Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2778
Vulnerability from csaf_certbund
Published
2023-10-30 23:00
Modified
2023-10-30 23:00
Summary
Google Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen und seine Privilegien zu erhöhen.
Betroffene Betriebssysteme
- Android
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Google Android ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen und seine Privilegien zu erh\u00f6hen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Android",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2778 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2778.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2778 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2778"
},
{
"category": "external",
"summary": "https://source.android.com/docs/security/bulletin/android-14 vom 2023-10-30",
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"source_lang": "en-US",
"title": "Google Android: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-30T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:00:47.528+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2778",
"initial_release_date": "2023-10-30T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-10-30T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Google Android \u003c 14",
"product": {
"name": "Google Android \u003c 14",
"product_id": "T030833",
"product_identification_helper": {
"cpe": "cpe:/o:google:android:14"
}
}
}
],
"category": "vendor",
"name": "Google"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45780",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-45780"
},
{
"cve": "CVE-2023-40101",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-40101"
},
{
"cve": "CVE-2023-21398",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21398"
},
{
"cve": "CVE-2023-21397",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21397"
},
{
"cve": "CVE-2023-21396",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21396"
},
{
"cve": "CVE-2023-21395",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21395"
},
{
"cve": "CVE-2023-21394",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21394"
},
{
"cve": "CVE-2023-21393",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21393"
},
{
"cve": "CVE-2023-21392",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21392"
},
{
"cve": "CVE-2023-21391",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21391"
},
{
"cve": "CVE-2023-21390",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21390"
},
{
"cve": "CVE-2023-21389",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21389"
},
{
"cve": "CVE-2023-21388",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21388"
},
{
"cve": "CVE-2023-21387",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21387"
},
{
"cve": "CVE-2023-21386",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21386"
},
{
"cve": "CVE-2023-21385",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21385"
},
{
"cve": "CVE-2023-21384",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21384"
},
{
"cve": "CVE-2023-21383",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21383"
},
{
"cve": "CVE-2023-21382",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21382"
},
{
"cve": "CVE-2023-21381",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21381"
},
{
"cve": "CVE-2023-21380",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21380"
},
{
"cve": "CVE-2023-21379",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21379"
},
{
"cve": "CVE-2023-21378",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21378"
},
{
"cve": "CVE-2023-21377",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21377"
},
{
"cve": "CVE-2023-21376",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21376"
},
{
"cve": "CVE-2023-21375",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21375"
},
{
"cve": "CVE-2023-21374",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21374"
},
{
"cve": "CVE-2023-21373",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21373"
},
{
"cve": "CVE-2023-21372",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21372"
},
{
"cve": "CVE-2023-21371",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21371"
},
{
"cve": "CVE-2023-21370",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21370"
},
{
"cve": "CVE-2023-21369",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21369"
},
{
"cve": "CVE-2023-21368",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21368"
},
{
"cve": "CVE-2023-21367",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21367"
},
{
"cve": "CVE-2023-21366",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21366"
},
{
"cve": "CVE-2023-21365",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21365"
},
{
"cve": "CVE-2023-21364",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21364"
},
{
"cve": "CVE-2023-21362",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21362"
},
{
"cve": "CVE-2023-21361",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21361"
},
{
"cve": "CVE-2023-21360",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21360"
},
{
"cve": "CVE-2023-21359",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21359"
},
{
"cve": "CVE-2023-21358",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21358"
},
{
"cve": "CVE-2023-21357",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21357"
},
{
"cve": "CVE-2023-21356",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21356"
},
{
"cve": "CVE-2023-21355",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21355"
},
{
"cve": "CVE-2023-21354",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21354"
},
{
"cve": "CVE-2023-21353",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21353"
},
{
"cve": "CVE-2023-21352",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21352"
},
{
"cve": "CVE-2023-21351",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21351"
},
{
"cve": "CVE-2023-21350",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21350"
},
{
"cve": "CVE-2023-21349",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21349"
},
{
"cve": "CVE-2023-21348",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21348"
},
{
"cve": "CVE-2023-21347",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21347"
},
{
"cve": "CVE-2023-21346",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21346"
},
{
"cve": "CVE-2023-21345",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21345"
},
{
"cve": "CVE-2023-21344",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21344"
},
{
"cve": "CVE-2023-21343",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21343"
},
{
"cve": "CVE-2023-21342",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21342"
},
{
"cve": "CVE-2023-21341",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21341"
},
{
"cve": "CVE-2023-21340",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21340"
},
{
"cve": "CVE-2023-21339",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21339"
},
{
"cve": "CVE-2023-21338",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21338"
},
{
"cve": "CVE-2023-21337",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21337"
},
{
"cve": "CVE-2023-21336",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21336"
},
{
"cve": "CVE-2023-21335",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21335"
},
{
"cve": "CVE-2023-21334",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21334"
},
{
"cve": "CVE-2023-21333",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21333"
},
{
"cve": "CVE-2023-21332",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21332"
},
{
"cve": "CVE-2023-21331",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21331"
},
{
"cve": "CVE-2023-21330",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21330"
},
{
"cve": "CVE-2023-21329",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21329"
},
{
"cve": "CVE-2023-21328",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21328"
},
{
"cve": "CVE-2023-21327",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21327"
},
{
"cve": "CVE-2023-21326",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21326"
},
{
"cve": "CVE-2023-21325",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21325"
},
{
"cve": "CVE-2023-21324",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21324"
},
{
"cve": "CVE-2023-21323",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21323"
},
{
"cve": "CVE-2023-21321",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21321"
},
{
"cve": "CVE-2023-21320",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21320"
},
{
"cve": "CVE-2023-21319",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21319"
},
{
"cve": "CVE-2023-21318",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21318"
},
{
"cve": "CVE-2023-21317",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21317"
},
{
"cve": "CVE-2023-21316",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21316"
},
{
"cve": "CVE-2023-21315",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21315"
},
{
"cve": "CVE-2023-21314",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21314"
},
{
"cve": "CVE-2023-21313",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21313"
},
{
"cve": "CVE-2023-21312",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21312"
},
{
"cve": "CVE-2023-21311",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21311"
},
{
"cve": "CVE-2023-21310",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21310"
},
{
"cve": "CVE-2023-21309",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21309"
},
{
"cve": "CVE-2023-21308",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21308"
},
{
"cve": "CVE-2023-21307",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21307"
},
{
"cve": "CVE-2023-21306",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21306"
},
{
"cve": "CVE-2023-21305",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21305"
},
{
"cve": "CVE-2023-21304",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21304"
},
{
"cve": "CVE-2023-21303",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21303"
},
{
"cve": "CVE-2023-21302",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21302"
},
{
"cve": "CVE-2023-21301",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21301"
},
{
"cve": "CVE-2023-21300",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21300"
},
{
"cve": "CVE-2023-21299",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21299"
},
{
"cve": "CVE-2023-21298",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21298"
},
{
"cve": "CVE-2023-21297",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21297"
},
{
"cve": "CVE-2023-21296",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21296"
},
{
"cve": "CVE-2023-21295",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21295"
},
{
"cve": "CVE-2023-21294",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21294"
},
{
"cve": "CVE-2023-21293",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2023-21293"
},
{
"cve": "CVE-2022-29824",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-27404",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2022-27404"
},
{
"cve": "CVE-2022-20531",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2022-20531"
},
{
"cve": "CVE-2022-20264",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2022-20264"
},
{
"cve": "CVE-2021-39810",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in Google Android. Diese Fehler bestehen in der Android-Laufzeit, dem Framework, dem Media Framework und den Systemkomponenten. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und seine Privilegien zu erweitern. Einige der Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden."
