Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-44122 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 12.0/13.0 The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. | 7.8 |
| 2023-09-27 | CVE-2023-44123 | Unspecified vulnerability in Google Android 12.0/13.0 The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. | 7.8 |
| 2023-09-27 | CVE-2023-44125 | Unspecified vulnerability in Google Android 12.0/13.0 The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. | 7.8 |
| 2023-09-12 | CVE-2023-4863 | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. network low complexity google fedoraproject debian mozilla microsoft webmproject netapp bentley CWE-787 | 8.8 |
| 2023-09-11 | CVE-2023-35658 | Use After Free vulnerability in Google Android In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. | 8.8 |
| 2023-09-11 | CVE-2023-35665 | Missing Authorization vulnerability in Google Android In multiple files, there is a possible way to import a contact from another user due to a missing permission check. | 7.8 |
| 2023-09-11 | CVE-2023-35666 | Use After Free vulnerability in Google Android In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. | 7.8 |
| 2023-09-11 | CVE-2023-35667 | Unspecified vulnerability in Google Android In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. | 7.8 |
| 2023-09-11 | CVE-2023-35669 | Deserialization of Untrusted Data vulnerability in Google Android In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. | 7.8 |
| 2023-09-11 | CVE-2023-35670 | Path Traversal vulnerability in Google Android In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. | 7.8 |