Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20800

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-07 Aug, 2023 | 03:21
Updated At-06 Nov, 2024 | 15:15
Rejected At-
Credits

In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:07 Aug, 2023 | 03:21
Updated At:06 Nov, 2024 | 15:15
Rejected At:
▼CVE Numbering Authority (CNA)

In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781
Versions
Affected
  • Android 12.0, 13.0 / IOT-v23.0 (Yocto 4.0)
Problem Types
TypeCWE IDDescription
textN/AElevation of Privilege
Type: text
CWE ID: N/A
Description: Elevation of Privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/August-2023
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/August-2023
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/August-2023
x_transferred
Hyperlink: https://corp.mediatek.com/product-security-bulletin/August-2023
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
MediaTek Inc.mediatek
Product
mt6879
CPEs
  • cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Vendor
MediaTek Inc.mediatek
Product
mt6895
CPEs
  • cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Vendor
MediaTek Inc.mediatek
Product
mt6983
CPEs
  • cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Vendor
MediaTek Inc.mediatek
Product
mt8188
CPEs
  • cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Vendor
MediaTek Inc.mediatek
Product
mt8195
CPEs
  • cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Vendor
MediaTek Inc.mediatek
Product
mt8395
CPEs
  • cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Vendor
MediaTek Inc.mediatek
Product
mt8781
CPEs
  • cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • android_12
  • android_13_iot-v23.0_yocto-4.0
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:07 Aug, 2023 | 04:15
Updated At:06 Nov, 2024 | 16:35

In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CPE Matches
The Linux Foundation
linuxfoundation
>>yocto>>4.0
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>12.0
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
Google LLC
google
>>android>>13.0
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879>>-
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895>>-
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6983>>-
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8188>>-
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8195>>-
cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8395>>-
cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8781>>-
cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-863Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/August-2023security@mediatek.com
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/August-2023
Source: security@mediatek.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2023-20848
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.62%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-21 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6895linux_kernelmt8188androidmt8395mt6983iot_yoctoyoctomt6897mt2713mt8781mt8195MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781mt8781
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20850
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.61%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-01 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.

Action-Not Available
Vendor-MediaTek Inc.Linux Kernel Organization, IncThe Linux FoundationGoogle LLC
Product-mt6895linux_kernelmt8188androidmt8395mt6983iot_yoctoyoctomt6897mt2713mt8781mt8195MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781androidiot_yoctoyoctolinux_kernel
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20840
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 5.62%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-21 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6895linux_kernelmt8188androidmt8395mt6983iot_yoctoyoctomt6897mt8195MT6895, MT6897, MT6983, MT8188, MT8195, MT8395mt8395
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-20849
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.81%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-01 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

Action-Not Available
Vendor-MediaTek Inc.Linux Kernel Organization, IncThe Linux FoundationGoogle LLC
Product-mt6895linux_kernelmt8188androidmt8395mt6983iot_yoctoyoctomt6897mt2713mt8781mt8195MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781androidiot_yoctoyoctolinux_kernel
CWE ID-CWE-416
Use After Free
CVE-2023-20802
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.98%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-07 Nov, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6895mt8188androidmt8395mt6983yoctomt8195mt8781mt6879MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8781mt6879mt6895mt8188mt8395mt6983mt8781mt8195
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20842
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.45%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-21 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6895linux_kernelmt8188androidmt8395mt6983iot_yoctoyoctomt6897mt2713mt8781mt8195MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8781mt8673
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-0032
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 8.57%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 00:08
Updated-26 Aug, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-284
Improper Access Control
CVE-2025-20653
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 0.28%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 02:25
Updated-22 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8390mt6989mt8370mt6835mt6855mt6886androidmt6983mt6879mt6789mt6895mt6781mt6897mt6985mt6878MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6886, MT6895, MT6897, MT6983, MT6985, MT6989, MT8370, MT8390
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-32805
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 0.82%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:28
Updated-01 Oct, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-androidmt8168mt8675MT8168, MT8675mt8168mt8675
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-32840
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-06 Nov, 2023 | 03:50
Updated-05 Sep, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6896mt6855nr17mt6893mt6983wmt2735mt6886mt8791tmt8666mt6878mt6765mt6891nr16mt6883mt6980dmt6853tmt2731mt6739mt8768mt6769mt6761mt6875mt6889mt8781mt6985mt6885mt6877mt6853mt8667mt6985tmt6771tmt8791mt6897lr12amt6731mt6990mt6873mt8765mt8675mt6763mt6983tmt8788mt6769tmt6813mt6835mt6880mt8789mt8797mt6768mt8786mt8766mt6890mt6771mt6833mt8673mt6833pmt6989mt6762nr15mt6980mt6895mt6877tmt8798mt6983zmt6769zmt6767mt6895tmt6879MT2731, MT2735, MT6731, MT6739, MT6761, MT6762, MT6763, MT6765, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6771T, MT6813, MT6833, MT6833P, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6877T, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983T, MT6983W, MT6983Z, MT6985, MT6985T, MT6989, MT6990, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797, MT8798mt6896mt6855mt6893mt6983wmt2735mt6886mt8791tmt8666mt6878mt6765mt6891mt6883mt6980dmt6853tmt2731mt6739mt8768mt6769mt6761mt6875mt6889mt8781mt6985mt6885mt6877mt6853mt8667mt6985tmt6771tmt8791mt6897mt6731mt6990mt6873mt8765mt8675mt6763mt6983tmt8788mt6769tmt6835mt6813mt6880mt8789mt8797mt6768mt8786mt8766mt6890mt6771mt6833mt8673mt6833pmt6989mt6762mt6980mt6895mt6877tmt8798mt6983zmt6769zmt6767mt6895tmt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20841
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 3.61%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 02:27
Updated-21 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMediaTek Inc.The Linux Foundation
Product-mt6895linux_kernelmt8188androidmt8395mt8673mt6983iot_yoctoyoctomt6897mt2713mt8195MT2713, MT6895, MT6897, MT6983, MT8188, MT8195, MT8395, MT8673mt8673
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20553
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-16 Dec, 2022 | 00:00
Updated-18 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2023-20803
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.98%
||
7 Day CHG~0.00%
Published-07 Aug, 2023 | 03:21
Updated-22 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.