}
],
"release_date": "2023-10-30T23:00:00.000+00:00",
"title": "CVE-2021-39810"
}
]
}
CVE-2023-21368 (GCVE-0-2023-21368)
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:18.651260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:12:34.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:33.327Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21368",
"datePublished": "2023-10-30T16:59:26.371Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-06T20:12:34.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21331 (GCVE-0-2023-21331)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:57:52.851575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:58:06.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:19.998Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21331",
"datePublished": "2023-10-30T16:56:33.193Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:58:06.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21342 (GCVE-0-2023-21342)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:00:54.743362Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:05:01.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:24.136Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21342",
"datePublished": "2023-10-30T16:56:35.319Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:05:01.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21305 (GCVE-0-2023-21305)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:29:58.550053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:30:09.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:10.653Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21305",
"datePublished": "2023-10-30T16:56:28.317Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:30:09.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21354 (GCVE-0-2023-21354)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:27:49.180773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:28:00.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:28.478Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21354",
"datePublished": "2023-10-30T16:56:37.580Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:28:00.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21375 (GCVE-0-2023-21375)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:12:19.549866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:13:15.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:35.124Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21375",
"datePublished": "2023-10-30T17:01:35.124Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T19:13:15.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21387 (GCVE-0-2023-21387)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:49:35.406187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:49:49.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:37.310Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21387",
"datePublished": "2023-10-30T17:01:37.310Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:49:49.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21369 (GCVE-0-2023-21369)
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:07.343345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:12:05.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:33.696Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21369",
"datePublished": "2023-10-30T16:59:26.560Z",
"dateReserved": "2022-11-03T22:37:50.664Z",
"dateUpdated": "2024-09-06T20:12:05.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21359 (GCVE-0-2023-21359)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:30.356Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21359",
"datePublished": "2023-10-30T16:56:38.524Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-08-02T09:36:33.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21367 (GCVE-0-2023-21367)
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21367",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:38.384827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:12:53.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:32.929Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21367",
"datePublished": "2023-10-30T16:59:26.099Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-06T20:12:53.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21346 (GCVE-0-2023-21346)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:41:01.388175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:41:14.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:25.564Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21346",
"datePublished": "2023-10-30T16:56:36.057Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:41:14.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21374 (GCVE-0-2023-21374)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 19:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21374",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:15:12.953945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:17:12.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:34.944Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21374",
"datePublished": "2023-10-30T17:01:34.944Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T19:17:12.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21366 (GCVE-0-2023-21366)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-17 13:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T15:42:20.294199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:24:14.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:32.567Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21366",
"datePublished": "2023-10-30T16:56:39.728Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-17T13:24:14.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21319 (GCVE-0-2023-21319)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:16:59.627411Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:17:08.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:15.896Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21319",
"datePublished": "2023-10-30T16:56:31.063Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:17:08.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21329 (GCVE-0-2023-21329)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:00:02.373464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:00:11.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:19.279Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21329",
"datePublished": "2023-10-30T16:56:32.762Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:00:11.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21361 (GCVE-0-2023-21361)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:31.082Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21361",
"datePublished": "2023-10-30T16:56:38.921Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-08-02T09:36:33.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20531 (GCVE-0-2022-20531)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-12-03 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:17:52.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-19T20:34:33.603734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:36:32.654Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telecom, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:05.843Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2022-20531",
"datePublished": "2023-10-30T16:18:54.199Z",
"dateReserved": "2021-10-14T00:00:00",
"dateUpdated": "2024-12-03T14:36:32.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21310 (GCVE-0-2023-21310)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:12.547Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21310",
"datePublished": "2023-10-30T16:56:29.294Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-08-02T09:36:32.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21350 (GCVE-0-2023-21350)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:38:52.290147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:39:04.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:27.019Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21350",
"datePublished": "2023-10-30T16:56:36.800Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:39:04.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21348 (GCVE-0-2023-21348)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21348",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:39:58.382420Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:40:13.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:26.315Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21348",
