search

uthrasri / frameworks_base_AOSP10_r33_CVE-2023-21097

Other
0 stars 0 forks source link

baseandroid-10.0.0_r34: 222 vulnerabilities (highest severity is: 9.8) #6

Open mend-bolt-for-github[bot] opened 11 months ago

mend-bolt-for-github[bot] commented 11 months ago
Vulnerable Library - baseandroid-10.0.0_r34

Android framework classes and services

Library home page: https://android.googlesource.com/platform/frameworks/base

Vulnerable Source Files (2)

/core/java/android/app/Notification.java /services/core/java/com/android/server/notification/NotificationManagerService.java

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (baseandroid version) Remediation Possible**
CVE-2023-20918 Critical 9.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r61
CVE-2021-0433 High 8.0 baseandroid-10.0.0_r34 Direct android-11.0.0_r34
CVE-2024-23708 High 7.8 baseandroid-10.0.0_r34 Direct 0c095c365ede36257e829769194f9596a598e560
CVE-2023-45777 High 7.8 baseandroid-10.0.0_r34 Direct android-14.0.0_r16
CVE-2023-40140 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40117 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40095 High 7.8 baseandroid-10.0.0_r34 Direct android-14.0.0_r16
CVE-2023-21351 High 7.8 baseandroid-10.0.0_r34 Direct 26522c0e82fd3a9bcbd01409217291d97dcdabcf
CVE-2023-21286 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21281 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21272 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r1
CVE-2023-21269 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21266 High 7.8 detected in multiple dependencies Direct android-13.0.0_r58
CVE-2023-21145 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r58
CVE-2023-21117 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r49
CVE-2023-21110 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r49
CVE-2023-21109 High 7.8 detected in multiple dependencies Direct android-13.0.0_r49
CVE-2023-21099 High 7.8 detected in multiple dependencies Direct android-13.0.0_r38
CVE-2023-21098 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r38
CVE-2023-21089 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r38
CVE-2023-21081 High 7.8 detected in multiple dependencies Direct android-13.0.0_r38
CVE-2023-21017 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r32
CVE-2023-20993 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-20964 High 7.8 detected in multiple dependencies Direct android-13.0.0_r32
CVE-2023-20963 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r32
CVE-2023-20950 High 7.8 detected in multiple dependencies Direct android-13.0.0_r1
CVE-2023-20944 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-20943 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-20920 High 7.8 detected in multiple dependencies Direct android-13.0.0_r19
CVE-2023-20919 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r19
CVE-2023-20917 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r32
CVE-2023-20916 High 7.8 detected in multiple dependencies Direct android-13.0.0_r1
CVE-2023-20911 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-20906 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2022-20550 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2022-20495 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2022-20493 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2022-20492 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20491 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20490 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20489 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20488 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20487 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20486 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20485 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20484 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20480 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20479 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20478 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20474 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20470 High 7.8 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2022-20456 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20452 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20441 High 7.8 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20419 High 7.8 detected in multiple dependencies Direct android-13.0.0_r7
CVE-2022-20356 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2022-20354 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2022-20142 High 7.8 baseandroid-10.0.0_r34 Direct android-12.1.0_r7
CVE-2022-20138 High 7.8 detected in multiple dependencies Direct android-12.1.0_r7
CVE-2022-20135 High 7.8 baseandroid-10.0.0_r34 Direct android-12.1.0_r7
CVE-2022-20124 High 7.8 baseandroid-10.0.0_r34 Direct android-12.1.0_r7
CVE-2022-20005 High 7.8 detected in multiple dependencies Direct android-12.1.0_r5
CVE-2022-20004 High 7.8 baseandroid-10.0.0_r34 Direct android-12.1.0_r5
CVE-2021-39704 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2021-39696 High 7.8 baseandroid-10.0.0_r34 Direct android-12.1.0_r1
CVE-2021-39630 High 7.8 baseandroid-10.0.0_r34 Direct android-12.0.0_r26
CVE-2021-39619 High 7.8 detected in multiple dependencies Direct N/A
CVE-2021-0970 High 7.8 baseandroid-10.0.0_r34 Direct android-12.0.0_r16
CVE-2021-0932 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2021-0928 High 7.8 detected in multiple dependencies Direct N/A
CVE-2021-0927 High 7.8 baseandroid-10.0.0_r34 Direct android-12.0.0_r8
CVE-2021-0799 High 7.8 baseandroid-10.0.0_r34 Direct android-12.0.0_r5
