8153 matches found
CVE-2013-4710
CVE-2013-4710 affects Android WebView implementations (Android 3.0–4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank and other devices). The issue arises from improper WebView handling of addJavascriptInterface, enabling remote attackers to call arbitrary Java object methods or cause a ...
CVE-2021-0928
CVE-2021-0928 concerns an Elevation of Privilege in Android’s Media Framework. The vulnerability arises from a mismatch in parcel serialization/deserialization in createFromParcel of OutputConfiguration.java due to improper input validation, allowing local privilege elevation with no authenticate...
CVE-2021-39664
CVE-2021-39664 concerns Android 12, rooted in the loader for APK resources: In LoadedPackage::Load of LoadedArsc.cpp, a missing bounds check can cause an out-of-bounds read. The documented impact is local information disclosure when parsing APK files, with no additional execution privileges requi...
CVE-2021-39674
This CVE (CVE-2021-39674) affects Android 10–12 and involves a use-after-free in btm_sec_connected/btm_sec_disconnected within btm_sec.cc, enabling local elevation of privilege. Exploitation requires user privileges but not user interaction. There is no public exploit code in the provided docs. R...
CVE-2022-20010
CVE-2022-20010 affects Android 12/12L, arising from an out-of-bounds read in l2cble_process_sig_cmd() inside l2c_ble.cc. The flaw enables remote information disclosure via Bluetooth without needing user interaction or extra privileges, with Bluetooth adjacent-network exploitability per CVSS data....
CVE-2022-20112
The CVE-2022-20112 issue is in Android’s PrivateDnsPreferenceController.java getAvailabilityStatus. A guest user can bypass permissions to change private DNS settings, enabling local escalation of privilege with no additional execution privileges and no user interaction required. Affected Android...
CVE-2022-20220
CVE-2022-20220 affects Android 12/12L where the OpenFile path traversal in CallLogProvider.java can bypass permissions, enabling local escalation of privilege with user privileges and no user interaction required. The root cause is a path traversal fault in openFile that could allow access to pri...
CVE-2022-20227
CVE-2022-20227 affects the Android kernel USB driver: a heap-based overflow leads to an out-of-bounds read. This can enable local information disclosure with user privileges; exploitation does not require user interaction. Public details reference the upstream kernel and the Android 2022-07-01 bu...
CVE-2022-20461
CVE-2022-20461 affects Android BLE code: in pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp there is a possible out-of-bounds read due to type confusion. The cited impact is local escalation of privilege via BLE with no additional execution privileges required and no user int...
CVE-2024-53842
The CVE-2024-53842 issue affects Google Android components, specifically the cc_SendCcImsInfoIndMsg routine in cc_MmConManagement.c. The root cause is an out-of-bounds write due to missing bounds checking, enabling remote code execution with no privileges and no user interaction required. The vul...
CVE-2019-2096
CVE-2019-2096 affects Google Android components, specifically linked to a memory corruption vulnerability in EffectBundle.cpp caused by a double free. This could enable local escalation of privilege in the Android audio server with no extra execution privileges and no user interaction required. A...
CVE-2019-2099
CVE-2019-2099 affects Android systems due to an out-of-bounds write in nfa_rw_store_ndef_rx_buf within nfa_rw_act.cc. The underlying cause is a missing bounds check, allowing local elevation of privilege with no extra execution privileges required; exploitation requires user interaction. Affected...
CVE-2021-39671
CVE-2021-39671 affects Android 12. The flaw is an out-of-bounds read in code generated by aidl_const_expressions.cpp caused by uninitialized data, leading to information disclosure without additional privileges or user interaction. The issue is listed in Android’s February 2022 security bulletins...
CVE-2022-20116
CVE-2022-20116 affects Android 12/12L, arising from onEntryUpdated in OngoingCallController.kt where an intent redirection allows launching non-exported activities. This enables local elevation of privilege with no user interaction required, given User execution privileges. The issue is documente...
CVE-2019-2093
The CVE-2019-2093 issue affects Android 9 in the Media/ndc path: In huff_dec_1D of nlc_dec.cpp there is a potential out-of-bounds write caused by a missing bounds check, enabling remote code execution with no extra privileges and requiring user interaction to exploit. Connected sources (NVD/NVD v...
CVE-2019-2183
CVE-2019-2183 details (Android) : The issue resides in the RegisteredServicesCache.java, specifically in generateServicesMap, where a caching optimization can bypass account protection, enabling local information disclosure without extra privileges and with no user interaction. Affected platforms...
CVE-2021-39700
CVE-2021-39700 affects Android devices (Android 10–12) via a logic error in adbd.te that corrupted CTS Listening Ports Test results, enabling local information disclosure without extra privileges. The issue is classified as Information Disclosure (Type: ID) with a Medium severity in the Chromecas...
CVE-2021-39800
CVE-2021-39800 affects the Android kernel ION component (ion_ioctl.c) where a use-after-free can leak kernel head data, enabling local information disclosure without extra privileges or user interaction. Exploitation details are not provided in the supplied documents. Impact is limited to local d...
CVE-2022-20138
CVE-2022-20138 concerns a missing permission check in the Android framework, specifically in ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java. The issue allows an unprivileged app to send the MANAGED_PROFILE_PROVISIONED intent, potentially enabling local elevation of privileg...
CVE-2022-20474
CVE-2022-20474 affects Android (10–13) and is due to a flaw in Parcel.readLazyValue in Parcel.java that can load arbitrary code into the System Settings app via a confused deputy. The vulnerability enables local privilege escalation without extra execution privileges and does not require user int...
CVE-2023-21103
CVE-2023-21103 involves a DoS in Android’s PhoneAccountRegistrar.registerPhoneAccount due to uncaught exceptions while parsing persisted user data. Affects Android 11–13; vulnerable component is PhoneAccountRegistrar.java. The issue yields local persistent denial of service with no extra privileg...
CVE-2023-40135
CVE-2023-40135 affects Android, where in SaveUi.java’s applyCustomDescription a logic error (confused deputy) can allow viewing another user’s images. This results in local information disclosure with no extra execution privileges and no user interaction required. The issue is documented in multi...
CVE-2017-13220
CVE-2017-13220 is described in connected advisories as an elevation of privilege in the Upstream kernel bluez affecting the Android kernel (Android ID A-63527053). The Nessus/OpenVAS entries reference this CVE alongside other Linux kernel CVEs, confirming a kernel-related issue, but the provided ...
CVE-2019-2095
CVE-2019-2095 affects Android 9 (Pie) with a race condition in SkPixelRef.cpp leading to a use-after-free and potential remote code execution. The vulnerability is triggered via callGenIDChangeListeners and related paths; exploitation requires user interaction. The Android Security Bulletin (June...
CVE-2021-39663
CVE-2021-39663 affects Android 10 and is linked to MediaProvider.java’s openFileAndEnforcePathPermissionsHelper. The vulnerability describes a bypass of a permissions check caused by a confused deputy, enabling local elevation of privilege without user interaction. The Android CVE entry documents...
CVE-2022-20224
CVE-2022-20224 is a reported information-disclosure vulnerability in the Android Bluetooth stack. It stems from an out-of-bounds read in AT_SKIP_REST of bta_hf_client_at.cc due to an insufficient bounds check. The issue could allow remote information disclosure without any user interaction, requi...
CVE-2022-20352
The CVE-2022-20352 entry refers to a local information-disclosure flaw in Android 12/12L via a missing permission check in LocationManagerService.addProviderRequestListener. It can reveal which packages request location data (information disclosure with no extra execution privileges). Connected s...
CVE-2022-20453
CVE-2022-20453 affects Android 10–13 (Android-10 to Android-13) and involves a path traversal in MmsProvider.java that can constrict directory permissions, enabling local DoS of SIM recognition. The exploit requires user interaction and does not grant additional code execution privileges. The bas...
CVE-2022-20479
CVE-2022-20479 affects Android’s NotificationChannel.java (NotificationChannel) and is categorized as an Elevation of Privilege (EoP) issue due to a resource exhaustion bug that can enable local privilege escalation without user interaction. Affected: Android-10 through Android-13; root cause is ...
CVE-2023-20904
The CVE-2023-20904 issue is in Android SettingsActivity.getTrampolineIntent, where an Intent mismatch can launch an arbitrary activity. This could enable local privilege escalation without extra privileges or user interaction. Affected: Android-12L and Android-13. According to Android security bu...
CVE-2023-21134
The CVE-2023-21134 issue is an elevation-of-privilege in Android related to onCreate in ManagePermissionsActivity.java where a missing permission check could bypass factory reset protections. The vulnerability allows local escalation of privilege with physical access to a device that has been fac...
CVE-2023-21250
CVE-2023-21250 affects the Android Bluetooth stack (gatt_end_operation in gatt_utils.cc). The root cause is an out-of-bounds write due to a missing bounds check, enabling remote code execution with no privileges and no user interaction required. Android security bulletins for 2023-07-01/07-05 ind...
CVE-2023-21291
CVE-2023-21291 affects Android’s Notification.java (visitUris in the framework). The vulnerability arises from a missing permission check, potentially allowing a local attacker to reveal image contents belonging to another user. This is described as a local information disclosure with User privil...
CVE-2023-40077
CVE-2023-40077 is a race-condition–driven Use-After-Free (UAF) vulnerability in multiple functions of MetaDataBase.cpp. The flaw enables remote escalation of privilege with no extra execution privileges and no user interaction required. Documented sources (NVD/CNVD/OSV/PRION/PRIOR) confirm the is...
CVE-2023-40121
CVE-2023-40121 affects Google Android via a vulnerability in DatabaseUtils.java (appendEscapedSQLString) that enables information disclosure through unsafe deserialization. The description across connected sources notes a SQL injection risk with local impact, requiring local privileges and no use...
CVE-2024-23704
CVE-2024-23704 is an elevation-of-privilege vulnerability in Android’s WifiDialogActivity.onCreate that bypasses DISALLOW_ADD_WIFI_CONFIG due to a missing permission check. Exploitation requires local access with no user interaction; no remote vector is described. Multiple connected sources (NVD,...
CVE-2024-31316
CVE-2024-31316 affects the Android Framework, specifically the onResult path in AccountManagerService.java. The issue is a parcel mismatch that could allow an arbitrary background activity launch, resulting in local elevation of privilege without requiring additional execution privileges. No user...
CVE-2017-0539
CVE-2017-0539: A remote code execution in libhevc/Mediaserver on Android. A crafted media file can trigger memory corruption within Mediaserver. Affected Android versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Impact: potential remote code execution within Mediaserver. Remediation: patches releas...
CVE-2017-13168
CVE-2017-13168 is an elevation of privilege vulnerability in the Linux kernel SCSI driver affecting the Android kernel (Android ID A-65023233). The connected Nessus/OpenVAS advisories corroborate a kernel SCSI driver flaw that can enable local privilege escalation. The root cause is an issue in t...
CVE-2020-8860
CVE-2020-8860 affects Samsung Galaxy S10 devices with Exynos SoCs (G973FXXS3ASJA etc.). The flaw is a buffer overflow in the Call Control Setup messages, caused by inadequate validation of the length of user-supplied data copied into a fixed-length, stack-based buffer. This enables remote code ex...
CVE-2021-39662
Summary (CVE-2021-39662): In Android’s MediaProvider (MediaProvider.java), a missing permission check in checkUriPermission could allow local elevation of privilege by accessing media provider collections. The issue is exploitable with local access and does not require user interaction, as stated...
CVE-2021-39797
CVE-2021-39797 affects Google Android 12/12L and is tied to a logic error in LauncherApps.java that enables local elevation of privilege. The issue can be exploited locally without user interaction, granting higher privileges due to a flawed control path in several LauncherApps functions. The vul...
CVE-2021-39802
CVE-2021-39802 affects the Android kernel (Memory Management) via the change_pte_range path in mprotect.c, enabling a permissions bypass that could make a shared mmap writable and allow local privilege escalation with no extra execution privileges. Exploitation details are not provided in the con...
CVE-2021-39809
CVE-2021-39809 affects Android platforms (Android 10–12, including 12L). The issue resides in avrc_ctrl_pars_vendor_rsp within avrc_pars_ct.cc, where a missing bounds check leads to an out-of-bounds read. This can cause remote information disclosure without requiring user interaction or additiona...
CVE-2022-20344
CVE-2022-20344 describes a race condition in Android’s EventThread.cpp (stealReceiveChannel) that could allow interference with process communication, enabling local escalation of privilege without requiring extra execution privileges. Affected: Android-10, Android-11, Android-12, Android-12L. Im...
CVE-2022-20350
The CVE-2022-20350 issue affects Android’s NotificationAccessConfirmationActivity.java. It describes an input validation flaw that can trick a user into granting notification access to the wrong app, causing local information disclosure with high confidentiality impact. Affected Android versions:...
CVE-2023-20950
CVE-2023-20950 affects Android (Android-11, Android-12, Android-12L) in AlarmManagerActivity.java, enabling a bypass of background activity launch restrictions via a pendingIntent. This could cause local elevation of privilege with no additional privileges or user interaction required. The Androi...
CVE-2024-20006
CVE-2024-20006 affects MediaTek components (DA module) and is due to an out-of-bounds write caused by a missing bounds check. The vulnerability could enable local escalation of privilege with System execution privileges required; no user interaction is needed. Public references across Red Hat, NV...
CVE-2024-23713
CVE-2024-23713 affects Google's Android Framework, specifically migrateNotificationFilter in NotificationManagerService.java. The root cause is improper input validation that can fail to persist notification settings, enabling local privilege escalation with no extra execution privileges required...
CVE-2018-9422
CVE-2018-9422 concerns a use-after-free in get_futex_key() in futex.c, causing a local privilege escalation on Android/kernel environments. The vulnerability is triggered due to improper locking in futex.c and can be exploited with no user interaction. Connected sources (Unity Linux Nessus plugin...