Google Android vulnerabilities
9,646 known vulnerabilities affecting google/android.
Total CVEs
9,646
CISA KEV
48
actively exploited
Public exploits
89
Exploited in wild
44
Severity breakdown
CRITICAL883HIGH5184MEDIUM3317LOW260UNKNOWN2
Vulnerabilities
Page 96 of 483
CVE-2023-21300MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21300 [MEDIUM] CWE-203 CVE-2023-21300: In PackageManager, there is a possible way to determine whether an app is installed, without query p
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21338MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21338 [MEDIUM] CWE-203 CVE-2023-21338: In Input Method, there is a possible way to determine whether an app is installed, without query per
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21295MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21295 [MEDIUM] CVE-2023-21295: In SliceManagerService, there is a possible way to check if a content provider is installed due to a
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21379MEDIUMCVSS 4.4fixed in 14.0v142023-10-30
CVE-2023-21379 [MEDIUM] CWE-125 CVE-2023-21379: In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21321MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21321 [MEDIUM] CWE-862 CVE-2023-21321: In Package Manager, there is a possible cross-user settings disclosure due to a missing permission c
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21293MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21293 [MEDIUM] CWE-203 CVE-2023-21293: In PackageManagerNative, there is a possible way to determine whether an app is installed, without q
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21314MEDIUMCVSS 4.4fixed in 14.0v142023-10-30
CVE-2023-21314 [MEDIUM] CWE-125 CVE-2023-21314: In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21383MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21383 [MEDIUM] CVE-2023-21383: In Settings, there is a possible way for the user to unintentionally send extra data due to an uncle
In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2023-21318MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21318 [MEDIUM] CWE-203 CVE-2023-21318: In Content, there is a possible way to determine whether an app is installed, without query permissi
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21317MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21317 [MEDIUM] CWE-203 CVE-2023-21317: In ContentService, there is a possible way to determine whether an app is installed, without query p
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2022-20264MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2022-20264 [MEDIUM] CWE-203 CVE-2022-20264: In Usage Stats Service, there is a possible way to determine whether an app is installed, without qu
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21367MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21367 [MEDIUM] CVE-2023-21367: In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure i
In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21299MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21299 [MEDIUM] CWE-203 CVE-2023-21299: In Package Manager, there is a possible way to determine whether an app is installed, without query
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21325MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21325 [MEDIUM] CWE-203 CVE-2023-21325: In Settings, there is a possible way to determine whether an app is installed, without query permiss
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21370MEDIUMCVSS 6.7fixed in 14.0v142023-10-30
CVE-2023-21370 [MEDIUM] CWE-190 CVE-2023-21370: In the Security Element API, there is a possible out of bounds write due to an integer overflow. Thi
In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21303MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21303 [MEDIUM] CWE-203 CVE-2023-21303: In Content, here is a possible way to determine whether an app is installed, without query permissio
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21331MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21331 [MEDIUM] CWE-203 CVE-2023-21331: In InputMethod, there is a possible way to determine whether an app is installed, without query perm
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21296MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21296 [MEDIUM] CWE-203 CVE-2023-21296: In Permission, there is a possible way to determine whether an app is installed, without query permi
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
nvd
CVE-2023-21385MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21385 [MEDIUM] CWE-787 CVE-2023-21385: In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to
In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd
CVE-2023-21330MEDIUMCVSS 5.5fixed in 14.0v142023-10-30
CVE-2023-21330 [MEDIUM] CWE-203 CVE-2023-21330: In Overlay Manager, there is a possible way to determine whether an app is installed, without query
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd