Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/11/19 9:4 p.m.52 views

CVE-2018-9410

CVE-2018-9410 describes an out-of-bounds read in the Android Framework via FontUtils.cpp -> analyzeAxes, causing local information disclosure with no extra privileges and no user interaction. The connected Android bulletin lists CVE-2018-9410 under the Framework section with High severity, not...

5.5CVSS5.9AI score0.00076EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.52 views

CVE-2018-9450

CVE-2018-9450 affects Android via a missing bounds check in avrc_proc_vendor_command (avrc_api.cc), causing an out-of-bounds write that could enable remote code execution without user interaction. Affected Android versions: 6.0–6.0.1, 7.0–7.1.2, 8.0–8.1. The root cause is the missing bounds check...

9CVSS7.9AI score0.02739EPSS
CVE
CVE
added 2024/11/19 11:57 p.m.52 views

CVE-2018-9467

CVE-2018-9467 is a vulnerability in the getHost() path of UriTest.java where incorrect web origin determination could cause security decisions to be made incorrectly. It requires no user interaction and does not require privileges; exploitation is described as a network-vector issue with high imp...

9.8CVSS6.7AI score0.00305EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.52 views

CVE-2018-9505

CVE-2018-9505 affects Android Bluetooth code (mca_ccb_hdl_req in mca_cact.cc) causing an out-of-bounds read due to a missing bounds check. The Android bulletin lists this as CVE-2018-9505 (Framework, ID) with High severity and notes affected patch levels, including 2018-10-01 and 2018-10-05 updat...

6.5CVSS6.1AI score0.00571EPSS
CVE
CVE
added 2019/04/19 7:26 p.m.52 views

CVE-2019-2031

CVE-2019-2031 affects Android if-present in rw_t3t_act_handle_check_ndef_rsp inside rw_t3t.cc. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with no additional execution privileges or user interaction required. Affected versions inclu...

7.8CVSS7.7AI score0.00175EPSS
CVE
CVE
added 2019/05/08 4:32 p.m.52 views

CVE-2019-2053

CVE-2019-2053 affects Android, specifically the wnm_parse_neighbor_report_elem routine in wnm_sta.c, where a missing bounds check can cause an out-of-bounds read and local information disclosure without user interaction. Affected Android versions include 7.0–9. The vulnerability is documented acr...

5.5CVSS5AI score0.00171EPSS
CVE
CVE
added 2020/03/24 6:28 p.m.52 views

CVE-2019-20562

Summary: CVE-2019-20562 affects Samsung mobile devices running P(9.0) with TEEGRIS. The issue is a buffer overflow in the BIOSUB Trustlet. The description in connected sources consistently mirrors this, with no publicly disclosed exploitation details in the provided documents. The CVSS data (NVD)...

9.8CVSS9.7AI score0.00446EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-2061

CVE-2019-2061 affects Android 10; the libxaac library has an out-of-bounds write due to a missing bounds check, enabling remote code execution with network access and user interaction required per the NVD entry. Red Hat and CNVD mirrors confirm the same description. Android 10 security release no...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-2084

The CVE-2019-2084 issue affects the libxaac library in Android 10. It is caused by a missing bounds check that allows an out‑of‑bounds write, enabling remote code execution. Exploitation requires user interaction. The vulnerability impacts Android 10 devices with libxaac, and multiple connected s...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-9258

This CVE-2019-9258 entry concerns Android 10 (wifilogd) with a possible out-of-bounds write due to a missing bounds check, enabling local elevation of privilege without user interaction. The issue affects wifilogd on Android-10 and is described as an out-of-bounds write that could elevate privile...

7.8CVSS8.2AI score0.00156EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-9268

CVE-2019-9268 affects Android’s media stack (libstagefright) with a use-after-free caused by improper locking, enabling local escalation of privilege in the media server without extra privileges. The issue is tied to Android 10 (Android-10) and is documented in the Android 10 Security Release Not...

5.5CVSS6.5AI score0.00116EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-9316

CVE-2019-9316 affects Android’s media stack via the libstagefright component, where a missing variable initialization is cited as the root cause. This flaw could enable remote information disclosure without extra privileges, with user interaction required for exploitation. Affected product is And...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-9375

CVE-2019-9375 affects Android 10 where hostapd may trigger an out-of-bounds write due to a race condition, enabling local privilege escalation with SYSTEM privileges and no user interaction. The issue is tied to the hostapd component; exploitation status and precise exploit paths are not detailed...

6.9CVSS7AI score0.00119EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.52 views

CVE-2019-9384

CVE-2019-9384 affects Android 10 in the framework component LockPatternUtils. The issue is an improper permissions check that enables elevation of privilege by bypassing the Lockguard, granting System-level execution privileges without user interaction. The CVE entry notes local exploitation is p...

7.2CVSS7.1AI score0.00184EPSS
CVE
CVE
added 2020/03/10 7:53 p.m.52 views

CVE-2020-0010

CVE-2020-0010 affects the FPC Fingerprint TEE in the Android kernel. The root cause is an out-of-bounds write due to a missing bounds check in fpc_ta_get_build_info within fpc_ta_kpi.c, enabling local escalation of privilege with SYSTEM-level privileges; no user interaction is required. Public re...

7.2CVSS6.7AI score0.00167EPSS
CVE
CVE
added 2020/03/10 8:0 p.m.52 views

CVE-2020-0060

CVE-2020-0060 is documented as a SQL injection-based permission bypass in Android 10. The affected components are the SmsProvider.java and MmsSmsProvider.java query paths, enabling a local information disclosure with system-level privileges and no user interaction required for exploitation. The v...

4.4CVSS5.4AI score0.00167EPSS
CVE
CVE
added 2020/05/14 8:8 p.m.52 views

CVE-2020-0104

CVE-2020-0104 affects Android 9 and 10, due to a logic error in KeyguardStateMonitor.java (onShowingStateChanged) that can disclose keyguard-protected data locally without extra privileges or user interaction. The issue is documented with a local-privilege/exposure impact (CVSS 3.1/5.5; CVSS2 bas...

5.5CVSS5AI score0.00167EPSS
CVE
CVE
added 2020/05/14 8:10 p.m.52 views

CVE-2020-0109

CVE-2020-0109 affects Android 9–10 and relates to NotificationManagerService.java: in simulatePackageSuspendBroadcast there is a missing permission check, enabling local privilege escalation by crafting fake system notifications without extra execution privileges. Public references indicate the i...

7.8CVSS7.6AI score0.00138EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.52 views

CVE-2020-0183

CVE-2020-0183 (Android 10): In BluetoothManagerService.handleMessage there is an incomplete reset, enabling local elevation of privilege. Affected component: Android Bluetooth stack (Android-10). According to NVD, CVSS v3.1 base score is 7.8 (HIGH) with LOCAL attack vector, user interaction requi...

7.8CVSS8.2AI score0.00302EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.52 views

CVE-2020-0184

CVE-2020-0184 affects Android 10 Media Framework; the vulnerability is an infinite loop in ihevcd_ref_list() inside ihevcd_ref_list.c caused by a missing bounds check, enabling remote DoS. Impact and exploitability: DoS with network attack surface per CVSS2, but CVSS3 notes user interaction is re...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.52 views

CVE-2020-0190

CVE-2020-0190 affects Android 10 with a vulnerability in ideint_weave_blk of ideint_utils.c caused by a heap buffer overflow leading to an out-of-bounds write. This could enable remote code execution. Exploitation requires user interaction per the description. The Pixel security bulletin lists CV...

8.8CVSS9.2AI score0.00747EPSS
CVE
CVE
added 2020/05/14 8:17 p.m.52 views

CVE-2020-0221

CVE-2020-0221 affects Airbrush’s scratch memory allocator in the Android kernel. The root cause is a numeric overflow in the allocator, which could cause the next allocation to return a pointer within a previously allocated region, enabling improper memory access and elevation of privilege on aff...

9.8CVSS9.1AI score0.00466EPSS
CVE
CVE
added 2020/09/17 8:54 p.m.52 views

CVE-2020-0270

CVE-2020-0270 affects Tremolo in Android-11, with an out-of-bounds read due to a missing bounds check that could lead to remote information disclosure. Exploitation requires user interaction; impact is information disclosure without extra execution privileges. This entry is supported by multiple ...

6.5CVSS6.5AI score0.00835EPSS
CVE
CVE
added 2020/09/18 3:6 p.m.52 views

CVE-2020-0350

CVE-2020-0350 affects Android 11 and is triggered by an out-of-bounds write in the NFC path due to a missing bounds check. The vulnerability could enable local elevation of privilege with system-level execution and potentially compromise firmware, with no user interaction required. Affected compo...

