Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/04/06 12:0 a.m.50 views

CVE-2023-20677

The CVE-2023-20677 issue affects the wlan component in MediaTek-based devices, caused by a missing bounds check leading to an out-of-bounds read. Impact is local information disclosure with SYSTEM-level execution privileges required, and exploitation reportedly does not require user interaction. ...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.49 views

CVE-2020-0150

CVE-2020-0150 is tied to Android 10 and affects the rw_t3t_message_set_block_list path in rw_t3t.cc, where a missing bounds check can cause an out-of-bounds write. This leads to local escalation of privilege with no additional execution privileges required and no user interaction needed, per NVD ...

7.8CVSS8.2AI score0.0015EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.49 views

CVE-2020-0156

CVE-2020-0156 affects Android 10 and points to an out-of-bounds read in the NxpNfc::ioctl path of NxpNfc.cpp caused by a missing bounds check. The issue enables local information disclosure with user privileges; exploitation does not require user interaction but is local in nature. CVSS metrics i...

5.5CVSS5.7AI score0.0014EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.49 views

CVE-2020-0168

CVE-2020-0168 affects Android 10, with a vulnerability in the Media Framework where impeg2_fmt_conv_yuv420p_to_yuv420sp_uv in impeg2_format_conv.c can trigger an out-of-bounds write due to a missing bounds check. This can enable remote code execution; exploitation is described as requiring user i...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.49 views

CVE-2020-0175

CVE-2020-0175 affects Android 10 in the Media Framework handling path; the issue is in the XMF_ReadNode function in eas_xmf.c, where improper input validation can cause resource exhaustion leading to a remote Denial of Service with no extra privileges. Exploitation requires user interaction. Publ...

6.5CVSS6.9AI score0.00752EPSS
CVE
CVE
added 2020/05/14 8:17 p.m.49 views

CVE-2020-0220

CVE-2020-0220 corresponds to an out-of-bounds write in the Android kernel driver flow for msm-cirrus playback (crus_afe_callback in msm-cirrus-playback.c). The underlying issue is a missing bounds check in that path, enabling local escalation of privilege with System-level execution privileges re...

6.7CVSS7.2AI score0.00149EPSS
CVE
CVE
added 2020/06/16 1:31 p.m.49 views

CVE-2020-0235

CVE-2020-0235 affects Android’s kernel, specifically the crus_sp_shared_ioctl path where 4 bytes are copied from userdata into the size variable and then used as the size for copy_from_user, overwriting memory following crus_sp_hdr (a static struct crus_sp_ioctl_header). This memory corruption ca...

9.8CVSS9.1AI score0.00443EPSS
CVE
CVE
added 2021/01/25 4:40 p.m.49 views

CVE-2020-0236

CVE-2020-0236 affects Android 10 and specifically the A2DP_GetCodecType path in the a2dp_codec_config. The issue is an out-of-bounds read caused by improper input validation, leading to possible remote information disclosure without extra execution privileges and without user interaction. The vul...

7.5CVSS7.2AI score0.0077EPSS
CVE
CVE
added 2020/09/17 8:58 p.m.49 views

CVE-2020-0266

CVE-2020-0266 affects Android 11 via a factory reset protection (FRP) issue where a missing permission check enables a local elevation of privilege. Exploitation is described as requiring local access with no user interaction; no detailed exploit vectors are provided in the excerpts. The impact i...

7.8CVSS8.2AI score0.00163EPSS
CVE
CVE
added 2020/09/18 3:7 p.m.49 views

CVE-2020-0272

CVE-2020-0272 affects Android 11 components: libhwbinder. The bug is described as an information disclosure caused by uninitialized data in libhwbinder, enabling local information disclosure with system privileges; no user interaction is required. Connected sources (Red Hat, NVD, CVE lists, NCSC)...

4.4CVSS5AI score0.00143EPSS
CVE
CVE
added 2020/09/17 8:48 p.m.49 views

CVE-2020-0297

CVE-2020-0297 affects Android 11 and is tied to the devicepolicy service. The vulnerability is a permission bypass caused by an unsafe PendingIntent, enabling local information disclosure with no user interaction (local, requires user privileges). Public sources in the connected documents confirm...

5.5CVSS5.8AI score0.00149EPSS
CVE
CVE
added 2020/09/18 3:24 p.m.49 views

CVE-2020-0310

Affected software: Android 11 (Settings). The vulnerability CVE-2020-0310 arises from an unsafe PendingIntent that enables a permission bypass, leading to local information disclosure with no user interaction required. Root cause: unsafe PendingIntent handling in Settings. Impact: local informati...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2020/09/18 3:25 p.m.49 views

CVE-2020-0315

CVE-2020-0315 affects Android 11, specifically Zen Mode, where an unsafe PendingIntent can bypass permissions to cause local information disclosure without user interaction. Root cause: unsafe PendingIntent in Zen Mode. Impact: information disclosure with Android-11 user privileges; CVSS details ...

5.5CVSS5.8AI score0.00141EPSS
CVE
CVE
added 2020/09/18 3:5 p.m.49 views

CVE-2020-0335

The CVE-2020-0335 entry affects Android 11 via the NFC subsystem. The root cause is an out-of-bounds write caused by a missing bounds check in NFC handling, enabling local escalation to System privileges and potentially firmware compromise. The vulnerability is annotated as requiring no user inte...

6.7CVSS7.2AI score0.00153EPSS
CVE
CVE
added 2020/09/17 8:56 p.m.49 views

CVE-2020-0361

CVE-2020-0361 affects Android 11 via the libDRCdec information-disclosure flaw. The root cause is uninitialized data in libDRCdec, enabling remote information disclosure with no execution privileges required; exploitation requires user interaction per the CVSS vector. Connected sources corroborat...

6.5CVSS6.6AI score0.00732EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.49 views

CVE-2020-0475

CVE-2020-0475 affects Android 11 where in WindowManagerService.createInputConsumer there is a missing permission check, enabling a local elevation of privilege by intercepting input events. Exploitation requires user interaction; no remote access assumed. Public sources (Red Hat, NVD, CVE lists) ...

7.8CVSS8.1AI score0.00402EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.49 views

CVE-2020-0490

CVE-2020-0490 affects Android 11. The issue is in floor1_info_unpack of floor1.c and stems from a missing bounds check, causing an out-of-bounds read that can disclose information. Exploitation requires user interaction. The impact is information disclosure with no additional execution privileges...

6.5CVSS6.5AI score0.00702EPSS
CVE
CVE
added 2020/03/24 5:12 p.m.49 views

CVE-2020-10832

The CVE-2020-10832 entry describes a vulnerability in Samsung mobile devices with P(9.0) Exynos chipsets where Kernel Wi-Fi drivers allow out-of-bounds Read/Write operations (buffer overflow). This affects the kernel Wi-Fi subsystem and is tied to several Samsung internal IDs (SVE-2019-16125, 161...

7.8CVSS7.8AI score0.00135EPSS
CVE
CVE
added 2021/02/02 11:0 p.m.49 views

CVE-2021-0364

CVE-2021-0364 affects Android (Android-10 and Android-11) due to a command-injection vulnerability in mobile_log_d caused by improper input validation. The issue can enable local escalation of privileges with System execution privileges required and does not require user interaction. Patch ALPS05...

6.7CVSS6.9AI score0.0033EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.49 views

CVE-2021-0454

CVE-2021-0454 affects the Citadel chip firmware via an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with System execution privileges required and no user interaction. In Google Pixel/Android contexts, this vulnerability is mapped to Titan M components ...

7.2CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.49 views

CVE-2021-0490

CVE-2021-0490 affects Android’s memory management driver (MediaTek memory management driver) and describes an out-of-bounds write due to a missing bounds check that could enable local elevation of privilege with no user interaction. The issue is documented across sources including NVD and the 202...

7.8CVSS7.7AI score0.00135EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.49 views

CVE-2021-0493

CVE-2021-0493 is an Android memory management driver vulnerability described as an out-of-bounds write caused by a missing bounds check. The affected component is the memory management driver in Android, with potential local escalation of privilege and no additional execution privileges needed. T...

7.8CVSS7.7AI score0.00132EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.49 views

CVE-2021-0533

CVE-2021-0533 affects the Android memory management driver (Memory management on Android SoC) and is caused by a race condition that can lead to memory corruption. The documented impact is local escalation of privilege with no additional execution privileges required and no user interaction neede...

7CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.49 views

CVE-2021-0676

CVE-2021-0676 pertains to the geniezone driver, where an incorrect bounds check enables a possible out-of-bounds read . This could lead to local information disclosure with the attacker obtaining System execution privileges; exploitation requires no user interaction. Multiple sources (NVD, Red Ha...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.49 views

CVE-2021-0898

In APUsys (MediaTek Apusys), CVE-2021-0898 describes a memory corruption via a use-after-free in the apusys component that can enable local escalation of privilege with System execution privileges required and no user interaction. Affected: apusys; root cause: use-after-free leading to memory cor...

6.7CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.49 views

CVE-2021-0900

The CVE-2021-0900 entry concerns the MediaTek apusys component, with an out-of-bounds read due to an incorrect bounds check. This could enable local information disclosure and requires System privileges for exploitation, with no user interaction needed. Documents consistently describe the affecte...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.49 views

CVE-2021-1040

CVE-2021-1040 describes an elevation-of-privilege vulnerability in Android where, in onCreate of BluetoothPairingSelectionFragment.java, a tapjacking/overlay attack could enable local escalation of privilege without requiring extra execution privileges. Affected products/versions include Android ...

7.8CVSS7.6AI score0.00116EPSS
CVE
CVE
added 2021/01/05 5:54 p.m.49 views

CVE-2021-22492

CVE-2021-22492 concerns a buffer overflow in the Bluetooth UART driver on Samsung mobile devices using Broadcom Bluetooth chipsets (O(8.x), P(9.0), Q(10.0)). The issue stems from the UART driver handling data unsafely, leading to potential memory corruption. CVSS data from NVD indicates a base sc...

8.8CVSS8.8AI score0.00252EPSS
CVE
CVE
added 2021/07/08 1:43 p.m.49 views

CVE-2021-25429

Technical details (affected product/versions/root cause/exploit status) are not publicly available in the provided documents. Monitor for updates from NVD/Red Hat and security advisories.

4.3CVSS4.5AI score0.00159EPSS
CVE
CVE
added 2021/09/09 6:3 p.m.49 views

CVE-2021-25451

CVE-2021-25451 affects Android’s NetworkPolicyManagerService where a PendingIntent hijack can lead to exposure of IMSI data. The vulnerability is local, requiring user interaction, with a low-moderate CVSS (3.3 on 3.1, base score 3.3; confidentiality impact: Low). Root cause stated: manipulation ...

4.3CVSS4.1AI score0.00229EPSS
CVE
CVE
added 2021/10/06 5:8 p.m.49 views

CVE-2021-25475

Summary of CVE-2021-25475 : The issue is a heap-based buffer overflow in the DSP kernel driver, before Samsung SMR Oct-2021 Release 1. This flaw can lead to arbitrary memory writes and code execution within the kernel context on affected Samsung devices. Affected component: DSP kernel driver. Roo...

7.2CVSS6.9AI score0.0012EPSS
CVE
CVE
added 2022/08/11 3:24 p.m.49 views

CVE-2022-20312

In Android 13, the WifiP2pManager can leak the device’s WiFi P2P MAC address without user consent due to a missing permission check. This enables local information disclosure with a Local attack vector and no user interaction required. Affected component: WifiP2pManager in Android 13. Root cause:...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:26 p.m.49 views

CVE-2022-20320

CVE-2022-20320 affects Android 13 and involves the ActivityManager. The issue enables a local attacker to infer whether an app is installed without query permissions, via a side-channel information disclosure. The exploitation is described as requiring local access (no user interaction) and not n...

3.3CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2022/08/11 3:31 p.m.49 views

CVE-2022-20342

CVE-2022-20342 affects Android 13. An insecure default in WiFi could disclose the WiFi password to the end user, enabling local information disclosure without extra privileges or user interaction. The issue is categorized under Android 13 security release notes; no exploitation details or active ...

