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. | |||||
| CVE-2010-4804 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | |||||
| CVE-2009-3698 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656. | |||||
| CVE-2009-2999 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656. | |||||
| CVE-2009-2348 | 1 Google | 1 Android | 2023-11-07 | 6.9 MEDIUM | N/A |
| Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | |||||
| CVE-2009-1754 | 1 Google | 1 Android | 2023-11-07 | 4.3 MEDIUM | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
| CVE-2023-21398 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40101 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21393 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21396 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21397 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21392 | 1 Google | 1 Android | 2023-11-07 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21391 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.5 HIGH |
| In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21388 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21389 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21390 | 1 Google | 1 Android | 2023-11-07 | N/A | 7.8 HIGH |
| In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21336 | 1 Google | 1 Android | 2023-11-07 | N/A | 5.5 MEDIUM |
| In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||