βΌ CVE-2023-20984 βΌ
π Read
via "National Vulnerability Database".
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878π Read
via "National Vulnerability Database".
βΌ CVE-2023-21060 βΌ
π Read
via "National Vulnerability Database".
In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21029 βΌ
π Read
via "National Vulnerability Database".
In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898π Read
via "National Vulnerability Database".
βΌ CVE-2023-21008 βΌ
π Read
via "National Vulnerability Database".
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100π Read
via "National Vulnerability Database".
βΌ CVE-2023-28444 βΌ
π Read
via "National Vulnerability Database".
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. This vulnerability has been mitigated in version 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default. As a workaround, manually edit or create ngssc.json or run script after ngssc.json generation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20952 βΌ
π Read
via "National Vulnerability Database".
In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518π Read
via "National Vulnerability Database".
βΌ CVE-2022-40208 βΌ
π Read
via "National Vulnerability Database".
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28448 βΌ
π Read
via "National Vulnerability Database".
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the Γ’β¬ΛVersionize::deserializeΓ’β¬β’ implementation provided by the Γ’β¬ΛversionizeΓ’β¬β’ crate for Γ’β¬Λvmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21062 βΌ
π Read
via "National Vulnerability Database".
In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376770References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21055 βΌ
π Read
via "National Vulnerability Database".
In dit_hal_ioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21051 βΌ
π Read
via "National Vulnerability Database".
In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323322References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43315 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349π Read
via "National Vulnerability Database".
βΌ CVE-2023-21067 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20963 βΌ
π Read
via "National Vulnerability Database".
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519π Read
via "National Vulnerability Database".
βΌ CVE-2023-21014 βΌ
π Read
via "National Vulnerability Database".
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326π Read
via "National Vulnerability Database".
βΌ CVE-2023-21070 βΌ
π Read
via "National Vulnerability Database".
In add_roam_cache_list of wl_roam.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028776References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21065 βΌ
π Read
via "National Vulnerability Database".
In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20975 βΌ
π Read
via "National Vulnerability Database".
In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776π Read
via "National Vulnerability Database".
βΌ CVE-2023-20954 βΌ
π Read
via "National Vulnerability Database".
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261867748π Read
via "National Vulnerability Database".
βΌ CVE-2023-20910 βΌ
π Read
via "National Vulnerability Database".
In addNetworkSuggestions of WifiManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245299920π Read
via "National Vulnerability Database".
βΌ CVE-2023-21021 βΌ
π Read
via "National Vulnerability Database".
In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598π Read
via "National Vulnerability Database".