Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/10/27 8:22 p.m.173 views

CVE-2023-40138

CVE-2023-40138 affects the FillUi component (FillUi.java) in Android, enabling information disclosure by viewing another user’s images via a confused deputy. The vulnerability can be exploited locally without user interaction, and the impact is local information exposure with no added executable ...

3.3CVSS3.6AI score0.00091EPSS
CVE
CVE
added 2016/06/16 6:0 p.m.172 views

CVE-2016-5300

Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...

7.8CVSS7.7AI score0.06539EPSS
CVE
CVE
added 2019/06/07 7:33 p.m.172 views

CVE-2019-2092

CVE-2019-2092 affects the Android Framework, specifically DevicePolicyManagerService.java’s isSeparateProfileChallengeAllowed, where a missing permission check enables local elevation of privilege. Impact is local EoP with no extra privileges required, no user interaction needed. Affected version...

7.8CVSS7.5AI score0.00153EPSS
CVE
CVE
added 2019/10/11 6:14 p.m.172 views

CVE-2019-2184

CVE-2019-2184 affects Android’s Media framework, specifically PV_DecodePredictedIntraDC in dec_pred_intra_dc.cpp. The issue is an out-of-bounds write caused by a missing bounds check, leading to remote code execution with no special privileges required. Exploitation is described as requiring user...

9.3CVSS8.7AI score0.01345EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.172 views

CVE-2021-39703

CVE-2021-39703 affects Android 12 through a flaw in UsbDeviceManager.updateState that can cause unauthorized file access via a confused deputy, enabling local EoP with no extra execution privileges and no user interaction. Public fix references appear in Android security bulletins; patch levels 2...

7.8CVSS7.6AI score0.00118EPSS
CVE
CVE
added 2022/05/10 7:55 p.m.172 views

CVE-2022-20005

CVE-2022-20005 is an Android elevation-of-privilege issue in PackageInstallerSession.java (validateApkInstallLocked). The vulnerability allows a mismatch between running code and a parsed APK, enabling local privilege escalation with no user interaction required, on Android 10, 11, 12 and 12L. Th...

7.8CVSS7.7AI score0.00215EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.172 views

CVE-2022-20129

The CVE-2022-20129 issue affects Android (Android-10, Android-11, Android-12, Android-12L) in the PhoneAccountRegistrar.java function registerPhoneAccount. Root cause: improper input validation that can prevent a user from selecting a phone account, leading to local Denial of Service without requ...

5.5CVSS5.3AI score0.00098EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.172 views

CVE-2022-20133

The CVE-2022-20133 entry affects Android (Android-10, 11, 12, 12L) in the AdapterService.java function setDiscoverableTimeout. The root cause is a missing permission check that enables bypassing user interaction, allowing local elevation of privilege with User privileges. Exploitation is claimed ...

7.8CVSS7.7AI score0.00144EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.172 views

CVE-2022-20230

CVE-2022-20230 affects Android 10–12 (including 12L). In KeyChain.java, choosePrivateKeyAlias, improper input validation may allow access to the user’s certificate, enabling local information disclosure. Exploitation requires user interaction and does not grant additional execution privileges. Th...

5.5CVSS5.1AI score0.00087EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.172 views

CVE-2022-20566

CVE-2022-20566 affects the Android kernel via a use-after-free in l2cap_core::l2cap_chan_put caused by improper locking, enabling local privilege escalation with no user interaction. Affected component is L2CAP handling in the Android kernel; upstream kernel mention confirms the underlying bug, a...

7.8CVSS7.5AI score0.00165EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.172 views

CVE-2023-21095

CVE-2023-21095 affects Android 12L and Android 13, in the canStartSystemGesture function of RecentsAnimationDeviceState.java. A race condition can cause a partial lockscreen bypass, enabling local privilege escalation without additional privileges or user interaction. Public references across mul...

4.7CVSS4.8AI score0.00064EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.171 views

CVE-2016-3841

CVE-2016-3841 affects the Linux kernel IPv6 stack before 4.3.3. A crafted sendmsg can mishandle options data, allowing local users to gain privileges or cause a denial of service via a use-after-free leading to a system crash. Public documents (e.g., MiracleLinux AXSA-2016-1135:09 and Unity Linux...

7.3CVSS6.7AI score0.00299EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.171 views

CVE-2019-2226

An Android CVE-2019-2226 issue affects Android 8.0–10, where in device_class_to_int in device_class.cc an improper cast can cause an out-of-bounds read in the Bluetooth server, enabling local information disclosure with no user interaction required; patched via the 2019-12 Android security bullet...

