Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/05 4:10 p.m.51 views

CVE-2024-0028

The CVE-2024-0028 entry describes an information-disclosure flaw in Android’s Audio Service where a missing permission check could let an attacker obtain the MAC addresses of nearby Bluetooth devices. This is a local issue with low attack complexity and no user interaction required, potentially e...

5.5CVSS6.2AI score0.0007EPSS
CVE
CVE
added 2020/08/31 8:45 p.m.50 views

CVE-2020-25058

CVE-2020-25058 affects LG mobile devices running Android 8.0–10, where the network_management service fails to properly restrict configuration changes. Root cause: insufficient access control in the network_management component. Impact is stated as high across confidentiality, integrity, and avai...

9.8CVSS9.2AI score0.00443EPSS
CVE
CVE
added 2020/08/31 8:47 p.m.50 views

CVE-2020-25060

Technical details about CVE-2020-25060 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

7.8CVSS7.7AI score0.00129EPSS
CVE
CVE
added 2020/12/15 4:5 p.m.50 views

CVE-2020-27044

CVE-2020-27044 affects Android 11 in Parcel.cpp, restartWrite path, where a use-after-free leads to memory corruption. The issue is described as a local elevation of privilege without extra execution privileges required; user interaction is not needed. The vulnerability is reported with a high ba...

7.8CVSS8.3AI score0.00142EPSS
CVE
CVE
added 2021/02/04 5:9 p.m.50 views

CVE-2021-0343

CVE-2021-0343 affects the kisd component in Android 11. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation to System privileges without user interaction. The vulnerability impact is described as high for confidentiality, integrity, and availability in ...

7.2CVSS6.7AI score0.00159EPSS
CVE
CVE
added 2021/02/04 5:9 p.m.50 views

CVE-2021-0344

CVE-2021-0344 concerns memory corruption in the mtkpower component in Android (Android-10 and Android-11). The root cause is a missing bounds check, enabling local escalation of privileges with System-level execution privileges required; exploitation does not require user interaction. The vulnera...

7.2CVSS6.8AI score0.00163EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.50 views

CVE-2021-0354

CVE-2021-0354: A local privilege-escalation flaw in ged on Android (Android 8.1–11) arises from an out-of-bounds write caused by an integer overflow. The issue allows an attacker with local access to potentially execute with System privileges without user interaction. Affected components are tied...

6.7CVSS6.7AI score0.00155EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.50 views

CVE-2021-0362

CVE-2021-0362 affects Android 11 as described across multiple sources. The vulnerability is a memory corruption via a stack buffer overflow in the aee component, enabling local privilege escalation with System-level execution privileges. Exploitation does not require user interaction. Patch ALPS0...

6.7CVSS6.9AI score0.00154EPSS
CVE
CVE
added 2021/03/10 3:52 p.m.50 views

CVE-2021-0368

CVE-2021-0368 concerns an out-of-bounds read in oggpack_look within bitwise.c, leading to potential information disclosure. The issue is documented for Android 11; the Pixel/Android bulletin indicates this vulnerability is addressed in updated AOSP versions (minimum patch level 2021-03-05, i.e., ...

6.5CVSS6.1AI score0.00711EPSS
CVE
CVE
added 2021/03/10 4:9 p.m.50 views

CVE-2021-0381

The CVE-2021-0381 issue affects Android 11 and is tied to DeviceStorageMonitorService.java (updateNotifications). It describes a possible permission bypass caused by an unsafe PendingIntent that can lead to local information disclosure without user interaction. The exploitable condition requires ...

5.5CVSS5.1AI score0.00115EPSS
CVE
CVE
added 2021/03/10 4:14 p.m.50 views

CVE-2021-0453

CVE-2021-0453 corresponds to a vulnerability in the Titan-M firmware (and related Android kernel component) where uninitialized data can cause a disclosure of stack memory, leading to local information disclosure with system-level privileges required. The public descriptions consistently state th...