"datePublished": "2023-10-30T16:56:36.438Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:40:13.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21376 (GCVE-0-2023-21376)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2025-03-06 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:54:27.269604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T16:01:03.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:35.326Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21376",
"datePublished": "2023-10-30T17:01:35.326Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2025-03-06T16:01:03.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21318 (GCVE-0-2023-21318)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21318",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:17:29.597495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:17:37.838Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:15.534Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21318",
"datePublished": "2023-10-30T16:56:30.858Z",
"dateReserved": "2022-11-03T22:37:50.659Z",
"dateUpdated": "2024-09-06T20:17:37.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21328 (GCVE-0-2023-21328)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:01:23.326961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:02:08.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:18.878Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21328",
"datePublished": "2023-10-30T16:56:32.558Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:02:08.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21312 (GCVE-0-2023-21312)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:08:23.811137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:08:34.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:13.312Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21312",
"datePublished": "2023-10-30T16:56:29.671Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:08:34.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21343 (GCVE-0-2023-21343)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:45:45.701833Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:46:29.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:24.493Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21343",
"datePublished": "2023-10-30T16:56:35.513Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:46:29.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21381 (GCVE-0-2023-21381)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:54:58.043944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:55:22.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:36.310Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21381",
"datePublished": "2023-10-30T17:01:36.310Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:55:22.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21392 (GCVE-0-2023-21392)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:38.267Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21392",
"datePublished": "2023-10-30T17:01:38.267Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-08-02T09:36:34.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21378 (GCVE-0-2023-21378)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:56:14.222310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:57:10.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:35.735Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21378",
"datePublished": "2023-10-30T17:01:35.735Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T18:57:10.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40101 (GCVE-0-2023-40101)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-17 13:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:54.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40101",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T15:44:54.295370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:20:31.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:39.631Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-40101",
"datePublished": "2023-10-30T17:01:39.631Z",
"dateReserved": "2023-08-09T02:29:30.483Z",
"dateUpdated": "2024-09-17T13:20:31.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21352 (GCVE-0-2023-21352)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:37:57.666835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:38:10.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:27.737Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21352",
"datePublished": "2023-10-30T16:56:37.186Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:38:10.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21300 (GCVE-0-2023-21300)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:21:39.364924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:21:46.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:08.831Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21300",
"datePublished": "2023-10-30T16:56:27.352Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:21:46.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21356 (GCVE-0-2023-21356)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution
Summary
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:29.226Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21356",
"datePublished": "2023-10-30T16:56:37.946Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-08-02T09:36:33.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21397 (GCVE-0-2023-21397)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:31:49.770846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:33:01.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:39.250Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21397",
"datePublished": "2023-10-30T17:01:39.250Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-09-06T18:33:01.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21307 (GCVE-0-2023-21307)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:11.401Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21307",
"datePublished": "2023-10-30T16:56:28.709Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-08-02T09:36:32.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21293 (GCVE-0-2023-21293)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:34:21.399279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:34:29.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:06.198Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21293",
"datePublished": "2023-10-30T16:18:54.387Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:34:29.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39810 (GCVE-0-2021-39810)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:20:33.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-39810",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:35:19.699902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:36:48.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:05.113Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2021-39810",
"datePublished": "2023-10-30T16:18:53.654Z",
"dateReserved": "2021-08-23T19:27:46.249Z",
"dateUpdated": "2024-09-06T20:36:48.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21353 (GCVE-0-2023-21353)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21353",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:35:56.183743Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:37:11.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:28.095Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21353",
"datePublished": "2023-10-30T16:56:37.386Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:37:11.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21309 (GCVE-0-2023-21309)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:11:22.429441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:11:37.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:12.141Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21309",
"datePublished": "2023-10-30T16:56:29.094Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:11:37.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21380 (GCVE-0-2023-21380)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:36.112Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21380",
"datePublished": "2023-10-30T17:01:36.112Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-08-02T09:36:33.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21370 (GCVE-0-2023-21370)
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:24:41.498832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:25:11.541Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:34.054Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21370",
"datePublished": "2023-10-30T16:59:26.758Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T19:25:11.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21391 (GCVE-0-2023-21391)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:38:50.756831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:40:26.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:38.064Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21391",
"datePublished": "2023-10-30T17:01:38.064Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:40:26.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21385 (GCVE-0-2023-21385)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21385",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:09:48.615196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:11:17.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:37.089Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21385",
"datePublished": "2023-10-30T17:01:37.089Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T20:11:17.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21360 (GCVE-0-2023-21360)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:30.706Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21360",
"datePublished": "2023-10-30T16:56:38.737Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-08-02T09:36:33.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21357 (GCVE-0-2023-21357)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:59:18.911446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:59:31.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:29.624Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21357",
"datePublished": "2023-10-30T16:56:38.133Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-06T19:59:31.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21344 (GCVE-0-2023-21344)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:44:35.794935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:44:53.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:24.861Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21344",
"datePublished": "2023-10-30T16:56:35.698Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:44:53.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21323 (GCVE-0-2023-21323)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:15:06.795669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:15:15.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:17.057Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21323",
"datePublished": "2023-10-30T16:56:31.619Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:15:15.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21298 (GCVE-0-2023-21298)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:20:15.346385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:21:14.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:08.070Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21298",
"datePublished": "2023-10-30T16:56:26.947Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:21:14.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27404 (GCVE-0-2022-27404)
Vulnerability from cvelistv5
Published
2022-04-22 00:00
Modified
2024-08-03 05:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:32.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138"
},
{
"name": "FEDORA-2022-2dd60f1f00",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/"
},
{
"name": "FEDORA-2022-0985b0cb9f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/"
},
{
"name": "FEDORA-2022-7ece4f6d74",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/"
},
{
"name": "FEDORA-2022-5e45671294",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/"
},
{
"name": "FEDORA-2022-80e1724780",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/"
},
{
"name": "GLSA-202402-06",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202402-06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T10:06:23.309904",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138"
},
{
"name": "FEDORA-2022-2dd60f1f00",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/"
},
{
"name": "FEDORA-2022-0985b0cb9f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/"
},
{
"name": "FEDORA-2022-7ece4f6d74",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/"
},
{
"name": "FEDORA-2022-5e45671294",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/"
},
{
"name": "FEDORA-2022-80e1724780",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/"
},
{
"name": "GLSA-202402-06",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202402-06"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27404",
"datePublished": "2022-04-22T00:00:00",
"dateReserved": "2022-03-21T00:00:00",
"dateUpdated": "2024-08-03T05:25:32.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21299 (GCVE-0-2023-21299)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-10-11 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:54.466387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:08:21.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:08.460Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21299",
"datePublished": "2023-10-30T16:56:27.133Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-10-11T18:08:21.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21320 (GCVE-0-2023-21320)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:16:26.319415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:16:38.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:16.281Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21320",
"datePublished": "2023-10-30T16:56:31.245Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:16:38.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21306 (GCVE-0-2023-21306)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:28:16.447260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:28:33.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:11.021Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21306",
"datePublished": "2023-10-30T16:56:28.509Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:28:33.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21382 (GCVE-0-2023-21382)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21382",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:52:13.627875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:52:23.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:36.502Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21382",
"datePublished": "2023-10-30T17:01:36.502Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:52:23.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21389 (GCVE-0-2023-21389)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:44:26.042270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:45:51.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:37.682Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21389",
"datePublished": "2023-10-30T17:01:37.682Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:45:51.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21395 (GCVE-0-2023-21395)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:38.879Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21395",
"datePublished": "2023-10-30T17:01:38.879Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-08-02T09:36:34.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21303 (GCVE-0-2023-21303)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21303",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:31:08.669517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:31:16.322Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:09.940Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21303",
"datePublished": "2023-10-30T16:56:27.919Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:31:16.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21336 (GCVE-0-2023-21336)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:47:08.345273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:47:22.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:21.875Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21336",
"datePublished": "2023-10-30T16:56:34.159Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:47:22.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21317 (GCVE-0-2023-21317)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:12:26.458030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:16:03.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:15.181Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21317",
"datePublished": "2023-10-30T16:56:30.670Z",
"dateReserved": "2022-11-03T22:37:50.659Z",
"dateUpdated": "2024-09-06T20:16:03.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21379 (GCVE-0-2023-21379)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:35.923Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21379",
