Total
5657 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21392 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21381 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21361 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
| In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21355 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-21147 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/A | |||||
| CVE-2023-21146 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239867994References: N/A | |||||
| CVE-2023-21120 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673 | |||||
| CVE-2023-21108 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
| In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-239414876 | |||||
| CVE-2023-21101 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.0 HIGH |
| In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255 | |||||
| CVE-2023-20938 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | |||||
| CVE-2023-20893 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | N/A | 8.1 HIGH |
| The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | |||||
| CVE-2023-20849 | 4 Google, Linux, Linuxfoundation and 1 more | 12 Android, Linux Kernel, Yocto and 9 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350. | |||||
| CVE-2023-20835 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Iot Yocto and 6 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570. | |||||
| CVE-2023-20834 | 2 Google, Mediatek | 11 Android, Mt6879, Mt6886 and 8 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514. | |||||
| CVE-2023-20801 | 3 Google, Linuxfoundation, Mediatek | 9 Android, Yocto, Mt6879 and 6 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968. | |||||
| CVE-2023-20788 | 2 Google, Mediatek | 20 Android, Mt6739, Mt6761 and 17 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735. | |||||
| CVE-2023-20787 | 2 Google, Mediatek | 20 Android, Mt6739, Mt6761 and 17 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648734. | |||||
| CVE-2023-20519 | 1 Amd | 4 Genoapi, Genoapi Firmware, Milanpi and 1 more | 2024-11-21 | N/A | 3.3 LOW |
| A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity. | |||||
| CVE-2023-1989 | 3 Debian, Linux, Netapp | 7 Debian Linux, Linux Kernel, H300s and 4 more | 2024-11-21 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | |||||
| CVE-2023-1902 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | N/A | 5.9 MEDIUM |
| The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer. | |||||