4.4CVSS4.3AI score0.00124EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.50 views

CVE-2021-0457

CVE-2021-0457 targets the FingerTipS touch screen driver in the Android kernel and describes an out-of-bounds write caused by a heap buffer overflow, enabling local privilege escalation to SYSTEM with no user interaction required. Public sources (NVD entry, ZDI advisory) corroborate a heap-based ...

6.7CVSS6.8AI score0.00217EPSS
CVE
CVE
added 2021/11/18 2:57 p.m.50 views

CVE-2021-0657

CVE-2021-0657 affects apusys and is caused by a stack-based buffer overflow leading to an out-of-bounds write. This can enable local escalation to System privileges without user interaction. The vulnerability context is supported by multiple sources (e.g., Red Hat, NVD) and lists a patch referenc...

6.7CVSS6.8AI score0.00125EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.50 views

CVE-2021-0893

CVE-2021-0893 affects the MediaTek Apusys component. The vulnerability is a memory corruption via a use-after-free, potentially enabling local escalation of privileges with System execution privileges required; no user interaction is necessary. Patches exist (Patch ID: ALPS05672107; Issue ID: ALP...

6.7CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2021/09/09 6:4 p.m.50 views

CVE-2021-25459

CVE-2021-25459 affects BlockchainTZService. The vulnerability is an improper access control in the sspInit() function that allows attackers to start the BlockchainTZService. Affected versions are prior to SMR Sep-2021 Release 1. Exploitation details are not provided beyond local access vectors im...

5.5CVSS5.4AI score0.00116EPSS
CVE
CVE
added 2021/10/06 5:8 p.m.50 views

CVE-2021-25476

CVE-2021-25476 describes an information-disclosure vulnerability in Widevine TA log prior to Samsung SMR Oct-2021 Release 1 that enables bypass of ASLR in the Trusted Execution Environment (TEE). Affected component: Widevine TA log. Root cause: information leakage in the log prior to the SMR patc...

4.4CVSS4.5AI score0.00096EPSS
CVE
CVE
added 2021/10/06 5:10 p.m.50 views

CVE-2021-25488

The CVE-2021-25488 issue affects Samsung devices via the modem interface driver’s recv_data() function. The root cause is a missing boundary check in the buffer handling, before the SMR Oct-2021 Release 1 patch, which permits an out-of-bounds (OOB) read. The vulnerability is documented across mul...

5.5CVSS5.6AI score0.00105EPSS
CVE
CVE
added 2021/12/08 2:19 p.m.50 views

CVE-2021-25510

CVE-2021-25510 concerns an improper validation in FilterProvider, prior to Samsung SMR Dec-2021 Release 1, enabling local arbitrary code execution. Affected context is Samsung mobile software; vulnerability is localized with potential full impact to confidentiality, integrity, and availability as...

7.8CVSS7.7AI score0.00111EPSS
CVE
CVE
added 2021/12/08 2:19 p.m.50 views

CVE-2021-25513

CVE-2021-25513 affects the Apps Edge application prior to Samsung SMR Dec-2021 Release 1. The root cause is improper privilege management, enabling unauthorized access to certain lockscreen data. Impact is limited to exposure of device data on the lockscreen; CVSS scores (NVD 2.4/3.1, Low) reflec...

2.4CVSS4AI score0.00105EPSS
CVE
CVE
added 2021/04/06 7:18 a.m.50 views

CVE-2021-30161

CVE-2021-30161 affects LG mobile devices running Android 11. The vulnerability allows attackers to bypass the lockscreen protection after an incoming call has been terminated. Root cause, affected models/versions, exploit details, and fixes are not provided in the connected documents; remediation...

5.5CVSS5.6AI score0.00107EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.50 views

CVE-2022-20013

The CVE-2022-20013 entry concerns the vow driver with a race-condition that enables memory corruption and local escalation to System privileges. Affected component: vow driver (MediaTek context appears in related sources). Impact: local privilege escalation with high impact on confidentiality, in...

6.4CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.50 views

CVE-2022-20019

CVE-2022-20019 affects the MediaTek libMtkOmxGsmDec component. The issue is an incorrect bounds check that may allow local information disclosure without requiring additional execution privileges; user interaction is not needed. The CVE description and Red Hat/NVD entries confirm the impact is li...

5.5CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2022/08/11 3:27 p.m.50 views

CVE-2022-20324

CVE-2022-20324 : In Android 13, the Framework exposes a side-channel leak that can reveal whether an app is installed without query permissions, enabling local information disclosure without extra execution privileges. The vulnerability affects the Framework component and results in confidential ...

5.5CVSS5.4AI score0.00097EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.50 views

CVE-2022-26462

CVE-2022-26462 describes an out-of-bounds read in the MediaTek vow component caused by an incorrect bounds check. The vulnerability could lead to local information disclosure with system-level execution privileges required, and exploitation reportedly does not require user interaction. Public ref...

4.4CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.50 views

CVE-2022-32645

CVE-2022-32645 affects vow and describes a race condition that could lead to local information disclosure with SYSTEM privileges required. Exploitation does not require user interaction. The CVE entry cites a patch ID ALPS07494477 (issue ALPS07494477) as the remediation. Multiple connected source...

4.1CVSS4AI score0.00094EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.50 views

CVE-2022-38689

CVE-2022-38689 concerns the telephony service, where a missing permission check can enable local information disclosure without extra execution privileges. Multiple connected sources corroborate a local-privilege-agnostic disclosure vector affecting telephony components, with no concrete exploit ...

5.5CVSS5.2AI score0.00117EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.50 views

CVE-2022-39103

The CVE-2022-39103 entry concerns the Gallery service, where a missing permission check is the root cause. This vulnerability could permit local denial of service without requiring additional execution privileges. Publicly provided documents reiterate the issue but do not specify affected version...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.50 views

CVE-2022-39109

Technical details about CVE-2022-39109 are not publicly provided in the connected documents. Monitor for updates from vendors and advisories to obtain affected products, versions, and fixes.

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.50 views

CVE-2022-39120

CVE-2022-39120 concerns a vulnerability in the kernel’s sensor driver where a missing bounds check can trigger an out-of-bounds write, enabling local denial of service. This is described consistently across sources (NVD/Red Hat/NVD enrichments) as a local, high-availability impact with a 5.5 CVSS...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.50 views

CVE-2022-39896

CVE-2022-39896 affects Samsung Contacts prior to SMR Dec-2022 Release 1. The issue is improper access control that could allow access to sensitive information via implicit intents. Affected component: Contacts; root cause identified as access-control weakness. Impact described in sources as expos...

4CVSS4.1AI score0.00086EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.50 views

CVE-2022-42759

CVE-2022-42759 affects the wlan driver, where a missing bounds check in the driver could allow a local denial of service in wlan services. The Red Hat and NVD entries corroborate the description; no concrete exploit details are provided in the connected documents. The PT-Security entry notes the ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.50 views

CVE-2022-47334

CVE-2022-47334 concerns the phasecheck server, where a missing bounds check can cause an out-of-bounds read. This vulnerability is described as enabling a local denial of service with system execution privileges required. The connected documents consistently relay the same underlying issue, thoug...

4.4CVSS4.6AI score0.00093EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.50 views

CVE-2022-47357

CVE-2022-47357 involves a missing permission check in the log service, enabling local denial of service. The CVSS 3.1 base score is 5.5 (LOCAL attacker, LOW attack complexity, LOW privileges required, HIGH impact on availability). The available documents do not specify the affected vendor/product...

5.5CVSS5.3AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.50 views

CVE-2022-48243

CVE-2022-48243 concerns the UNISOC audio service, where a missing permission check in the audio service could enable local escalation of privilege with no additional execution privileges. The CVE is consistently described across sources as a local-privilege-escalation issue without public details...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.50 views

CVE-2022-48382

CVE-2022-48382 concerns UNISOC chipsets’ log service. The root cause is a missing bounds check that enables an out-of-bounds write. Impact described as local denial of service with system privileges required. Exploitation details are not provided in the connected documents. Remediation/patch info...

