Google Android vulnerabilities
9,646 known vulnerabilities affecting google/android.
Total CVEs
9,646
CISA KEV
48
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2
Vulnerabilities
Page 125 of 483
CVE-2023-21139HIGHCVSS 7.8v13.0vAndroid-132023-06-15
CVE-2023-21139 [HIGH] CWE-276 CVE-2023-21139: In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271845008
nvdandroid
CVE-2023-21126HIGHCVSS 7.8v13.0vAndroid-132023-06-15
CVE-2023-21126 [HIGH] CWE-276 CVE-2023-21126: In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitr
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-271846393
nvdandroid
CVE-2023-21144HIGHCVSS 7.5v11.0v12.0+3 more2023-06-15
CVE-2023-21144 [HIGH] CWE-770 CVE-2023-21144: In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or servi
In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android
nvdandroid
CVE-2023-21127HIGHCVSS 8.8v11.0v12.0+3 more2023-06-15
CVE-2023-21127 [HIGH] CWE-908 CVE-2023-21127: In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitiali
In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-275418191
nvdandroid
CVE-2023-21105MEDIUMCVSS 5.5v11.0v12.0+3 more2023-06-15
CVE-2023-21105 [MEDIUM] CWE-918 CVE-2023-21105: In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a co
In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-26103656
nvdandroid
CVE-2023-21142MEDIUMCVSS 5.5v11.0v12.0+3 more2023-06-15
CVE-2023-21142 [MEDIUM] CWE-732 CVE-2023-21142: In multiple files, there is a possible way to access traces in the dev mode due to a permissions byp
In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-262243665
nvdandroid
CVE-2023-21136MEDIUMCVSS 5.5v11.0v12.0+3 more2023-06-15
CVE-2023-21136 [MEDIUM] CWE-20 CVE-2023-21136: In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to i
In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246
nvdandroid
CVE-2023-21095MEDIUMCVSS 4.7v12.1v13.0+1 more2023-06-15
CVE-2023-21095 [MEDIUM] CWE-362 CVE-2023-21095: In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen
In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-242704576
nvdandroid
CVE-2023-21137MEDIUMCVSS 5.5v11.0v12.0+3 more2023-06-15
CVE-2023-21137 [MEDIUM] CWE-754 CVE-2023-21137: In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local pers
In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-246541702
nvdandroid
CVE-2023-21143MEDIUMCVSS 5.5v11.0v12.0+3 more2023-06-15
CVE-2023-21143 [MEDIUM] CWE-20 CVE-2023-21143: In multiple functions of multiple files, there is a possible way to make the device unusable due to
In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-268
nvdandroid
CVE-2023-21141MEDIUMCVSS 5.5v11.0v12.0+3 more2023-06-15
CVE-2023-21141 [MEDIUM] CWE-862 CVE-2023-21141: In several functions of several files, there is a possible way to access developer mode traces due t
In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A
nvdandroid
CVE-2022-48390HIGHCVSS 7.8v10.0v11.0+1 more2023-06-06
CVE-2022-48390 [HIGH] CWE-862 CVE-2022-48390: In telephony service, there is a possible missing permission check. This could lead to local escalat
In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
nvdandroid
CVE-2023-30864HIGHCVSS 7.8v10.02023-06-06
CVE-2023-30864 [HIGH] CWE-862 CVE-2023-30864: In Connectivity Service, there is a possible missing permission check. This could lead to local esca
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
nvd
CVE-2022-48392HIGHCVSS 7.8v10.0v11.0+2 more2023-06-06
CVE-2022-48392 [HIGH] CWE-862 CVE-2022-48392: In dialer service, there is a possible missing permission check. This could lead to local escalation
In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
nvdandroid
CVE-2023-30863HIGHCVSS 7.8v10.02023-06-06
CVE-2023-30863 [HIGH] CWE-862 CVE-2023-30863: In Connectivity Service, there is a possible missing permission check. This could lead to local esca
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
nvd
CVE-2023-20731MEDIUMCVSS 4.4v12.0v13.02023-06-06
CVE-2023-20731 [MEDIUM] CWE-125 CVE-2023-20731: In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to lo
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573495; Issue ID: ALPS07573495.
nvd
CVE-2022-48440MEDIUMCVSS 5.5v10.0v11.0+2 more2023-06-06
CVE-2022-48440 [MEDIUM] CWE-862 CVE-2022-48440: In dialer service, there is a possible missing permission check. This could lead to local denial of
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
nvd
CVE-2023-20740MEDIUMCVSS 6.7v12.02023-06-06
CVE-2023-20740 [MEDIUM] CWE-787 CVE-2023-20740: In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalat
In vcu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559819; Issue ID: ALPS07559840.
nvd
CVE-2022-48448MEDIUMCVSS 5.5v10.0v11.0+1 more2023-06-06
CVE-2022-48448 [MEDIUM] CWE-862 CVE-2022-48448: In telephony service, there is a possible missing permission check. This could lead to local denial
In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
nvd
CVE-2023-20725MEDIUMCVSS 6.7v12.0v13.02023-06-06
CVE-2023-20725 [MEDIUM] CWE-787 CVE-2023-20725: In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6
nvd