Page 106 of 1269 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d https://source.android.com/security/bulletin/2023-08-01 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/ca4c9a19635119d95900793e7a41b820cd1d94d9 https://source.android.com/security/bulletin/2023-08-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/7a5e51c918b7097be3c7e669e1825a4d159c4185 https://source.android.com/security/bulletin/2023-08-01 •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/frameworks/base/+/726247f4f53e8cc0746175265652fa415a123c0c https://source.android.com/security/bulletin/2023-08-01 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://android.googlesource.com/platform/external/freetype/+/a79e80a25874dacaa266906a9048f13d4bac41c6 https://source.android.com/security/bulletin/2023-08-01 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •