Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2014/03/03 2:0 a.m.166 views

CVE-2013-4710

CVE-2013-4710 affects Android WebView implementations (Android 3.0–4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank and other devices). The issue arises from improper WebView handling of addJavascriptInterface, enabling remote attackers to call arbitrary Java object methods or cause a ...

9.3CVSS7.5AI score0.42623EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.166 views

CVE-2021-0928

CVE-2021-0928 concerns an Elevation of Privilege in Android’s Media Framework. The vulnerability arises from a mismatch in parcel serialization/deserialization in createFromParcel of OutputConfiguration.java due to improper input validation, allowing local privilege elevation with no authenticate...

7.8CVSS7.7AI score0.0037EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.166 views

CVE-2021-39664

CVE-2021-39664 concerns Android 12, rooted in the loader for APK resources: In LoadedPackage::Load of LoadedArsc.cpp, a missing bounds check can cause an out-of-bounds read. The documented impact is local information disclosure when parsing APK files, with no additional execution privileges requi...

5.5CVSS5AI score0.00128EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.166 views

CVE-2021-39674

This CVE (CVE-2021-39674) affects Android 10–12 and involves a use-after-free in btm_sec_connected/btm_sec_disconnected within btm_sec.cc, enabling local elevation of privilege. Exploitation requires user privileges but not user interaction. There is no public exploit code in the provided docs. R...

7.8CVSS7.7AI score0.00148EPSS
CVE
CVE
added 2022/05/10 7:57 p.m.166 views

CVE-2022-20010

CVE-2022-20010 affects Android 12/12L, arising from an out-of-bounds read in l2cble_process_sig_cmd() inside l2c_ble.cc. The flaw enables remote information disclosure via Bluetooth without needing user interaction or extra privileges, with Bluetooth adjacent-network exploitability per CVSS data....

6.5CVSS6.1AI score0.00256EPSS
CVE
CVE
added 2022/05/10 7:58 p.m.166 views

CVE-2022-20112

The CVE-2022-20112 issue is in Android’s PrivateDnsPreferenceController.java getAvailabilityStatus. A guest user can bypass permissions to change private DNS settings, enabling local escalation of privilege with no additional execution privileges and no user interaction required. Affected Android...

5.5CVSS5.6AI score0.00094EPSS
CVE
CVE
added 2022/07/13 6:22 p.m.166 views

CVE-2022-20220

CVE-2022-20220 affects Android 12/12L where the OpenFile path traversal in CallLogProvider.java can bypass permissions, enabling local escalation of privilege with user privileges and no user interaction required. The root cause is a path traversal fault in openFile that could allow access to pri...

7.8CVSS7.7AI score0.00178EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.166 views

CVE-2022-20227

CVE-2022-20227 affects the Android kernel USB driver: a heap-based overflow leads to an out-of-bounds read. This can enable local information disclosure with user privileges; exploitation does not require user interaction. Public details reference the upstream kernel and the Android 2022-07-01 bu...

5.5CVSS5.1AI score0.00138EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.166 views

CVE-2022-20461

CVE-2022-20461 affects Android BLE code: in pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp there is a possible out-of-bounds read due to type confusion. The cited impact is local escalation of privilege via BLE with no additional execution privileges required and no user int...

7.8CVSS7.6AI score0.00117EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.166 views

CVE-2024-53842

The CVE-2024-53842 issue affects Google Android components, specifically the cc_SendCcImsInfoIndMsg routine in cc_MmConManagement.c. The root cause is an out-of-bounds write due to missing bounds checking, enabling remote code execution with no privileges and no user interaction required. The vul...

9.8CVSS7.9AI score0.00334EPSS
CVE
CVE
added 2019/06/07 7:36 p.m.165 views

CVE-2019-2096

CVE-2019-2096 affects Google Android components, specifically linked to a memory corruption vulnerability in EffectBundle.cpp caused by a double free. This could enable local escalation of privilege in the Android audio server with no extra execution privileges and no user interaction required. A...

7.8CVSS7.8AI score0.0017EPSS
CVE
CVE
added 2019/06/07 7:41 p.m.165 views

CVE-2019-2099

CVE-2019-2099 affects Android systems due to an out-of-bounds write in nfa_rw_store_ndef_rx_buf within nfa_rw_act.cc. The underlying cause is a missing bounds check, allowing local elevation of privilege with no extra execution privileges required; exploitation requires user interaction. Affected...

9.3CVSS7.7AI score0.00565EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.165 views

CVE-2021-39671

CVE-2021-39671 affects Android 12. The flaw is an out-of-bounds read in code generated by aidl_const_expressions.cpp caused by uninitialized data, leading to information disclosure without additional privileges or user interaction. The issue is listed in Android’s February 2022 security bulletins...

6.5CVSS6.2AI score0.0049EPSS
CVE
CVE
added 2022/05/10 7:59 p.m.165 views

CVE-2022-20116

CVE-2022-20116 affects Android 12/12L, arising from onEntryUpdated in OngoingCallController.kt where an intent redirection allows launching non-exported activities. This enables local elevation of privilege with no user interaction required, given User execution privileges. The issue is documente...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2019/06/07 7:34 p.m.164 views

CVE-2019-2093

The CVE-2019-2093 issue affects Android 9 in the Media/ndc path: In huff_dec_1D of nlc_dec.cpp there is a potential out-of-bounds write caused by a missing bounds check, enabling remote code execution with no extra privileges and requiring user interaction to exploit. Connected sources (NVD/NVD v...

9.3CVSS8.8AI score0.01153EPSS
CVE
CVE
added 2019/10/11 6:23 p.m.164 views

CVE-2019-2183

CVE-2019-2183 details (Android) : The issue resides in the RegisteredServicesCache.java, specifically in generateServicesMap, where a caching optimization can bypass account protection, enabling local information disclosure without extra privileges and with no user interaction. Affected platforms...

5.5CVSS5.5AI score0.00158EPSS
CVE
CVE
added 2022/05/10 7:54 p.m.164 views

CVE-2021-39700

CVE-2021-39700 affects Android devices (Android 10–12) via a logic error in adbd.te that corrupted CTS Listening Ports Test results, enabling local information disclosure without extra privileges. The issue is classified as Information Disclosure (Type: ID) with a Medium severity in the Chromecas...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.164 views

CVE-2021-39800

CVE-2021-39800 affects the Android kernel ION component (ion_ioctl.c) where a use-after-free can leak kernel head data, enabling local information disclosure without extra privileges or user interaction. Exploitation details are not provided in the supplied documents. Impact is limited to local d...

5.5CVSS4.9AI score0.00137EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.164 views

CVE-2022-20138

CVE-2022-20138 concerns a missing permission check in the Android framework, specifically in ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java. The issue allows an unprivileged app to send the MANAGED_PROFILE_PROVISIONED intent, potentially enabling local elevation of privileg...

7.8CVSS7.6AI score0.00209EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.164 views

CVE-2022-20474

CVE-2022-20474 affects Android (10–13) and is due to a flaw in Parcel.readLazyValue in Parcel.java that can load arbitrary code into the System Settings app via a confused deputy. The vulnerability enables local privilege escalation without extra execution privileges and does not require user int...

7.8CVSS7.8AI score0.00242EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.164 views

CVE-2023-21103

CVE-2023-21103 involves a DoS in Android’s PhoneAccountRegistrar.registerPhoneAccount due to uncaught exceptions while parsing persisted user data. Affects Android 11–13; vulnerable component is PhoneAccountRegistrar.java. The issue yields local persistent denial of service with no extra privileg...

5.5CVSS5.3AI score0.00096EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.164 views

CVE-2023-40135

CVE-2023-40135 affects Android, where in SaveUi.java’s applyCustomDescription a logic error (confused deputy) can allow viewing another user’s images. This results in local information disclosure with no extra execution privileges and no user interaction required. The issue is documented in multi...

3.3CVSS3.6AI score0.00089EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.163 views

CVE-2017-13220

CVE-2017-13220 is described in connected advisories as an elevation of privilege in the Upstream kernel bluez affecting the Android kernel (Android ID A-63527053). The Nessus/OpenVAS entries reference this CVE alongside other Linux kernel CVEs, confirming a kernel-related issue, but the provided ...

7.8CVSS7.2AI score0.0028EPSS
CVE
CVE
added 2019/06/07 7:35 p.m.163 views

CVE-2019-2095

CVE-2019-2095 affects Android 9 (Pie) with a race condition in SkPixelRef.cpp leading to a use-after-free and potential remote code execution. The vulnerability is triggered via callGenIDChangeListeners and related paths; exploitation requires user interaction. The Android Security Bulletin (June...

7.6CVSS7.3AI score0.00677EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.163 views

CVE-2021-39663

CVE-2021-39663 affects Android 10 and is linked to MediaProvider.java’s openFileAndEnforcePathPermissionsHelper. The vulnerability describes a bypass of a permissions check caused by a confused deputy, enabling local elevation of privilege without user interaction. The Android CVE entry documents...

7.8CVSS7.7AI score0.0015EPSS
CVE
CVE
added 2022/07/13 6:22 p.m.163 views

CVE-2022-20224

CVE-2022-20224 is a reported information-disclosure vulnerability in the Android Bluetooth stack. It stems from an out-of-bounds read in AT_SKIP_REST of bta_hf_client_at.cc due to an insufficient bounds check. The issue could allow remote information disclosure without any user interaction, requi...

7.5CVSS7AI score0.01247EPSS
CVE
CVE
added 2022/08/09 8:22 p.m.163 views

CVE-2022-20352

The CVE-2022-20352 entry refers to a local information-disclosure flaw in Android 12/12L via a missing permission check in LocationManagerService.addProviderRequestListener. It can reveal which packages request location data (information disclosure with no extra execution privileges). Connected s...

5.5CVSS5.1AI score0.00089EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.163 views

CVE-2022-20453

CVE-2022-20453 affects Android 10–13 (Android-10 to Android-13) and involves a path traversal in MmsProvider.java that can constrict directory permissions, enabling local DoS of SIM recognition. The exploit requires user interaction and does not grant additional code execution privileges. The bas...

5.5CVSS5.4AI score0.00158EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.163 views

CVE-2022-20479

CVE-2022-20479 affects Android’s NotificationChannel.java (NotificationChannel) and is categorized as an Elevation of Privilege (EoP) issue due to a resource exhaustion bug that can enable local privilege escalation without user interaction. Affected: Android-10 through Android-13; root cause is ...

7.8CVSS7.6AI score0.00168EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.163 views

CVE-2023-20904

The CVE-2023-20904 issue is in Android SettingsActivity.getTrampolineIntent, where an Intent mismatch can launch an arbitrary activity. This could enable local privilege escalation without extra privileges or user interaction. Affected: Android-12L and Android-13. According to Android security bu...

7.8CVSS7.7AI score0.00136EPSS
CVE
CVE
added 2023/08/14 8:58 p.m.163 views

CVE-2023-21134

The CVE-2023-21134 issue is an elevation-of-privilege in Android related to onCreate in ManagePermissionsActivity.java where a missing permission check could bypass factory reset protections. The vulnerability allows local escalation of privilege with physical access to a device that has been fac...

6.8CVSS6.7AI score0.00125EPSS
CVE
CVE
added 2023/07/12 11:32 p.m.163 views

CVE-2023-21250

CVE-2023-21250 affects the Android Bluetooth stack (gatt_end_operation in gatt_utils.cc). The root cause is an out-of-bounds write due to a missing bounds check, enabling remote code execution with no privileges and no user interaction required. Android security bulletins for 2023-07-01/07-05 ind...

9.8CVSS9.5AI score0.00601EPSS
CVE
CVE
added 2023/10/06 6:48 p.m.163 views

CVE-2023-21291

CVE-2023-21291 affects Android’s Notification.java (visitUris in the framework). The vulnerability arises from a missing permission check, potentially allowing a local attacker to reveal image contents belonging to another user. This is described as a local information disclosure with User privil...

5.5CVSS5AI score0.00103EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.163 views

CVE-2023-40077

CVE-2023-40077 is a race-condition–driven Use-After-Free (UAF) vulnerability in multiple functions of MetaDataBase.cpp. The flaw enables remote escalation of privilege with no extra execution privileges and no user interaction required. Documented sources (NVD/CNVD/OSV/PRION/PRIOR) confirm the is...

9.8CVSS8.2AI score0.08423EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.163 views

CVE-2023-40121

CVE-2023-40121 affects Google Android via a vulnerability in DatabaseUtils.java (appendEscapedSQLString) that enables information disclosure through unsafe deserialization. The description across connected sources notes a SQL injection risk with local impact, requiring local privileges and no use...

5.5CVSS5.5AI score0.00214EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.163 views

CVE-2024-23704

CVE-2024-23704 is an elevation-of-privilege vulnerability in Android’s WifiDialogActivity.onCreate that bypasses DISALLOW_ADD_WIFI_CONFIG due to a missing permission check. Exploitation requires local access with no user interaction; no remote vector is described. Multiple connected sources (NVD,...

7.8CVSS7AI score0.00093EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.163 views

CVE-2024-31316

CVE-2024-31316 affects the Android Framework, specifically the onResult path in AccountManagerService.java. The issue is a parcel mismatch that could allow an arbitrary background activity launch, resulting in local elevation of privilege without requiring additional execution privileges. No user...