6.7CVSS7.2AI score0.00153EPSS
CVE
CVE
added 2020/09/17 8:53 p.m.52 views

CVE-2020-0360

CVE-2020-0360 affects Android 11, involving a permissions bypass in Notification Access Confirmation that could enable local elevation of privilege with user execution privileges needed. Exploitation requires user interaction. The issue is listed under Android 11 vulnerability details and is addr...

7.8CVSS8.2AI score0.00439EPSS
CVE
CVE
added 2021/02/04 5:9 p.m.52 views

CVE-2021-0345

CVE-2021-0345 affects Android: the issue is in the mobile_log_d component, caused by improper input validation. This permits local privilege escalation to System execution level on Android-10 and Android-11, with no user interaction required. Exploitation is described as local and does not indica...

7.2CVSS6.6AI score0.00166EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.52 views

CVE-2021-0359

In netdiag, a bug causes an out-of-bounds write due to a missing bounds check, enabling local escalation of privilege with System execution privileges required. Affected software is Android (Android-10, Android-11). The issue is baseline described across multiple sources (NVD/Red Hat/PRION, etc.)...

6.7CVSS6.7AI score0.00155EPSS
CVE
CVE
added 2021/03/10 4:9 p.m.52 views

CVE-2021-0382

CVE-2021-0382 affects Android 11 where SliceManagerService.java’s checkSlicePermission allows local information disclosure due to an incorrect permission check. Exploitation would be local (no user interaction) and could expose partial to sensitive information as defined in the CVE entry. Red Hat...

5.5CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2021/03/10 4:17 p.m.52 views

CVE-2021-0459

CVE-2021-0459 affects Google Android kernel code, specifically fts_driver_test_write in fts_proc.c. It is due to a missing bounds check, causing an out-of-bounds read that can disclose local information. Exploitation requires local access and does not require user interaction, with the potential ...

4.4CVSS4.2AI score0.00204EPSS
CVE
CVE
added 2021/07/14 1:44 p.m.52 views

CVE-2021-0518

CVE-2021-0518 affects Android 13, where a missing permission check in Wi‑Fi can leak location‑sensitive data, enabling local information disclosure without extra execution privileges. Root cause: lack of access control around Wi‑Fi data exposure. Impact is information disclosure with no user inte...

5.5CVSS5.5AI score0.00118EPSS
CVE
CVE
added 2021/10/25 1:18 p.m.52 views

CVE-2021-0663

CVE-2021-0663 describes an out-of-bounds write in the Mediatek audio DSP caused by an incorrect bounds check. Affects MediaTek DSP firmware across multiple MT chipsets and Android versions (9.0–11.0) with potential for local privilege escalation to System execution privileges, without user intera...

7.2CVSS6.9AI score0.00556EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.52 views

CVE-2021-0677

The CVE-2021-0677 issue affects the ccu driver, where an integer overflow can trigger an out-of-bounds read, leading to local information disclosure with SYSTEM privileges required. Exploitation reportedly does not need user interaction. The Red Hat and NVD entries corroborate this description; p...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.52 views

CVE-2021-0678

CVE-2021-0678 affects the MediaTek Apusys component, where a missing bounds check enables an out-of-bounds write. This could allow local escalation of privilege with System execution privileges and no user interaction required. The Public references indicate Patch ID ALPS05672107 and Issue ID ALP...

6.7CVSS6.7AI score0.00115EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.52 views

CVE-2021-0897

In CVE-2021-0897, the vulnerability affects the apusys component, where a missing bounds check allows an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required and does not require user interaction. A patch is identified as ALPS05672107 (Issue A...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2021/01/05 5:53 p.m.52 views

CVE-2021-22494

Summary: CVE-2021-22494 affects Samsung Note20 devices running Q (10.0) software. The fingerprint scanner may misbehave when a screen protector is used because the required image compensation is not present during enrollment. This can lead to inversion and a high False Recognition Rate (FRR). The...

5.5CVSS5.5AI score0.00304EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.52 views

CVE-2021-25393

CVE-2021-25393 affects Samsung's SecSettings prior to SMR May-2021 Release 1. The issue is improper sanitization of an incoming intent that lets a local attacker gain permissions to access system UID data. Affected component is the Settings app on Samsung Android devices; root cause relates to in...

6.6CVSS6.7AI score0.00138EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.52 views

CVE-2022-20018

CVE-2022-20018 concerns the seninf driver, with a reported information-disclosure issue caused by uninitialized data. This could lead to local information disclosure with SYSTEM privileges required; user interaction is not needed. The fix is patch ALPS05863018 (Issue ID: ALPS05863018). Exploitati...

