CVE-2023-29752

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component...

CVE-2023-20909

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 CVSS score: 7.8 - Android Framework Privilege Escalation...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20963 Android Framework Privilege Escalation Vulnerability CVE-2023-29492 Novi Survey Insecure Deserialization Vulnerability These types of vulnerabilities are...

CVE-2023-20963

In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519...

CVE-2023-20985

In BTAGATTSHandleValueIndication of btagattsapi.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-20915

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...

CVE-2022-20539

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2022-24480

Outlook for Android Elevation of Privilege Vulnerability...

CVE-2022-20487

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-20442

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

CVE-2022-20412

In fdtnexttag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

CVE-2022-20148

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

Google Android 权限许可和访问控制问题漏洞

Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a possible privilege bypass in sendSiAccountRegistry.java. sendSiAccountRemovedNotification. An attacker could exploit this vulnerabili...

Google Android 安全漏洞

An elevation of privilege vulnerability exists in Google Android, a Linux-based open source operating system from Google, Inc. The vulnerability originates in adjustStreamVolume in AudioService.java, where an unprivileged application could potentially change the audio stream volume due to an...

The vulnerability of the Titan M security module in Android operating systems allows attackers to increase their privileges.

The vulnerability of the Titan M security module in Android operating systems relates to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to increase their privileges...

3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero , FileCrypt , andcallCam tha...

CVE-2019-2207

In nfahcihandleadmingatersp of nfahciact.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

CVE-2019-2014

In rwt3thandlegetscpollrsp of rwt3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

CVE-2018-9585

In nfcncifprocgetrouting of nfcncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User...