CVE List - 2023 / March
Showing 1601 - 1700 of 2488 CVEs for March 2023 (Page 17 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-42948 | 2023-03-24 | Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the... |
| CVE-2023-1176 | 2023-03-24 | Absolute Path Traversal in mlflow/mlflow |
| CVE-2023-1177 | 2023-03-24 | Path Traversal: '\..\filename' in mlflow/mlflow |
| CVE-2023-1583 | 2023-03-24 | A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is... |
| CVE-2023-20906 | 2023-03-24 | In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation... |
| CVE-2023-20910 | 2023-03-24 | In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges... |
| CVE-2023-20911 | 2023-03-24 | In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20917 | 2023-03-24 | In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2023-20926 | 2023-03-24 | In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical... |
| CVE-2023-20929 | 2023-03-24 | In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no... |
| CVE-2023-20931 | 2023-03-24 | In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20936 | 2023-03-24 | In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20947 | 2023-03-24 | In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no... |
| CVE-2023-20951 | 2023-03-24 | In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2023-20952 | 2023-03-24 | In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-20953 | 2023-03-24 | In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation... |
| CVE-2023-20954 | 2023-03-24 | In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2023-20955 | 2023-03-24 | In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local... |
| CVE-2023-20956 | 2023-03-24 | In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20957 | 2023-03-24 | In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20958 | 2023-03-24 | In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-20959 | 2023-03-24 | In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-20960 | 2023-03-24 | In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2023-20962 | 2023-03-24 | In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no... |
| CVE-2023-20963 | 2023-03-24 | In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:... |
| CVE-2023-20964 | 2023-03-24 | In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no... |
| CVE-2023-20966 | 2023-03-24 | In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20968 | 2023-03-24 | In multiple functions of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-20969 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-20970 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-20971 | 2023-03-24 | In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation... |
| CVE-2023-20972 | 2023-03-24 | In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20973 | 2023-03-24 | In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20974 | 2023-03-24 | In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20975 | 2023-03-24 | In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-20976 | 2023-03-24 | In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of... |
| CVE-2023-20977 | 2023-03-24 | In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with... |
| CVE-2023-20979 | 2023-03-24 | In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-20980 | 2023-03-24 | In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with... |
| CVE-2023-20981 | 2023-03-24 | In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20982 | 2023-03-24 | In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with... |
| CVE-2023-20983 | 2023-03-24 | In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20984 | 2023-03-24 | In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20985 | 2023-03-24 | In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-20986 | 2023-03-24 | In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20987 | 2023-03-24 | In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution... |
| CVE-2023-20988 | 2023-03-24 | In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with... |
| CVE-2023-20989 | 2023-03-24 | In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20990 | 2023-03-24 | In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-20991 | 2023-03-24 | In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-20992 | 2023-03-24 | In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with... |
| CVE-2023-20993 | 2023-03-24 | In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-20994 | 2023-03-24 | In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-20995 | 2023-03-24 | In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2023-20996 | 2023-03-24 | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution... |
| CVE-2023-20997 | 2023-03-24 | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution... |
| CVE-2023-20998 | 2023-03-24 | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution... |
| CVE-2023-20999 | 2023-03-24 | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution... |
| CVE-2023-21000 | 2023-03-24 | In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2023-21001 | 2023-03-24 | In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local... |
| CVE-2023-21002 | 2023-03-24 | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21003 | 2023-03-24 | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21004 | 2023-03-24 | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21005 | 2023-03-24 | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21006 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21007 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21008 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21009 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21010 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21011 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21012 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21013 | 2023-03-24 | In forceStaDisconnection of hostapd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-21014 | 2023-03-24 | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges... |
| CVE-2023-21015 | 2023-03-24 | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2023-21016 | 2023-03-24 | In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial... |
| CVE-2023-21017 | 2023-03-24 | In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with... |
| CVE-2023-21018 | 2023-03-24 | In UnwindingWorker of unwinding.cc, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-21019 | 2023-03-24 | In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-21020 | 2023-03-24 | In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-21021 | 2023-03-24 | In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local... |
| CVE-2023-21022 | 2023-03-24 | In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-21024 | 2023-03-24 | In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2023-21025 | 2023-03-24 | In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-21026 | 2023-03-24 | In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to... |
| CVE-2023-21027 | 2023-03-24 | In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution... |
| CVE-2023-21028 | 2023-03-24 | In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution... |
| CVE-2023-21029 | 2023-03-24 | In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed... |
| CVE-2023-21030 | 2023-03-24 | In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with... |
| CVE-2023-21031 | 2023-03-24 | In setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2023-21032 | 2023-03-24 | In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-21033 | 2023-03-24 | In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution... |
| CVE-2023-21034 | 2023-03-24 | In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution... |
| CVE-2023-21035 | 2023-03-24 | In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions... |
| CVE-2023-21036 | 2023-03-24 | In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A |
| CVE-2023-21038 | 2023-03-24 | In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-21039 | 2023-03-24 | In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2023-21040 | 2023-03-24 | In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no... |
| CVE-2023-21041 | 2023-03-24 | In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2023-21042 | 2023-03-24 | In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-21043 | 2023-03-24 | In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges... |