Action-Not Available
Vendor-Google LLCMediaTek Inc.The Linux Foundation
Product-mt6895mt8188androidmt8395mt8673mt6983yoctomt8195mt2713mt6879MT2713, MT6879, MT6895, MT6983, MT8188, MT8195, MT8395, MT8673mt6895mt8188androidmt8395mt8673mt6983mt8195yoctomt2713mt6879
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20063
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.01%
||
7 Day CHG-0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8667mt8385androidmt8788mt8766mt8666mt8786mt6765MT6765, MT8385, MT8666, MT8667, MT8766, MT8786, MT8788
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20057
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.54%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:02
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6873mt6893mt6771mt6758mt6833mt6781mt8365mt8167mt6765mt6853mt6883mt6853tmt8168mt6739androidmt6769mt6761mt8362amt6768mt6779mt8163mt6785mt8173MT6739, MT6758, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6883, MT6893, MT8163, MT8167, MT8168, MT8173, MT8362A, MT8365
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2022-20052
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.97%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:38
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt8175mt6873mt6893mt8765mt6580mt8788mt6750mt8666mt8167mt6765mt8183mt6891mt6737mt8735amt6853tmt6739mt8768mt6769mt8321mt6768mt8362amt8786mt8766mt6755mt6890mt8167smt6771mt8385mt6833mt6885mt6735mt6753mt6762mt6877mt6781mt8365mt6853mt8667mt8168androidmt6779mt8163mt6785mt8735bmt6763mt8173MT6580, MT6735, MT6737, MT6739, MT6750, MT6753, MT6755, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6890, MT6891, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8786, MT8788
CWE ID-CWE-416
Use After Free
CVE-2019-9238
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 1.18%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121267042

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39436
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 06:43
Updated-17 Oct, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000t820
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-39437
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 06:43
Updated-17 Oct, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000t820
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-39438
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
ShareView Details
Matching Score-8
Assigner-Unisoc (Shanghai) Technologies Co., Ltd.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 17.81%
||
7 Day CHG~0.00%
Published-09 Oct, 2024 | 06:43
Updated-17 Oct, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed.

Action-Not Available
Vendor-Google LLCUnisoc (Shanghai) Technologies Co., Ltd.
Product-t310t820t616androidt610t770t612t606s8000sc9832et760sc7731esc9863at618SC7731E/SC9832E/SC9863A/T310/T606/T612/T616/T610/T618/T760/T770/T820/S8000t310t820t616t770t610t612t606s8000sc9832et760sc7731esc9863at618
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2018-9374
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.35%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 23:42
Updated-18 Dec, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroidpixel
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-20971
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.60%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21390
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.34%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 17:01
Updated-05 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21225
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.27%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-03 Dec, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-270403821References: N/A

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-9492
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.40%
||
7 Day CHG~0.00%
Published-02 Oct, 2018 | 19:00
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-20950
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.12%
||
7 Day CHG~0.00%
Published-19 Apr, 2023 | 00:00
Updated-05 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-195756028

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21270
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 18:00
Updated-18 Dec, 2024 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndrioidandroid
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21254
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.44%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:32
Updated-05 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-20975
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21116
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 1.49%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-24 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-9488
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 17:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-110107376.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21311
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.00% / 0.15%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 16:56
Updated-06 Sep, 2024 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21245
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.04%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:26
Updated-06 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21034
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.00% / 0.13%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21117
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-8.4||HIGH
EPSS-0.00% / 0.10%
||
7 Day CHG~0.00%
Published-15 May, 2023 | 00:00
Updated-31 Jan, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2011-1123
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.62%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-1979
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-4.9||MEDIUM
EPSS-0.44% / 62.44%
||
7 Day CHG~0.00%
Published-08 May, 2023 | 16:28
Updated-28 Jan, 2025 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Auth bypass in Web Stories for WordPress plugin

The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit  ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68

Action-Not Available
Vendor-Google LLC
Product-web_storiesWeb Stories for WordPress
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-38017
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.32%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 00:05
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLCDebian GNU/Linux
Product-chromedebian_linuxfedoraChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-0133
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.94%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-21082
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.02% / 2.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 14:48
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-21039
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.77%
||
7 Day CHG~0.00%
Published-08 Apr, 2020 | 16:22
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018).

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-0043
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.04% / 8.61%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 21:03
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroidandroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-0017
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.00% / 0.11%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 19:33
Updated-16 Dec, 2024 | 14:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21035
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.01% / 0.22%
||
7 Day CHG~0.00%
Published-24 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21256
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.34%
||
7 Day CHG~0.00%
Published-12 Jul, 2023 | 23:33
Updated-06 Nov, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-32163
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.41%
||
7 Day CHG~0.00%
Published-17 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-modular_open_smart_networkn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-30533
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-6.45% / 90.67%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-18||Apply updates per vendor instructions.

Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

Action-Not Available
Vendor-Google LLCFedora Project
Product-fedorachromeChromeChromium PopupBlocker
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-30537
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-30534
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.98%
||
7 Day CHG~0.00%
Published-07 Jun, 2021 | 19:25
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-30571
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-0.24% / 46.33%
||
7 Day CHG~0.00%
Published-03 Aug, 2021 | 19:40
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-863
Incorrect Authorization
Details not found