Multiple vulnerabilities in Google Android
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 41 |
| CVE-ID | CVE-2023-21264 CVE-2020-29374 CVE-2022-34830 CVE-2023-20780 CVE-2022-40510 CVE-2023-21626 CVE-2023-22666 CVE-2023-28537 CVE-2023-28555 CVE-2023-21290 CVE-2023-21268 CVE-2023-21275 CVE-2023-21132 CVE-2023-20965 CVE-2023-21273 CVE-2023-21282 CVE-2023-21285 CVE-2023-21280 CVE-2023-21292 CVE-2023-21289 CVE-2023-21288 CVE-2023-21283 CVE-2023-21274 CVE-2023-21279 CVE-2023-21284 CVE-2023-21271 CVE-2023-21242 CVE-2023-21140 CVE-2023-21134 CVE-2023-21133 CVE-2023-21277 CVE-2023-21270 CVE-2023-21287 CVE-2023-21286 CVE-2023-21265 CVE-2023-21276 CVE-2023-21269 CVE-2023-21267 CVE-2023-21278 CVE-2023-21281 CVE-2023-21272 |
| CWE-ID | CWE-119 CWE-362 CWE-416 CWE-20 CWE-457 CWE-320 CWE-190 CWE-126 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Google Android Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 41 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU79075
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21264
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in KVM implementation in the Android kernel. A local application can trigger memory corruption and execute arbitrary code with elevated privileged.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU63812
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-29374
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition in the mm/gup.c and mm/huge_memory.c in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU79076
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-34830
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local application can trigger a use-after-free error and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU79077
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20780
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of Uninitialized Variable
EUVDB-ID: #VU79022
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2022-40510
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio.. A remote attacker can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Key Management Errors
EUVDB-ID: #VU79027
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21626
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in HLOS.. A local application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Integer overflow
EUVDB-ID: #VU79029
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-22666
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Integer overflow
EUVDB-ID: #VU79030
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-28537
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer over-read
EUVDB-ID: #VU79031
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-28555
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Audio. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-05, 12 2023-08-05, 12L 2023-08-05, 13 2023-08-05
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU79074
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21290
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU79073
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21268
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU79069
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21275
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper input validation
EUVDB-ID: #VU79064
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21132
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU79063
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-20965
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU79062
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-21273
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU79061
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-21282
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Media Framework component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Information exposure
EUVDB-ID: #VU79072
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21285
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Improper input validation
EUVDB-ID: #VU79059
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21280
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information exposure
EUVDB-ID: #VU79058
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21292
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Information exposure
EUVDB-ID: #VU79057
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21289
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Information exposure
EUVDB-ID: #VU79056
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21288
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Information exposure
EUVDB-ID: #VU79055
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21283
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information exposure
EUVDB-ID: #VU79071
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21274
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Information exposure
EUVDB-ID: #VU79054
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21279
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper input validation
EUVDB-ID: #VU79060
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21284
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information exposure
EUVDB-ID: #VU79070
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21271
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU79068
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21242
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU79067
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU79066
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21134
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU79065
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21133
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information exposure
EUVDB-ID: #VU79053
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21277
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper input validation
EUVDB-ID: #VU79046
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21270
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper input validation
EUVDB-ID: #VU79044
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-21287
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper input validation
EUVDB-ID: #VU79050
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21286
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information exposure
EUVDB-ID: #VU79043
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21265
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Android Runtime component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Information exposure
EUVDB-ID: #VU79052
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21276
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Improper input validation
EUVDB-ID: #VU79045
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21269
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Information exposure
EUVDB-ID: #VU79051
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21267
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU79048
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21278
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper input validation
EUVDB-ID: #VU79049
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21281
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01, 13 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Improper input validation
EUVDB-ID: #VU79047
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-21272
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsGoogle Android: before 11 2023-08-01, 12 2023-08-01, 12L 2023-08-01
CPE2.3 External linkshttps://source.android.com/docs/security/bulletin/2023-08-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