5.5CVSS5AI score0.00148EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.171 views

CVE-2021-39667

CVE-2021-39667 is a vulnerability in the Android Media Framework. The issue arises from an out-of-bounds write caused by a heap buffer overflow in ih264d_parse_decode_slice (ih264d_parse_slice.c), enabling potential remote information disclosure. Exploitation requires user interaction. Affected p...

6.5CVSS6.4AI score0.00682EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.171 views

CVE-2021-39675

CVE-2021-39675 affects Android 12, involving a heap buffer overflow in GKI_getbuf (gki_buffer.cc). The root cause is an out-of-bounds write in a heap buffer, which could enable remote escalation of privilege with no user interaction. The impact is elevated privileges with high confidentiality/int...

10CVSS9.2AI score0.05927EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.171 views

CVE-2021-39709

CVE-2021-39709 is an Android 12 elevation-of-privilege issue. The root cause is an unsafe PendingIntent in SipAccountRegistry.java’s sendSipAccountsRemovedNotification, enabling a possible permission bypass. The vulnerability could allow local escalation to a higher privilege where attacker needs...

7.8CVSS7.7AI score0.00125EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.171 views

CVE-2021-39758

Summary of CVE-2021-39758 : In Android 12L, WindowManager could start a foreground activity from the background due to a missing permission check, enabling local elevation of privilege without user interaction. The Android bulletin classifies this issue under Framework/EoP with a moderate severit...

7.8CVSS7.6AI score0.00098EPSS
CVE
CVE
added 2022/07/13 6:21 p.m.171 views

CVE-2022-20218

CVE-2022-20218 affects Android 12/12L, with the PermissionController component vulnerable due to a logic error that can allow obtaining and retaining permissions without user consent. This yields local elevation of privilege and, per sources, requires user interaction to exploit. AOSP/Android Bul...

7.8CVSS7.6AI score0.00113EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.171 views

CVE-2023-21130

CVE-2023-21130 describes a buffer overflow in the Android Bluetooth stack (btm_ble_periodic_adv_sync_lost in btm_ble_gap.cc) that could allow remote code execution without user interaction or additional privileges on Android 13. Multiple sources consistently identify this as a Critical/RCE issue ...

9.8CVSS9.4AI score0.00529EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.171 views

CVE-2024-0050

CVE-2024-0050 involves an out-of-bounds write in the getConfig path of SoftVideoDecoderOMXComponent.cpp. The issue is triggered via missing validation and results in a local, non‑security impact with no additional execution privileges required (no user interaction). Affected detail: the vulnerabi...

7.8CVSS6.7AI score0.00126EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.171 views

CVE-2024-43097

CVE-2024-43097 : The issue is a possible out-of-bounds write in SkRegion.cpp in resizeToAtLeast caused by an integer overflow, which could lead to local privilege escalation with no user interaction required. The vulnerability is referenced across multiple advisories for Mozilla components (Firef...

7.8CVSS7.2AI score0.00258EPSS
CVE
CVE
added 2019/10/11 6:15 p.m.170 views

CVE-2019-2110

CVE-2019-2110 affects Android 9 (Android-9) and is tied to ScreenRotationAnimation.java. The vulnerability arises from a missing permission check in ScreenRotationAnimation, enabling local information disclosure without requiring user interaction. The NVD entry lists a reachable impact of PARTIAL...

5.5CVSS5.1AI score0.00147EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.170 views

CVE-2021-39623

CVE-2021-39623 (Android Media Framework) : An out-of-bounds write in SimpleDecodingSource.cpp (doRead) due to an incorrect bounds check could enable remote escalation of privilege with no user interaction. Affected: Android versions 9–12. Exploit risk is described by the CVE entry (CVSS up to 9.8...

10CVSS9.1AI score0.02041EPSS
CVE
CVE
added 2022/05/10 7:59 p.m.170 views

CVE-2022-20115

The CVE-2022-20115 issue affects Android 12/12L and centers on TelephonyRegistry.java, in broadcastServiceStateChanged, where a missing permission check could disclose base station information without location permission. This enables local information disclosure with no user interaction required...

5.5CVSS5AI score0.00099EPSS
CVE
CVE
added 2022/07/13 6:22 p.m.170 views

CVE-2022-20222

CVE-2022-20222 affects Google Android (Android-12/Android-12L). Root cause: in read_attr_value of gatt_db.cc, a missing bounds check allows an out-of-bounds write. Impact: remote code execution without privileges and no user interaction required; attack vector is over the network. Public referenc...