7.8CVSS6.9AI score0.00111EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.162 views

CVE-2017-0539

CVE-2017-0539: A remote code execution in libhevc/Mediaserver on Android. A crafted media file can trigger memory corruption within Mediaserver. Affected Android versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Impact: potential remote code execution within Mediaserver. Remediation: patches releas...

9.3CVSS7.7AI score0.01575EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.162 views

CVE-2017-13168

CVE-2017-13168 is an elevation of privilege vulnerability in the Linux kernel SCSI driver affecting the Android kernel (Android ID A-65023233). The connected Nessus/OpenVAS advisories corroborate a kernel SCSI driver flaw that can enable local privilege escalation. The root cause is an issue in t...

7.8CVSS7.3AI score0.00388EPSS
CVE
CVE
added 2020/02/22 12:0 a.m.162 views

CVE-2020-8860

CVE-2020-8860 affects Samsung Galaxy S10 devices with Exynos SoCs (G973FXXS3ASJA etc.). The flaw is a buffer overflow in the Call Control Setup messages, caused by inadequate validation of the length of user-supplied data copied into a fixed-length, stack-based buffer. This enables remote code ex...

8CVSS8.1AI score0.00714EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.162 views

CVE-2021-39662

Summary (CVE-2021-39662): In Android’s MediaProvider (MediaProvider.java), a missing permission check in checkUriPermission could allow local elevation of privilege by accessing media provider collections. The issue is exploitable with local access and does not require user interaction, as stated...

7.8CVSS7.8AI score0.00113EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.162 views

CVE-2021-39797

CVE-2021-39797 affects Google Android 12/12L and is tied to a logic error in LauncherApps.java that enables local elevation of privilege. The issue can be exploited locally without user interaction, granting higher privileges due to a flawed control path in several LauncherApps functions. The vul...

7.8CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.162 views

CVE-2021-39802

CVE-2021-39802 affects the Android kernel (Memory Management) via the change_pte_range path in mprotect.c, enabling a permissions bypass that could make a shared mmap writable and allow local privilege escalation with no extra execution privileges. Exploitation details are not provided in the con...

7.8CVSS7.5AI score0.00145EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.162 views

CVE-2022-20344

CVE-2022-20344 describes a race condition in Android’s EventThread.cpp (stealReceiveChannel) that could allow interference with process communication, enabling local escalation of privilege without requiring extra execution privileges. Affected: Android-10, Android-11, Android-12, Android-12L. Im...

7CVSS7AI score0.00089EPSS
CVE
CVE
added 2022/08/09 8:22 p.m.162 views

CVE-2022-20350

The CVE-2022-20350 issue affects Android’s NotificationAccessConfirmationActivity.java. It describes an input validation flaw that can trick a user into granting notification access to the wrong app, causing local information disclosure with high confidentiality impact. Affected Android versions:...

6.2CVSS5.1AI score0.00095EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.162 views

CVE-2023-20950

CVE-2023-20950 affects Android (Android-11, Android-12, Android-12L) in AlarmManagerActivity.java, enabling a bypass of background activity launch restrictions via a pendingIntent. This could cause local elevation of privilege with no additional privileges or user interaction required. The Androi...

7.8CVSS7.6AI score0.00084EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.162 views

CVE-2024-20006

CVE-2024-20006 affects MediaTek components (DA module) and is due to an out-of-bounds write caused by a missing bounds check. The vulnerability could enable local escalation of privilege with System execution privileges required; no user interaction is needed. Public references across Red Hat, NV...

6.7CVSS6.7AI score0.00223EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.162 views

CVE-2024-23713

CVE-2024-23713 affects Google's Android Framework, specifically migrateNotificationFilter in NotificationManagerService.java. The root cause is improper input validation that can fail to persist notification settings, enabling local privilege escalation with no extra execution privileges required...

7.8CVSS7AI score0.00083EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.161 views

CVE-2018-9422

CVE-2018-9422 concerns a use-after-free in get_futex_key() in futex.c, causing a local privilege escalation on Android/kernel environments. The vulnerability is triggered due to improper locking in futex.c and can be exploited with no user interaction. Connected sources (Unity Linux Nessus plugin...

7.8CVSS7AI score0.00216EPSS
CVE
CVE
added 2020/04/17 6:20 p.m.161 views

CVE-2020-0073

The CVE-2020-0073 entry describes an out-of-bounds write in Android’s NFC processing, specifically in rw_t2t_handle_tlv_detect_rsp within rw_t2t_ndef.cc. The issue allows remote code execution over NFC with no privileges and no user interaction, per the description. Affected products/versions inc...

10CVSS9.2AI score0.01338EPSS
Total number of security vulnerabilities8153