CVE-2021-0708 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2021-0705 High 7.8 detected in multiple dependencies Direct android-11.0.0_r43
CVE-2021-0683 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2021-0645 High 7.8 baseandroid-10.0.0_r34 Direct N/A
CVE-2021-0595 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r39
CVE-2021-0513 High 7.8 detected in multiple dependencies Direct android-11.0.0_r38
CVE-2021-0478 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r38
CVE-2021-0472 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r36
CVE-2021-0442 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r34
CVE-2021-0439 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r34
CVE-2021-0391 High 7.8 detected in multiple dependencies Direct android-11.0.0_r32
CVE-2021-0339 High 7.8 detected in multiple dependencies Direct android-11.0.0_r1
CVE-2021-0337 High 7.8 detected in multiple dependencies Direct android-11.0.0_r19
CVE-2021-0334 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r29
CVE-2021-0327 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r29
CVE-2021-0317 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r26
CVE-2021-0307 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r26
CVE-2021-0306 High 7.8 detected in multiple dependencies Direct android-11.0.0_r26
CVE-2020-27059 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r28
CVE-2020-0439 High 7.8 baseandroid-10.0.0_r34 Direct android-11.0.0_r12
CVE-2020-0417 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r46
CVE-2020-0401 High 7.8 baseandroid-10.0.0_r34 Direct android-8.0.0_r50,android-8.1.0_r80,android-9.0.0_r60,android-10.0.0_r46
CVE-2020-0391 High 7.8 baseandroid-10.0.0_r34 Direct android-9.0.0_r60,android-10.0.0_r46
CVE-2020-0388 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r46
CVE-2020-0257 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r41
CVE-2020-0227 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r37,android-9.0.0_r56,android-8.1.0_r76,android-8.0.0_r48
CVE-2020-0210 High 7.8 detected in multiple dependencies Direct android-10.0.0_r37
CVE-2020-0209 High 7.8 detected in multiple dependencies Direct android-10.0.0_r37
CVE-2020-0208 High 7.8 detected in multiple dependencies Direct android-10.0.0_r37
CVE-2020-0203 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0166 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0137 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0115 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r37,android-9.0.0_r56,android-8.1.0_r76,android-8.0.0_r47
CVE-2020-0114 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0099 High 7.8 detected in multiple dependencies Direct android-8.0.0_r49, android-8.1.0_r79, android-9.0.0_r59, android-10.0.0_r44
CVE-2020-0098 High 7.8 detected in multiple dependencies Direct android-10.0.0_r34,android-8.0.0_r46,android-8.1.0_r76,android-9.0.0_r56
CVE-2020-0097 High 7.8 baseandroid-10.0.0_r34 Direct android-10.0.0_r34
CVE-2020-0074 High 7.8 detected in multiple dependencies Direct N/A
CVE-2023-21144 High 7.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r50
CVE-2020-0442 High 7.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r12
CVE-2020-0441 High 7.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r12
CVE-2019-2232 High 7.5 baseandroid-10.0.0_r34 Direct android-8.0.0_r41;android-8.1.0_r71;android-9.0.0_r51;android-10.0.0_r17
CVE-2023-21251 High 7.3 baseandroid-10.0.0_r34 Direct android-13.0.0_r58
CVE-2023-20921 High 7.3 baseandroid-10.0.0_r34 Direct android-13.0.0_r19
CVE-2021-0954 High 7.3 baseandroid-10.0.0_r34 Direct N/A
CVE-2021-0319 High 7.3 baseandroid-10.0.0_r34 Direct android-11.0.0_r26
CVE-2021-0315 High 7.3 baseandroid-10.0.0_r34 Direct android-11.0.0_r26
CVE-2021-0314 High 7.3 baseandroid-10.0.0_r34 Direct android-11.0.0_r26
CVE-2022-20007 High 7.0 baseandroid-10.0.0_r34 Direct android-12.1.0_r5
CVE-2022-20006 High 7.0 detected in multiple dependencies Direct android-12.1.0_r5
CVE-2021-0688 High 7.0 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2023-21244 Medium 6.7 baseandroid-10.0.0_r34 Direct android-13.0.0_r61
CVE-2022-20504 Medium 6.7 detected in multiple dependencies Direct android-13.0.0_r16
CVE-2020-0124 Medium 6.7 detected in multiple dependencies Direct android-10.0.0_r37
CVE-2021-0969 Medium 6.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40139 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40121 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40109 Medium 5.5 baseandroid-10.0.0_r34 Direct android-14.0.0_r12
CVE-2023-40074 Medium 5.5 baseandroid-10.0.0_r34 Direct android-14.0.0_r1
CVE-2023-21292 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21291 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21288 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21285 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21284 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r67
CVE-2023-21280 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r67
CVE-2023-21279 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21277 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21267 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r67
CVE-2023-21253 Medium 5.5 detected in multiple dependencies Direct N/A
CVE-2023-21249 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-21240 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r61
CVE-2023-21239 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r61
CVE-2023-21238 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r61
CVE-2023-21087 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r38