10CVSS9.3AI score0.00899EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.170 views

CVE-2023-21111

CVE-2023-21111 affects Android 11–13 and is caused by improper input validation in several functions of PhoneAccountRegistrar.java, enabling a local Denial of Service without extra privileges or user interaction. The available sources confirm the affected component and the root cause, and describ...

6.2CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/10/06 6:48 p.m.170 views

CVE-2023-21252

CVE-2023-21252 affects Android’s WifiConfigurationUtil.java, specifically its validatePassword function. The root cause is improper input validation, which can cause the device to boot loop and result in local denial of service without requiring user interaction. The issue is categorized as DoS w...

5.5CVSS5.3AI score0.00106EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.169 views

CVE-2016-3822

CVE-2016-3822 affects jhead/libjhead (exif.c) across Android 4.x before 4.4.4, 5.x before 5.0.2/5.0.x, 5.1.x before 5.1.1, and 6.x before 2016-08-01. The issue is an out-of-bounds access via crafted EXIF data, enabling remote code execution or a denial of service. Public advisories and vendor upd...

7.8CVSS6.7AI score0.01267EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.169 views

CVE-2022-20462

CVE-2022-20462 is an Android local-privilege-escalation flaw located in phNxpNciHal_write_unlocked (phNxpNciHal.cc) caused by a missing bounds check that enables an out-of-bounds write. Affected: Android 10–13 (including 12L/13). Impact: local privilege escalation with high severity (C/H/I/A impa...

7.8CVSS7.7AI score0.00133EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.169 views

CVE-2023-20909

CVE-2023-20909 describes a privilege-escalation flaw in Android’s RunningTasks.java: a missing privilege check could allow local information disclosure without requiring additional execution privileges. Affected: Android 11–13. Exploitation details, affected patches, and remediation are not speci...

5.5CVSS5.4AI score0.00178EPSS
CVE
CVE
added 2023/08/14 8:59 p.m.169 views

CVE-2023-21267

The CVE-2023-21267 issue affects Android’s KeyguardViewMediator.java in the framework, enabling bypass of lockdown mode via screen pinning due to a logic error. This leads to local information disclosure without extra privileges or user interaction. Exploitation can occur on devices with access t...

5.5CVSS5.1AI score0.00117EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.168 views

CVE-2015-1538

CVE-2015-1538 affects libstagefright (Android) via an integer overflow in the SampleTable::setSampleToChunkParams handling of MP4 atoms. The issue occurs in libstagefright before Android 5.1.1 LMY48I and can enable remote code execution through crafted MP4 data. The documented impact is remote co...

10CVSS8.9AI score0.99064EPSS
CVE
CVE
added 2019/10/11 6:15 p.m.168 views

CVE-2019-2186

CVE-2019-2186 is an out-of-bounds write in GetMBheader of combined_decode.cpp that could allow remote code execution in the Android Media framework. Affected Android versions include 7.1.1, 7.1.2, 8.0, 8.1, 9, and 10. The entry is confirmed in multiple sources (NVD/Red Hat/CNVD) and described as ...

9.3CVSS8.7AI score0.01345EPSS
CVE
CVE
added 2020/02/13 2:21 p.m.168 views

CVE-2020-0022

CVE-2020-0022 describes an out-of-bounds write in Android’s Bluetooth stack (packet_fragmenter.cc, reassemble_and_dispatch) that could enable remote code execution over Bluetooth without user interaction, affecting Android 8.0–10. Connected sources contain concrete exploitation analyses and PoCs ...

8.8CVSS8.7AI score0.05379EPSS
CVE
CVE
added 2022/06/15 1:1 p.m.168 views

CVE-2022-20135

CVE-2022-20135 is tied to a parcel format mismatch in GateKeeperResponse.java (writeToParcel), causing local elevation of privilege in Android. Affected versions span Android-10, Android-11, Android-12, and Android-12L, with exploitation described as requiring local access and no user interaction...

7.8CVSS7.6AI score0.00198EPSS
CVE
CVE
added 2022/08/09 8:24 p.m.168 views

CVE-2022-20360

CVE-2022-20360 involves a missing permission check in the Android component SecureNfcPreferenceController.java (method setChecked), allowing local privilege escalation from the guest user without extra execution privileges. Affected products include Android 10, 11, 12, and 12L. The provided docum...

7.8CVSS7.6AI score0.00187EPSS
CVE
CVE
added 2022/08/09 8:25 p.m.168 views

CVE-2022-20361

CVE-2022-20361 describes a vulnerability in Android Bluetooth stack (btif_dm_auth_cmpl_evt in btif_dm.cc) related to Cross-Transport Key Derivation. Root cause is a weakness in the Bluetooth protocol implementation, enabling remote elevation of privilege with no user interaction. Affected product...

