Vulnerabilities > Google > Android > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-24 | CVE-2023-20931 | Out-of-bounds Write vulnerability in Google Android In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 |
| 2023-03-24 | CVE-2023-20936 | Out-of-bounds Write vulnerability in Google Android In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. | 7.8 |
| 2023-03-24 | CVE-2023-20947 | Unspecified vulnerability in Google Android 12.0/12.1/13.0 In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. | 7.8 |
| 2023-03-24 | CVE-2023-20953 | Unspecified vulnerability in Google Android 13.0 In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. | 7.8 |
| 2023-03-24 | CVE-2023-20955 | Missing Authorization vulnerability in Google Android In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. | 7.8 |
| 2023-03-24 | CVE-2023-20957 | Unspecified vulnerability in Google Android 11.0/12.0/12.1 In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. | 7.8 |
| 2023-03-24 | CVE-2023-20958 | Out-of-bounds Read vulnerability in Google Android 13.0 In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. | 7.1 |
| 2023-03-24 | CVE-2023-20959 | Missing Authorization vulnerability in Google Android 13.0 In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. | 7.8 |
| 2023-03-24 | CVE-2023-20960 | Improper Input Validation vulnerability in Google Android 12.1/13.0 In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. | 8.8 |
| 2023-03-24 | CVE-2023-20963 | Improper Certificate Validation vulnerability in Google Android In WorkSource, there is a possible parcel mismatch. | 7.8 |