Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/01/04 12:0 a.m.52 views

CVE-2022-44424

CVE-2022-44424: The issue is a missing permission check in the music service that can trigger a local denial-of-service in the contacts service without requiring additional privileges. The available sources do not provide concrete exploit details, affected product versions, or a documented fix. M...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.52 views

CVE-2022-47329

CVE-2022-47329 involves a missing permission check in the WLAN driver that could lead to local information disclosure. The vulnerability’s root cause is an insufficient authorization check in the WLAN driver, with local attack potential and confidentiality impact described as high. The connected ...

6.4CVSS5.1AI score0.00085EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.52 views

CVE-2022-47464

CVE-2022-47464 describes a missing permission check in the telecom service, enabling local denial of service. Affected: telecom service component; root cause: insufficient permission validation. Impact: local DoS with high availability impact as per CVSS 3.1 vector. Exploitation details are not p...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.52 views

CVE-2022-47468

CVE-2022-47468 is linked in connected documents to a vulnerability in UNISOC chipsets , described as a missing privilege/permission check that can cause a local denial of service . The root cause is stated as a lack of privilege checking leading to DoS; the Red Hat/NVD entries reiterate the same ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.52 views

CVE-2022-47482

CVE-2022-47482 involves a missing permission check in the telephony service, enabling a local denial of service without additional execution privileges. The NVD listing specifies a CVSS v3.1 base score of 5.5 (Medium), with local attack vector, low attack complexity and privileges required, and a...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.52 views

CVE-2022-47484

CVE-2022-47484 concerns a missing permission check in the telephony service, enabling local denial of service without additional execution privileges. Connected sources consistently reference the telephony module and privilege check omission as the root cause, but do not provide concrete details ...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.52 views

CVE-2022-48368

CVE-2022-48368 affects the UNISOC chipsets’ audio service, with the root cause described as a missing permission check in the audio service. This could allow a local attacker with low privileges and no user interaction to escalate to a high-privilege level, potentially compromising confidentialit...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.52 views

CVE-2022-48373

The CVE-2022-48373 entry concerns a local out-of-bounds write in the UNISOC/tee service due to a missing bounds check, leading to local denial of service with SYSTEM privileges. Public references (NVD, Red Hat, CVE list, vuln enrichment) confirm the same root cause and impact, but exploitation st...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.52 views

CVE-2022-48453

CVE-2022-48453 affects a camera driver (Unisoc-based devices) with a missing bounds check that can trigger an out-of-bounds write. Impact is local denial of service with system privileges required; CVSSv3.1 vector indicates local access, high privileges, and availability impact, with a medium bas...

4.4CVSS4.8AI score0.00088EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.52 views

CVE-2023-20610

CVE-2023-20610 describes a memory corruption risk in the MediaTek display DRM stack caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. The vulnerability affects the display DRM component; the root cause is a race c...

6.4CVSS6.7AI score0.00092EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.52 views

CVE-2023-20633

CVE-2023-20633 describes a potential out-of-bounds write in the usb module due to a missing bounds check, enabling local escalation of privileges with SYSTEM level execution and no user interaction required. The vulnerability is described consistently across multiple sources and references patch ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.52 views

CVE-2023-20708

CVE-2023-20708 involves a possible out-of-bounds read in the MediaTek keyinstall component. The underlying issue is a missing bounds check, enabling local privilege escalation with System execution privileges needed. Exploitation status is not documented in the provided sources. The vulnerability...

6.7CVSS6.6AI score0.00112EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.52 views

CVE-2023-20711

CVE-2023-20711 affects the keyinstall component and describes a possible out-of-bounds read due to a missing bounds check, enabling local information disclosure with system privileges needed. Exploitation details are not specified in the provided documents; user interaction is not required. The p...

4.4CVSS4.2AI score0.00109EPSS
CVE
CVE
added 2023/06/06 12:12 p.m.52 views

CVE-2023-20723

Summary of CVE-2023-20723 : A Bluetooth vulnerability in MediaTek-based devices allows an out-of-bounds read due to a missing bounds check, enabling local escalation of privilege with System execution privileges required. Exploitation is described as local with no user interaction needed; the ent...

6.7CVSS6.6AI score0.0009EPSS
CVE
CVE
added 2023/06/06 12:12 p.m.52 views

CVE-2023-20724

The CVE-2023-20724 entry concerns MediaTek Bluetooth implementations. A missing bounds check in the Bluetooth module enables an out-of-bounds read, leading to local escalation of privilege with System-level execution privileges; exploitation requires no user interaction. The vulnerability affects...

6.7CVSS6.6AI score0.0009EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.52 views

CVE-2023-20756

CVE-2023-20756 concerns a vulnerability in keyinstall (reported across multiple feeds) that enables an out-of-bounds write caused by an integer overflow. This can lead to local escalation of privilege with SYSTEM privileges, requiring no user interaction. A patch is available (Patch ID ALPS075100...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.52 views

CVE-2023-20782

MediaTek’s keyinstall component in the MediaTek microprogram software is affected by CVE-2023-20782, caused by a missing bounds check that can lead to local information disclosure with System privileges (no user interaction). A patch is noted as ALPS07550104 (Issue ALPS07550103). Connected adviso...

4.4CVSS4.3AI score0.00086EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.52 views

CVE-2023-20786

The CVE-2023-20786 entry concerns the MediaTek GPS component. A missing bounds check enables an out-of-bounds write, leading to local escalation of privilege with System execution privileges required. Exploitation does not require user interaction. A patch entry is noted as ALPS07767811 (Issue AL...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.52 views

CVE-2023-20788

CVE-2023-20788 affects MediaTek devices in the thermal component where a race condition can cause a use-after-free, enabling local privilege escalation to SYSTEM if exploited. Exploitation details are not provided in the documents; no user interaction is required. A patch is referenced (ALPS07648...

6.4CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.52 views

CVE-2023-20813

CVE-2023-20813 affects MediaTek WLAN software/component where an out-of-bounds read occurs due to improper input validation. Impact described as local information disclosure with the need for System execution privileges; no user interaction required. Patch referenced: ALPS07453549 (Issue ID: ALPS...

4.4CVSS4.3AI score0.00087EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.52 views

CVE-2023-20815

The CVE-2023-20815 issue affects MediaTek WLAN software. Affected component: WLAN service; root cause: out-of-bounds write due to improper input validation. Impact: local escalation of privilege with System execution privileges required; no user interaction needed. Remediation: patch ALPS07453587...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.52 views

CVE-2023-20834

The CVE-2023-20834 issue affects the pda component, where a race condition leads to a use-after-free vulnerability. This can allow local escalation of privilege to SYSTEM level with high confidentiality/integrity/availability impact, and requires no user interaction to exploit. The documented att...

6.4CVSS6.6AI score0.00063EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.52 views

CVE-2023-21305

Technical details for CVE-2023-21305 are not publicly provided in the supplied documents. No specifics on affected products, versions, or fixes are present. Please monitor for updates.

5.5CVSS5.6AI score0.00089EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.52 views

CVE-2023-21325

Technical details about CVE-2023-21325 are not publicly available in the provided connected documents. No concrete information on affected products, versions, or fixes is present. Monitor for updates.

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.52 views

CVE-2023-21333

CVE-2023-21333 describes an information-disclosure flaw in Android’s Text Services where an attacker can determine if an app is installed via side-channel information disclosure. This can lead to local information leakage with no additional privileges and without user interaction. Connected docum...

5.5CVSS5.6AI score0.00103EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.52 views

CVE-2023-21346

CVE-2023-21346 is listed in Android 14 security release notes under Framework with Type ID and Moderate severity. The initial description indicates a local information-disclosure via Device Idle Controller side-channel (no user interaction required). Connected notes confirm framework-level classi...

3.3CVSS3.5AI score0.00083EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.52 views

CVE-2023-21360

CVE-2023-21360 affects Android Bluetooth and is characterized by an out-of-bounds write caused by improper input validation. The issue enables local elevation of privilege to System after exploitation, with no user interaction required. Public details consistently describe the vulnerability as a ...

6.7CVSS6.9AI score0.00088EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.52 views

CVE-2023-21383

Technical details (affected product/version/root cause/fix) for CVE-2023-21383 are not publicly available in the provided connected documents. Monitor for updates.

5.5CVSS5.2AI score0.00094EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.52 views

CVE-2023-30921

CVE-2023-30921 affects UNISOC chipsets (SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T770/T820/S8000). Root cause: missing permission check in the messaging service, enabling local information disclosure with no additional execution privileges. Impact per sources: local confidential...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.52 views

CVE-2023-32811

CVE-2023-32811 affects the connectivity system driver. The root cause is an out-of-bounds write due to improper input validation, enabling local escalation to SYSTEM with no user interaction. Exploitation status is not fully detailed in the provided documents, but a patch (Patch ID: ALPS07929848;...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.52 views

CVE-2023-40101

CVE-2023-40101 describes an out-of-bounds read in the collapse path of canonicalize_md.c that can disclose local information without extra privileges or user interaction. Public records in multiple sources (NVD, Red Hat, CNVD, etc.) confirm the same description. The Android 14 release notes list ...

5.5CVSS5.2AI score0.00134EPSS
CVE
CVE
added 2023/10/08 3:35 a.m.52 views

CVE-2023-40631

No public technical details are provided in the supplied documents for CVE-2023-40631 beyond the description of a missing permission check in Dialer causing local information disclosure; monitor for updates.

4.4CVSS4.4AI score0.00082EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.52 views

CVE-2023-42632

The CVE-2023-42632 issue affects validationtools, where a missing permission check could allow local information disclosure without requiring any additional execution privileges. Documented impact is limited to disclosure (Confidentiality Impact: HIGH) with local attack vector and no user interac...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.52 views

CVE-2023-42655

CVE-2023-42655 relates to the sim service where there is a missing permission check that allows writing permission usage records, enabling local privilege escalation to System level. The advisory consistently references the sim service as the affected component and describes the root cause as ins...

6.7CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.52 views

CVE-2024-20015

CVE-2024-20015 involves a permissions bypass in the telephony stack that can enable local privilege escalation with no user interaction. Documentation across sources (NVD, Red Hat, CVE lists) notes a local-privilege escalation impact and identifies a patch/Issue ID: ALPS08441419. The exact affect...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.52 views

CVE-2024-20088

CVE-2024-20088 affects MediaTek keyinstall: an out-of-bounds read due to a missing bounds check, enabling local information disclosure with system privileges. Public exploitation details are not provided in the available documents. The vulnerability is associated with patch ID ALPS08932099 and Is...

4.4CVSS6.2AI score0.00096EPSS
CVE
CVE
added 2024/10/09 6:43 a.m.52 views

CVE-2024-39436

The CVE-2024-39436 entry concerns the LinkTurboNative service, with a command-injection due to improper input validation. Impact is local privilege escalation to SYSTEM. Multiple connected sources (Red Hat, NVD, CVE lists, and PT-Security) confirm the issue description; details on affected versio...

6.7CVSS7.7AI score0.00252EPSS
CVE
CVE
added 2024/10/09 6:43 a.m.52 views

CVE-2024-39440

CVE-2024-39440 affects the DRM service and is caused by a null pointer dereference that can crash the system, leading to local denial of service with SYSTEM privileges required. Public references consistently describe the issue as a local DoS in DRM service components; no exploitation details are...

6.2CVSS6.8AI score0.00076EPSS
CVE
CVE
added 2018/03/27 4:0 p.m.51 views

CVE-2014-4959

Technical details about CVE-2014-4959 are not publicly provided in the included documents; no affected products, root cause, impact, or remediation are specified. Monitor for updates.