9.8CVSS9AI score0.00901EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.168 views

CVE-2024-40669

Technical details are not publicly available in the provided documents. Monitor for updates.

8.4CVSS7.5AI score0.00082EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.168 views

CVE-2024-40672

CVE-2024-40672 affects Android’s ChooserActivity.java, where a missing permission check in onCreate could bypass factory reset protections. This enables local elevation of privilege with no extra execution privileges or user interaction required. Documented impact is a local EoP; exploitation det...

8.4CVSS7.4AI score0.00085EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.168 views

CVE-2024-43767

CVE-2024-43767 affects Skia’s SkBlurMaskFilterImpl.cpp, specifically prepare_to_draw_into_mask, where a bound/size handling flaw can cause a heap overflow. The vulnerability can lead to remote code execution with no additional privileges; exploitation is described as not requiring user interactio...

8.8CVSS8.1AI score0.00375EPSS
CVE
CVE
added 2019/06/07 7:32 p.m.167 views

CVE-2019-2091

CVE-2019-2091 affects the Android Framework, specifically GetPermittedAccessibilityServicesForUser in DevicePolicyManagerService.java. The issue is a permissions bypass due to a missing permission check, enabling local elevation of privilege without requiring extra permissions. Exploitation is de...

7.8CVSS7.5AI score0.00153EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.167 views

CVE-2019-2230

CVE-2019-2230 affects Android 10 (NfcNative code in NativeNfcManager.cpp). The vulnerability arises from a use-after-free in nfcManager_routeAid and nfcManager_unrouteAid, leading to possible memory reuse and remote information disclosure without extra user interaction. Connected sources confirm ...

7.5CVSS7.1AI score0.00804EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.167 views

CVE-2021-39711

The CVE-2021-39711 entry concerns the Linux kernel (Android kernel variant in the initial report) with a vulnerability in bpf_prog_test_run_skb() in test_run.c. The root cause is an out-of-bounds read due to an Incorrect Size Value, which can lead to local information disclosure and potentially p...

4.4CVSS4.9AI score0.00144EPSS
CVE
CVE
added 2022/08/09 8:23 p.m.167 views

CVE-2022-20357

The CVE-2022-20357 issue affects Android 12 (and 12L) and relates to writeToParcel in SurfaceControl.cpp, enabling local information disclosure due to uninitialized data. The impact is local information disclosure with no additional execution privileges needed; user interaction is not required. M...

5.5CVSS5.1AI score0.00095EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.167 views

CVE-2022-20420

CVE-2022-20420 is an Android 13 elevation-of-privilege issue caused by a logic error in AppRestrictionController.java (getBackgroundRestrictionExemptionReason). The weakness could allow bypassing device policy restrictions with local access and no user interaction, granting high impact on confide...

7.8CVSS7.7AI score0.00101EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.167 views

CVE-2022-20472

CVE-2022-20472 : In Android, the out-of-bounds read in LocaleListCache.cpp (toLanguageTag) arises from an incorrect bounds check and can lead to remote code execution with no user interaction. Affected Android versions include 10–13 (Android-10, Android-11, Android-12, Android-12L, Android-13). C...

9.8CVSS9.2AI score0.06649EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.167 views

CVE-2023-20943

CVE-2023-20943 describes an elevation of privilege in Android via a path traversal in clearApplicationUserData within ActivityManagerService. The issue could allow removal of system files and local EoP with low privileges and no user interaction, affecting Android 10–13 (including 12/12L). The vu...

7.8CVSS7.7AI score0.00184EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.167 views

CVE-2023-40125

The CVE-2023-40125 entry concerns Android: a vulnerability in ApnEditor.java that allows a Guest user to change the APN due to a permission bypass, enabling local elevation of privilege with no extra execution privileges or user interaction required. Affected component is the ApnEditor.java logic...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.167 views

CVE-2023-40128

CVE-2023-40128 is an Android elevation-of-privilege weakness caused by an out-of-bounds write (heap buffer overflow) in xmlregexp.c. The vulnerability enables local privilege escalation without extra user interaction. Public details in the provided documents do not specify affected products/versi...

7.8CVSS7.9AI score0.00102EPSS
CVE
CVE
added 2014/03/03 2:0 a.m.166 views

CVE-2013-4710

CVE-2013-4710 affects Android WebView implementations (Android 3.0–4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank and other devices). The issue arises from improper WebView handling of addJavascriptInterface, enabling remote attackers to call arbitrary Java object methods or cause a ...

9.3CVSS7.5AI score0.42623EPSS
Total number of security vulnerabilities8153