"datePublished": "2023-10-30T17:01:35.923Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-08-02T09:36:33.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21358 (GCVE-0-2023-21358)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2025-04-30 18:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:26:06.473157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T18:02:43.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:29.985Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21358",
"datePublished": "2023-10-30T16:56:38.333Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2025-04-30T18:02:43.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21373 (GCVE-0-2023-21373)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 19:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21373",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:18:05.384466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:18:53.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:34.762Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21373",
"datePublished": "2023-10-30T17:01:34.762Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T19:18:53.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21383 (GCVE-0-2023-21383)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:50:54.645524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:51:08.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:36.693Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21383",
"datePublished": "2023-10-30T17:01:36.693Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:51:08.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21304 (GCVE-0-2023-21304)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.259Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:30:55.843508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:31:32.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:10.299Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21304",
"datePublished": "2023-10-30T16:56:28.113Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:31:32.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21330 (GCVE-0-2023-21330)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:58:38.259526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:58:52.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:19.644Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21330",
"datePublished": "2023-10-30T16:56:32.976Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:58:52.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21351 (GCVE-0-2023-21351)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-16 14:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.275Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:12l:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12l"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "13.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "12.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T04:01:17.085832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T14:36:07.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In multiple locations, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T21:56:29.985Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/26522c0e82fd3a9bcbd01409217291d97dcdabcf"
},
{
"url": "https://source.android.com/security/bulletin/2024-08-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21351",
"datePublished": "2023-10-30T16:56:36.993Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-08-16T14:36:07.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21326 (GCVE-0-2023-21326)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:29.378280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:10:37.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:18.085Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21326",
"datePublished": "2023-10-30T16:56:32.181Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:10:37.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21365 (GCVE-0-2023-21365)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:54.344428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:13:24.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:32.206Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21365",
"datePublished": "2023-10-30T16:56:39.539Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-06T20:13:24.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21341 (GCVE-0-2023-21341)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:03:32.823886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:04:41.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:23.781Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21341",
"datePublished": "2023-10-30T16:56:35.108Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:04:41.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21393 (GCVE-0-2023-21393)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:36:03.480698Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:36:39.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:38.471Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21393",
"datePublished": "2023-10-30T17:01:38.471Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-09-06T18:36:39.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21384 (GCVE-0-2023-21384)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:09:55.359658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:11:46.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:36.889Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21384",
"datePublished": "2023-10-30T17:01:36.889Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T20:11:46.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21295 (GCVE-0-2023-21295)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21295",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:33:30.656017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:33:39.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:06.926Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21295",
"datePublished": "2023-10-30T16:18:54.755Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:33:39.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21340 (GCVE-0-2023-21340)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:05:29.370216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:05:37.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:23.413Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21340",
"datePublished": "2023-10-30T16:56:34.912Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:05:37.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-20264 (GCVE-0-2022-20264)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-10-29 20:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:02:31.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-20264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:34:54.875654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:47:34.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:05.491Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2022-20264",
"datePublished": "2023-10-30T16:18:53.844Z",
"dateReserved": "2021-10-14T22:41:32.780Z",
"dateUpdated": "2024-10-29T20:47:34.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21313 (GCVE-0-2023-21313)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:06:45.757388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:07:32.720Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:13.672Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21313",
"datePublished": "2023-10-30T16:56:29.849Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:07:32.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21333 (GCVE-0-2023-21333)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21333",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:52:27.457982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:54:31.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:20.746Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21333",
"datePublished": "2023-10-30T16:56:33.584Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:54:31.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21388 (GCVE-0-2023-21388)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:47:36.456167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:48:34.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:37.495Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21388",
"datePublished": "2023-10-30T17:01:37.495Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-06T18:48:34.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21338 (GCVE-0-2023-21338)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:07:24.542782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:16:24.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:22.639Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21338",