4.4CVSS4.7AI score0.00121EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.50 views

CVE-2023-20638

CVE-2023-20638 affects the ril component of MediaTek chips, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local escalation of privilege with System execution privileges required. User interaction is not needed for exploitation. A patch is available: ALPS...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.50 views

CVE-2023-20644

CVE-2023-20644 affects the ril module of MediaTek-based devices, where a missing bounds check causes an out-of-bounds read. This can lead to local information disclosure with potential system-privilege execution, with no user interaction required. Exploitation details are not provided in the docu...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.50 views

CVE-2023-20647

This CVE (CVE-2023-20647) affects the ril module in MediaTek chips. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure with system execution privileges required. Exploitation is described as not requiring user interaction. Patch ID...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.50 views

CVE-2023-20648

CVE-2023-20648 affects the ril module in MediaTek chips. Root cause: missing bounds check causing an out-of-bounds read. Impact: local information disclosure with system execution privileges required; exploitation requires no user interaction. Patch ID: ALPS07628612. Multiple connected sources (N...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.50 views

CVE-2023-20649

The CVE-2023-20649 entry concerns the MediaTek ril module. A missing bounds check can cause an out-of-bounds read, enabling local information disclosure with system execution privileges required. Exploitation does not require user interaction, but the vulnerability is confirmed as LOCAL with HIGH...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.50 views

CVE-2023-20666

CVE-2023-20666 concerns a MediaTek display DRM component with an out-of-bounds write caused by a missing bounds check. The vulnerability enables local privilege escalation to System level without user interaction. The issue is indicated to affect the Display DRM path, with a patch identifier ALPS...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.50 views

CVE-2023-20677

The CVE-2023-20677 issue affects the wlan component in MediaTek-based devices, caused by a missing bounds check leading to an out-of-bounds read. Impact is local information disclosure with SYSTEM-level execution privileges required, and exploitation reportedly does not require user interaction. ...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.50 views

CVE-2023-20722

CVE-2023-20722 affects the m4u component with an out-of-bounds write caused by improper input validation. This can lead to local privilege escalation requiring System execution privileges, with no user interaction needed. A patch is available (Patch ID: ALPS07771518; Issue ID: ALPS07680084). Conn...

6.7CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.50 views

CVE-2023-20803

Summary: CVE-2023-20803 affects the imgsys component of MediaTek microprogram software, where memory corruption can occur due to improper input validation. This leads to local privilege escalation with system execution privileges required and user interaction needed for exploitation. Technical de...

6.7CVSS6.8AI score0.00089EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.50 views

CVE-2023-21320

CVE-2023-21320 concerns information disclosure via the Device Policy on Android. The issue enables an attacker to verify whether a specific admin app is registered on a device through side-channel information disclosure, resulting in local information disclosure with no additional execution privi...

5.5CVSS5.6AI score0.00088EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.50 views

CVE-2023-30938

CVE-2023-30938 involves a missing privilege check in the telephony service that can lead to local information disclosure without extra execution privileges. Connected sources describe affected UNISOC chipsets (e.g., SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616, T820, S8000)...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.50 views

CVE-2023-32864

CVE-2023-32864 describes an out-of-bounds write in the display drm component of MediaTek chips caused by an incorrect bounds check. This can lead to local escalation of privilege with System-level execution privileges required; no user interaction is needed for exploitation. A patch is identified...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.50 views

CVE-2023-32884

In netdagent, the vulnerability is an information disclosure caused by an incorrect bounds check, enabling local escalation of privilege with System-level execution privileges. Affected component: netdagent (no specific versions provided in the connected docs). Impact is described as high for con...

6.7CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2024/01/02 9:20 p.m.50 views

CVE-2023-4164

CVE-2023-4164 affects Google Pixel Watch. It describes a local information-disclosure vulnerability caused by a missing permission check that could expose health data without extra privileges. Public details confirm the issue but do not provide exploit specifics. Impact is focused on confidential...

8.4CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.50 views

CVE-2023-42637

CVE-2023-42637 concerns the validationtools component, where a missing permission check could allow local information disclosure without additional execution privileges. The available connected documents confirm the issue but do not provide concrete product/version mappings, exploit details, or a...

5.5CVSS5.2AI score0.0008EPSS
Total number of security vulnerabilities8153