CVE-2023-21026 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r32
CVE-2023-20999 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r32
CVE-2023-20998 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r32
CVE-2023-20997 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r32
CVE-2023-20996 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r32
CVE-2023-20930 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r49
CVE-2023-20922 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2023-20909 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r38
CVE-2023-20908 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r19
CVE-2022-20500 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2022-20494 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20482 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2022-20476 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2022-20457 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20455 Medium 5.5 detected in multiple dependencies Direct N/A
CVE-2022-20448 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r12
CVE-2022-20425 Medium 5.5 baseandroid-10.0.0_r34 Direct android-13.0.0_r7
CVE-2022-20414 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r7
CVE-2022-20143 Medium 5.5 baseandroid-10.0.0_r34 Direct android-12.1.0_r7
CVE-2022-20115 Medium 5.5 baseandroid-10.0.0_r34 Direct android-12.1.0_r5
CVE-2022-20011 Medium 5.5 baseandroid-10.0.0_r34 Direct android-12.1.0_r5
CVE-2021-39670 Medium 5.5 baseandroid-10.0.0_r34 Direct android-12.1.0_r5
CVE-2021-0934 Medium 5.5 detected in multiple dependencies Direct android-13.0.0_r11
CVE-2021-0931 Medium 5.5 baseandroid-10.0.0_r34 Direct android-12.0.0_r8
CVE-2021-0706 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2021-0704 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2021-0686 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2021-0682 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2021-0653 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r46
CVE-2021-0651 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r46
CVE-2021-0644 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r40
CVE-2021-0599 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r38
CVE-2021-0521 Medium 5.5 detected in multiple dependencies Direct android-11.0.0_r38
CVE-2021-0480 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r36
CVE-2021-0309 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r26
CVE-2021-0304 Medium 5.5 baseandroid-10.0.0_r34 Direct Replace or update the following file: GlobalScreenshot.java
CVE-2020-27098 Medium 5.5 detected in multiple dependencies Direct android-11.0.0_r1
CVE-2020-27097 Medium 5.5 detected in multiple dependencies Direct android-11.0.0_r1
CVE-2020-0468 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2020-0467 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2020-0454 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r12
CVE-2020-0443 Medium 5.5 baseandroid-10.0.0_r34 Direct android-11.0.0_r12
CVE-2020-0419 Medium 5.5 detected in multiple dependencies Direct N/A
CVE-2020-0415 Medium 5.5 baseandroid-10.0.0_r34 Direct N/A
CVE-2020-0389 Medium 5.5 baseandroid-10.0.0_r34 Direct android-10.0.0_r46
CVE-2020-0258 Medium 5.5 baseandroid-10.0.0_r34 Direct android-10.0.0_r41
CVE-2020-0249 Medium 5.5 baseandroid-10.0.0_r34 Direct android-8.0.0_r49,android-8.1.0_r79,android-9.0.0_r59,android-10.0.0_r41
CVE-2020-0248 Medium 5.5 baseandroid-10.0.0_r34 Direct android-10.0.0_r41
CVE-2020-0247 Medium 5.5 detected in multiple dependencies Direct android-8.0.0_r49,android-8.1.0_r79,android-9.0.0_r59,android-10.0.0_r41
CVE-2020-0239 Medium 5.5 baseandroid-10.0.0_r34 Direct android-9.0.0_r59,android-10.0.0_r41
CVE-2020-0178 Medium 5.5 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0121 Medium 5.5 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0116 Medium 5.5 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2020-0104 Medium 5.5 detected in multiple dependencies Direct android-10.0.0_r34,android-9.0.0_r56
CVE-2020-0119 Medium 5.3 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2022-20394 Medium 5.0 detected in multiple dependencies Direct android-13.0.0_r1
CVE-2021-0687 Medium 5.0 baseandroid-10.0.0_r34 Direct android-11.0.0_r43
CVE-2021-0322 Medium 5.0 detected in multiple dependencies Direct android-11.0.0_r26
CVE-2020-0092 Medium 5.0 detected in multiple dependencies Direct android-10.0.0_r34
CVE-2021-0443 Medium 4.7 baseandroid-10.0.0_r34 Direct android-11.0.0_r34
CVE-2019-2219 Medium 4.7 detected in multiple dependencies Direct android-9.0.0_r51;android-10.0.0_r17
CVE-2022-20497 Medium 4.6 baseandroid-10.0.0_r34 Direct android-13.0.0_r7
CVE-2022-20465 Medium 4.6 detected in multiple dependencies Direct android-13.0.0_r12
CVE-2022-20449 Medium 4.4 baseandroid-10.0.0_r34 Direct android-13.0.0_r16
CVE-2020-0135 Medium 4.4 baseandroid-10.0.0_r34 Direct android-10.0.0_r37
CVE-2022-20226 Low 3.9 detected in multiple dependencies Direct android-12.1.0_r7
CVE-2023-40138 Low 3.3 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40135 Low 3.3 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-40134 Low 3.3 baseandroid-10.0.0_r34 Direct N/A
CVE-2023-21246 Low 3.3 baseandroid-10.0.0_r34 Direct android-13.0.0_r61
CVE-2022-20446 Low 3.3 detected in multiple dependencies Direct N/A
CVE-2022-20358 Low 3.3 baseandroid-10.0.0_r34 Direct N/A
CVE-2022-20338 Low 3.3 baseandroid-10.0.0_r34 Direct android-13.0.0_r1
CVE-2020-0412 Low 3.3 baseandroid-10.0.0_r34 Direct N/A
CVE-2019-9377 Low 3.3 baseandroid-10.0.0_r34 Direct android-10.0.0_r30
CVE-2022-20543 Low 2.3 detected in multiple dependencies Direct android-13.0.0_r16

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

Partial details (2 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.

CVE-2023-20918 ### Vulnerable Library - baseandroid-10.0.0_r34

Android framework classes and services

Library home page: https://android.googlesource.com/platform/frameworks/base

Found in base branch: master

### Vulnerable Source Files (1)

/core/java/android/app/ActivityOptions.java

### Vulnerability Details

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.

Publish Date: 2023-07-12

URL: CVE-2023-20918

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-20918

Release Date: 2023-07-12

Fix Resolution: android-13.0.0_r61

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
CVE-2021-0433 ### Vulnerable Library - baseandroid-10.0.0_r34

Android framework classes and services

Library home page: https://android.googlesource.com/platform/frameworks/base

Found in base branch: master

### Vulnerable Source Files (1)

/packages/CompanionDeviceManager/src/com/android/companiondevicemanager/DeviceChooserActivity.java

### Vulnerability Details

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171221090

Publish Date: 2021-04-13

URL: CVE-2021-0433

### CVSS 3 Score Details (8.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://source.android.com/security/bulletin/2021-04-01

Release Date: 2022-02-13

Fix Resolution: android-11.0.0_r34

Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
mend-bolt-for-github[bot] commented 6 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-bolt-for-github[bot] commented 5 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-bolt-for-github[bot] commented 4 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-bolt-for-github[bot] commented 4 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-bolt-for-github[bot] commented 3 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-bolt-for-github[bot] commented 3 months ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.