"datePublished": "2023-10-30T16:56:34.529Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:16:24.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21315 (GCVE-0-2023-21315)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:14.449Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21315",
"datePublished": "2023-10-30T16:56:30.266Z",
"dateReserved": "2022-11-03T22:37:50.658Z",
"dateUpdated": "2024-08-02T09:36:33.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21335 (GCVE-0-2023-21335)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:48:33.529349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:48:47.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:21.525Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21335",
"datePublished": "2023-10-30T16:56:33.967Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:48:47.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21349 (GCVE-0-2023-21349)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-12 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T15:50:46.502823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:07:58.803Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:26.665Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21349",
"datePublished": "2023-10-30T16:56:36.612Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-12T20:07:58.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21377 (GCVE-0-2023-21377)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:59:02.076168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:59:14.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:35.538Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21377",
"datePublished": "2023-10-30T17:01:35.538Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T18:59:14.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21347 (GCVE-0-2023-21347)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:25.939Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21347",
"datePublished": "2023-10-30T16:56:36.248Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-08-02T09:36:33.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21394 (GCVE-0-2023-21394)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/68dca62035c49e14ad26a54f614199cb29a3393f"
},
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2023-12-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "13"
},
{
"status": "affected",
"version": "12L"
},
{
"status": "affected",
"version": "12"
},
{
"status": "affected",
"version": "11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T00:16:41.693Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/services/Telecomm/+/68dca62035c49e14ad26a54f614199cb29a3393f"
},
{
"url": "https://source.android.com/security/bulletin/2023-12-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21394",
"datePublished": "2023-10-30T17:01:38.666Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-08-02T09:36:33.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21345 (GCVE-0-2023-21345)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:42:34.379137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:43:35.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:25.218Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21345",
"datePublished": "2023-10-30T16:56:35.885Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:43:35.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21334 (GCVE-0-2023-21334)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:50:57.307125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:51:11.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:21.108Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21334",
"datePublished": "2023-10-30T16:56:33.779Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:51:11.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21390 (GCVE-0-2023-21390)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-05 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.740Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:05:56.890859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:07:57.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:37.870Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21390",
"datePublished": "2023-10-30T17:01:37.870Z",
"dateReserved": "2022-11-03T22:37:50.666Z",
"dateUpdated": "2024-09-05T20:07:57.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21294 (GCVE-0-2023-21294)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21294",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:33:55.588081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:34:03.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:06.571Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21294",
"datePublished": "2023-10-30T16:18:54.572Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:34:03.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21325 (GCVE-0-2023-21325)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:58.959640Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:11:12.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:17.735Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21325",
"datePublished": "2023-10-30T16:56:31.988Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:11:12.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21362 (GCVE-0-2023-21362)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:19:54.608704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:21:30.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:31.494Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21362",
"datePublished": "2023-10-30T16:56:39.102Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-06T20:21:30.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21372 (GCVE-0-2023-21372)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-17 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21372",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-09T15:41:28.608527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:21:35.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:34.591Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21372",
"datePublished": "2023-10-30T17:01:34.591Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-17T13:21:35.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21327 (GCVE-0-2023-21327)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:02:57.989401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:04:06.289Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:18.503Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21327",
"datePublished": "2023-10-30T16:56:32.367Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:04:06.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45780 (GCVE-0-2023-45780)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:18:06.755503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:03:02.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:39.813Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-45780",
"datePublished": "2023-10-30T17:01:39.813Z",
"dateReserved": "2023-10-12T15:46:50.769Z",
"dateUpdated": "2024-09-06T20:03:02.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21371 (GCVE-0-2023-21371)
Vulnerability from cvelistv5
Published
2023-10-30 16:59
Modified
2024-09-06 19:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:20:55.416685Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:22:09.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:34.417Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21371",
"datePublished": "2023-10-30T16:59:26.950Z",
"dateReserved": "2022-11-03T22:37:50.665Z",
"dateUpdated": "2024-09-06T19:22:09.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29824 (GCVE-0-2022-29824)
Vulnerability from cvelistv5
Published
2022-05-03 00:00
Modified
2024-08-03 06:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"name": "FEDORA-2022-9136d646e4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"name": "FEDORA-2022-be6d83642a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"name": "FEDORA-2022-f624aad735",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"name": "DSA-5142",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags"
},
{
"name": "FEDORA-2022-9136d646e4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/"
},
{
"name": "FEDORA-2022-be6d83642a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/"
},
{
"name": "[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html"
},
{
"name": "FEDORA-2022-f624aad735",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/"
},
{
"name": "DSA-5142",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5142"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab"
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd"
},
{
"url": "http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220715-0006/"
},
{
"name": "GLSA-202210-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-03"
},
{
"url": "http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29824",
"datePublished": "2022-05-03T00:00:00",
"dateReserved": "2022-04-27T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21355 (GCVE-0-2023-21355)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:25:50.744345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:26:12.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:28.850Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21355",
"datePublished": "2023-10-30T16:56:37.756Z",
"dateReserved": "2022-11-03T22:37:50.662Z",
"dateUpdated": "2024-09-06T19:26:12.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21301 (GCVE-0-2023-21301)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:30:14.735350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:30:22.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:09.199Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21301",
"datePublished": "2023-10-30T16:56:27.543Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:30:22.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21339 (GCVE-0-2023-21339)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:06:11.255986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:08:26.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:23.025Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21339",
"datePublished": "2023-10-30T16:56:34.720Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:08:26.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21321 (GCVE-0-2023-21321)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:15:49.904061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:15:58.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:16.673Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21321",
"datePublished": "2023-10-30T16:56:31.437Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:15:58.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21332 (GCVE-0-2023-21332)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T19:55:34.748424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T19:55:47.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:20.363Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21332",
"datePublished": "2023-10-30T16:56:33.400Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T19:55:47.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21398 (GCVE-0-2023-21398)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:29:33.386518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:30:52.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:39.442Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21398",
"datePublished": "2023-10-30T17:01:39.442Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-09-06T18:30:52.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21337 (GCVE-0-2023-21337)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:13:28.935717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:14:25.438Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:22.279Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21337",
"datePublished": "2023-10-30T16:56:34.340Z",
"dateReserved": "2022-11-03T22:37:50.661Z",
"dateUpdated": "2024-09-06T20:14:25.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21314 (GCVE-0-2023-21314)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-08-02 09:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:14.063Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21314",
"datePublished": "2023-10-30T16:56:30.060Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-08-02T09:36:33.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21324 (GCVE-0-2023-21324)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "android",
"vendor": "google",
"versions": [
{
"lessThan": "14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-21324",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:11:42.139681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:12:42.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:17.408Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21324",
"datePublished": "2023-10-30T16:56:31.805Z",
"dateReserved": "2022-11-03T22:37:50.660Z",
"dateUpdated": "2024-09-06T20:12:42.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21316 (GCVE-0-2023-21316)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:18:06.620582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:18:14.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:14.818Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21316",
"datePublished": "2023-10-30T16:56:30.471Z",
"dateReserved": "2022-11-03T22:37:50.659Z",
"dateUpdated": "2024-09-06T20:18:14.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21302 (GCVE-0-2023-21302)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:30:41.935677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:30:50.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:09.577Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21302",
"datePublished": "2023-10-30T16:56:27.736Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:30:50.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21297 (GCVE-0-2023-21297)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:19:51.704703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:19:59.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:07.650Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21297",
"datePublished": "2023-10-30T16:56:26.759Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:19:59.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21311 (GCVE-0-2023-21311)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:09:27.826201Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:09:38.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:12.921Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21311",
"datePublished": "2023-10-30T16:56:29.479Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:09:38.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21364 (GCVE-0-2023-21364)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of service
Summary
In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:10:59.127345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:14:30.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:31.841Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21364",
"datePublished": "2023-10-30T16:56:39.335Z",
"dateReserved": "2022-11-03T22:37:50.663Z",
"dateUpdated": "2024-09-06T20:14:30.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21296 (GCVE-0-2023-21296)
Vulnerability from cvelistv5
Published
2023-10-30 16:18
Modified
2024-09-06 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:32.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:33:07.632271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:33:16.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:07.299Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21296",
"datePublished": "2023-10-30T16:18:54.940Z",
"dateReserved": "2022-11-03T22:37:50.656Z",
"dateUpdated": "2024-09-06T20:33:16.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21308 (GCVE-0-2023-21308)
Vulnerability from cvelistv5
Published
2023-10-30 16:56
Modified
2024-09-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure
Summary
In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:33.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T20:12:58.635129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T20:13:11.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:11.782Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21308",
"datePublished": "2023-10-30T16:56:28.906Z",
"dateReserved": "2022-11-03T22:37:50.657Z",
"dateUpdated": "2024-09-06T20:13:11.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21396 (GCVE-0-2023-21396)
Vulnerability from cvelistv5
Published
2023-10-30 17:01
Modified
2024-09-06 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of privilege
Summary
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21396",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T18:34:11.997059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T18:34:54.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T17:01:39.070Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/android-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2023-21396",
"datePublished": "2023-10-30T17:01:39.070Z",
"dateReserved": "2022-11-03T22:37:50.667Z",
"dateUpdated": "2024-09-06T18:34:54.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…