Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-19 | CVE-2023-21088 | Unspecified vulnerability in Google Android 12.0/12.1/13.0 In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. | 7.8 |
| 2023-04-19 | CVE-2023-21089 | Unspecified vulnerability in Google Android In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. | 7.8 |
| 2023-04-19 | CVE-2023-21092 | Unspecified vulnerability in Google Android In retrieveServiceLocked of ActiveServices.java, there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. | 7.8 |
| 2023-04-19 | CVE-2023-21093 | Path Traversal vulnerability in Google Android In extractRelativePath of FileUtils.java, there is a possible way to access files in a directory belonging to other applications due to a path traversal error. | 7.8 |
| 2023-04-19 | CVE-2023-21094 | Missing Authorization vulnerability in Google Android In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. | 7.8 |
| 2023-04-19 | CVE-2023-21097 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. | 7.8 |
| 2023-04-19 | CVE-2023-21098 | Unspecified vulnerability in Google Android In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. | 7.8 |
| 2023-04-19 | CVE-2023-21099 | Unspecified vulnerability in Google Android In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. | 7.8 |
| 2023-04-19 | CVE-2023-21100 | Out-of-bounds Write vulnerability in Google Android 12.0/12.1/13.0 In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. | 7.8 |
| 2023-04-19 | CVE-2023-2133 | Out-of-bounds Write vulnerability in multiple products Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |