CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS7AI score0.00044EPSS

Exploits2References4

NVD•added 2025/02/04 8:15 a.m.•14 views

CVE-2025-20906

Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB...

5.5CVSS0.0006EPSS

Exploits0References1

Vulnrichment•added 2024/01/02 10:25 p.m.•2 views

CVE-2023-48418 User Build misconfiguration resulting in local escalation of privilege

10CVSS8.9AI score0.00044EPSS

Exploits2References2

NVD•added 2023/08/14 10:15 p.m.•14 views

CVE-2023-35689

7.8CVSS7.8AI score0.00013EPSS

Exploits0References1

OSV•added 2023/08/14 10:15 p.m.•0 views

CVE-2023-35689

7.8CVSS5.9AI score

Exploits0References1

Vulnrichment•added 2023/08/14 9:9 p.m.•6 views

CVE-2023-35689

7.1AI score0.00013EPSS

Exploits0References1

Cvelist•added 2023/08/14 9:9 p.m.•13 views

CVE-2023-35689

8AI score0.00013EPSS

Exploits0References1

CNNVD•added 2023/08/14 12:0 a.m.•1 views

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. in the United States, designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from an insecure default value in the checkDebuggingDisallowed...

7.8CVSS6.7AI score0.00013EPSS

Exploits0References2

Cvelist•added 2021/05/03 8:47 p.m.•11 views

CVE-2020-35757

An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface...

9.6AI score0.02196EPSS

Exploits1References1

OSV•added 2019/11/26 4:15 p.m.•1 views

CVE-2019-16241

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. Thi...

6.8CVSS6.6AI score0.00059EPSS

Exploits1References2

OSV•added 2017/03/26 8:59 p.m.•3 views

CVE-2017-5622

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other...

5.9CVSS5.7AI score0.00063EPSS

Exploits1References2

seebug.org•added 2017/03/20 12:0 a.m.•72 views

OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing (CVE-2017-5623)

Summary A physical attacker or one with authorized-ADB access, e.g. PC malware can change the ‘boot mode’ of a locked OnePlus 3/3T device, by rebooting into fastboot and issuing the fastboot oem bootmode rf/wlan/ftm/normal command. The vulnerability may allow the attacker to elevate his privilege...

7.2CVSS6.4AI score0.00049EPSS

Exploits4

NVD•added 2017/01/23 7:59 a.m.•9 views

CVE-2017-5554

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...

9.3CVSS7.8AI score0.0158EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by