9.8CVSS9.7AI score0.01507EPSS
CVE
CVE
added 2014/12/15 5:27 p.m.51 views

CVE-2014-8610

The CVE describes a vulnerability in Android prior to 5.0.0 where AndroidManifest.xml does not require SEND_SMS for the SmsReceiver, allowing an unprivileged app to cause stored SMS messages to be resent or new draft SMS messages to be sent by broadcasting the com.android.mms.transaction.MESSAGE_...

3.3CVSS6.6AI score0.00342EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.51 views

CVE-2014-9788

Converged detail from CNVD-2016-04814 confirms CVE-2014-9788 is a buffer overflow in the Qualcomm sound driver in Android on Nexus 5 prior to 2016-07-05, exploitable by a crafted app to gain privileges. Root cause: overflow in the Qualcomm sound driver; Impact: local privilege escalation. A patch...

9.3CVSS7.6AI score0.00573EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.51 views

CVE-2014-9802

CVE-2014-9802: Concrete details found in CNVD-2016-04811 and related records show an integer overflow in lib/libfdt/fdt.c within the Qualcomm component on Android, affecting Nexus 5 and Nexus 7 (2013) devices. Root cause: integer overflow in the FDT parser leads to privilege escalation when proce...

9.3CVSS7.5AI score0.00557EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.51 views

CVE-2014-9864

The CVE-2014-9864 entry concerns Android on Nexus devices (Nexus 5/7 2013) where drivers/misc/qseecom.c in Qualcomm components does not validate ioctl calls, enabling privilege escalation via a crafted app. Connected docs are not provided here, but the description states the flaw allows local pri...

9.3CVSS7.5AI score0.00544EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.51 views

CVE-2014-9866

CVE-2014-9866 affects Qualcomm MSM camera driver on Nexus 5/Nexus 7 (2013) running Android with pre-2016-08-05 patch levels. The vulnerable file is drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c, where a parameter is not validated, enabling elevation of privilege via a crafted applic...

9.3CVSS7.5AI score0.00544EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.51 views

CVE-2014-9869

CVE-2014-9869 affects Android on Nexus 5/7 (2013) prior to 2016-08-05, where msm_isp_stats_util.c in Qualcomm components does not validate certain index values, enabling local privilege escalation via a crafted app. Connected sources confirm the issue is a privilege escalation in Mediaserver/kern...

9.3CVSS7.5AI score0.00557EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.51 views

CVE-2014-9875

CVE-2014-9875 affects Android on Nexus 7 (2013) prior to 2016-08-05. The vulnerability is in drivers/char/diag/diag_dci.c of Qualcomm components and allows privilege escalation via a crafted application that sends short DCI request packets (Android internal bug 28767589; Qualcomm bug CR483310). P...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.51 views

CVE-2014-9884

CVE-2014-9884 affects Android on Nexus 5 and Nexus 7 (2013) via drivers/misc/qseecom.c in Qualcomm components. The root cause is that qseecom.c does not validate certain pointers, enabling a local attacker with a crafted app to gain privileges. Connected sources corroborate a privilege-escalation...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2017/01/18 5:0 p.m.51 views

CVE-2014-9909

The CVE-2014-9909 entry describes an elevation of privilege vulnerability in the Broadcom Wi‑Fi driver for Android, where a local malicious application could execute arbitrary code in the kernel context. The issue is considered High impact because it requires compromising a privileged process fir...

9.3CVSS6.8AI score0.00526EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.51 views

CVE-2014-9955

CVE-2014-9955 is an elevation-of-privilege vulnerability affecting Android, specifically in Qualcomm closed‑source components with the Android kernel as the platform. The connected CVE records confirm the issue is associated with Qualcomm closed‑source components and that fixes are not delivered ...

10CVSS8.7AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.51 views

CVE-2014-9967

CVE-2014-9967 describes an untrusted pointer dereference in the WideVine DRM component used by Android CAF builds that run on the Linux kernel. The vulnerability is located in WideVine DRM (a media/content protection feature) and is triggered by dereferencing an untrusted pointer, leading to pote...

9.3CVSS7.4AI score0.00585EPSS
Total number of security vulnerabilities8153