4.4CVSS4.3AI score0.00116EPSS
CVE
CVE
added 2022/01/04 3:57 p.m.52 views

CVE-2022-20023

Technical details about CVE-2022-20023 are not publicly disclosed in the provided documents. Monitor for updates from vendors and security advisories for affected Bluetooth implementations; current sources reiterate a denial-of-service risk without exploitation specifics.

6.5CVSS6.4AI score0.00267EPSS
CVE
CVE
added 2022/08/11 3:13 p.m.52 views

CVE-2022-20270

CVE-2022-20270 affects Android 13, where a permissions bypass in the Content component could disclose the Gmail account name on a device with no extra privileges or user interaction. Documented impact is local information disclosure (confidentiality) with no exploitation details provided in the c...

5.5CVSS5.5AI score0.00096EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.52 views

CVE-2022-26454

CVE-2022-26454 affects the teei component where a memory corruption caused by an integer overflow could enable local privilege escalation to System level without user interaction. Public documents consistently describe the issue as a local escalation vulnerability in teei, with the attack surface...

6.7CVSS6.8AI score0.00101EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.52 views

CVE-2022-26457

CVE-2022-26457 affects MediaTek vow, with an out-of-bounds write caused by a missing bounds check that could enable local privilege escalation to SYSTEM. Exploitation requires local access; no user interaction is needed. Patch ALPS07138490 (Issue ALPS07138490) is noted as the remediation in the p...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.52 views

CVE-2022-32643

CVE-2022-32643: In ccd, a race condition can cause a use-after-free, enabling local privilege escalation with SYSTEM privileges required and no user interaction. The vulnerability is described with Patch ID ALPS07341261/Issue ID ALPS07341261. Exploitation details are not provided in the connected...

6.4CVSS6.6AI score0.00157EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.52 views

CVE-2022-36852

Video Editor on Samsung mobile devices is affected by an Improper Authorization vulnerability. The issue allows a local attacker to access internal application data due to improper authorization. Affected versions are prior to SMR Sep-2022 Release 1. Mitigation: update to SMR Sep-2022 Release 1 o...

3.3CVSS3.9AI score0.00102EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.52 views

CVE-2022-36855

CVE-2022-36855 is a use-after-free vulnerability in the iva_ctl driver, present in versions prior to Samsung SMR Sep-2022 Release 1. The issue allows a local attacker with low privileges and no user interaction to trigger memory access faults (per CVSS, high impact on confidentiality, integrity, ...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.52 views

CVE-2022-38689

CVE-2022-38689 concerns the telephony service, where a missing permission check can enable local information disclosure without extra execution privileges. Multiple connected sources corroborate a local-privilege-agnostic disclosure vector affecting telephony components, with no concrete exploit ...

5.5CVSS5.2AI score0.00117EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.52 views

CVE-2022-39094

CVE-2022-39094 affects the power management service, where a missing permission check enables setting up the service with no additional privileges. The vulnerability is triggered locally (attack vector: LOCAL) with low privilege requirements and no user interaction, and has high impact on confide...

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.52 views

CVE-2022-39849

CVE-2022-39849 describes an improper access control in the knox_vpn_policy service prior to Samsung SMR Oct-2022 Release 1, allowing unauthorized read of configuration data. Affected component: knox_vpn_policy in Samsung Knox/VPN policy context. Root cause: insufficient access restrictions enabli...

3.3CVSS4AI score0.00081EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.52 views

CVE-2022-42768

CVE-2022-42768 affects the WLAN driver (notably in Unisoc chipset contexts) and is caused by a possible missing bounds check in the WLAN driver, leading to local denial of service in WLAN services. The Red Hat, NVD, CVE listings and related feeds corroborate the same description, with no explicit...

4.3CVSS4.5AI score0.00268EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.52 views

CVE-2022-44419

CVE-2022-44419 affects the modem’s NAS security mode handling, where missing verification of NAS Security Mode Command Replay Attacks in LTE allows a local attacker to cause denial of service without extra privileges. The issue is described across multiple sources as a local impact with a high av...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.52 views

CVE-2022-44421

CVE-2022-44421 concerns a vulnerability in the WLAN driver where a missing permission check could allow local information disclosure. The initial description identifies the issue as a local vulnerability in the WLAN driver with a CVSSv3.1 base score of 5.5 (Impact: Confidentiality High; Attack Ve...

5.5CVSS5.1AI score0.00094EPSS
Total number of security vulnerabilities8153