3.3CVSS4.6AI score0.00094EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.49 views

CVE-2022-20429

CVE-2022-20429 affects Android’s CarSettings component across Android-10/11/12/12L. The issue enables a local elevation of privilege in Bluetooth settings via a confused deputy, requiring no user interaction and permitting an adjacent attacker with no privileges to exploit (per the referenced NVD...

8.8CVSS8.3AI score0.00158EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.49 views

CVE-2022-32611

CVE-2022-32611 concerns MediaTek’s isp component. The vulnerability is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required. Exploitation reportedly does not require user interaction. A patch is referenced (Patc...

6.7CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.49 views

CVE-2022-32615

CVE-2022-32615 concerns an out‑of‑bounds write in the ccd component caused by uninitialized data, enabling local privilege escalation with system execution privileges required. No user interaction is needed. The vulnerability details are supported by multiple sources in the provided documents, wi...

6.7CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.49 views

CVE-2022-32629

CVE-2022-32629 affects the isp component and is caused by a missing bounds check that enables an out-of-bounds write. This can lead to local escalation of privilege with system execution privileges required; exploitation does not require user interaction. The entry lists a patch reference: ALPS07...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.49 views

CVE-2022-38675

CVE-2022-38675 concerns a defect in the GPU driver where a missing bounds check enables a local out-of-bounds write, potentially causing a local denial of service in the kernel. The description across multiple sources agrees on the kernel impact and local attack vector, with CVSS v3.1 metrics ind...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.49 views

CVE-2022-39093

CVE-2022-39093 describes a missing permission check in the power management service that can allow a setup of the service without additional execution privileges. The vulnerability is characterized as local, with low attack complexity and no user interaction, and has a CVSS v3.1 base score of 7.8...

7.8CVSS7.5AI score0.00091EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.49 views

CVE-2022-39104

Summary (validated): CVE-2022-39104 affects the Contacts service, where a missing permission check could allow local denial of service without requiring additional execution privileges. The CVSS 3.1 base metrics indicate a Medium severity with Local attack vector and Availability impact. No expli...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.49 views

CVE-2022-39110

CVE-2022-39110 describes a missing permission check in the Music service that could allow elevation of privilege with no additional execution privileges required. The vulnerability is identified across multiple sources (NVD, Red Hat, CVE lists, PRION, CNNVD, etc.), all reiterating the same issue:...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.49 views

CVE-2022-39850

CVE-2022-39850: The issue is an improper access control in Samsung’s mum_container_policy service, present prior to SMR Oct-2022 Release 1, allowing an unauthorized read of configuration data. Affected product area is Samsung mobile devices; root cause is inadequate access checks in the mum_conta...

3.3CVSS4AI score0.00081EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.49 views

CVE-2022-39854

CVE-2022-39854 pertains to Samsung devices with the IOMMU in the SMR Oct-2022 Release 1, where improper protection in the IOMMU could allow unauthorized access to secure memory. The root cause is described as insufficient protection in IOMMU prior to the SMR Oct-2022 Release 1. Affected remediati...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.49 views

CVE-2022-39894

CVE-2022-39894 affects Samsung Phone’s ContactListStartActivityHelper. The issue is an improper access control that can expose sensitive information via an implicit intent in versions prior to the SMR Dec-2022 Release 1. Public sources (NVD/Red Hat/CNNVD/PT-Security) describe the vulnerability as...

4CVSS3.9AI score0.00082EPSS
CVE
CVE
added 2023/08/07 1:54 a.m.49 views

CVE-2022-47351

CVE-2022-47351 affects the camera driver and involves a missing bounds check that enables an out-of-bounds read. This can lead to a local denial of service with System execution privileges required. The issue is documented across NVD/Red Hat databases with a CVSS v3.1 base score of 4.4 (MEDIUM) a...

4.4CVSS4.6AI score0.00086EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.49 views

CVE-2022-48375

CVE-2022-48375 concerns the UNISOC chipsets’ contacts service module, where a missing permission check may allow a local attacker to cause a denial of service with no additional privileges. The available documents consistently describe the issue as a local impact vulnerability due to insufficient...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.49 views

CVE-2022-48388

The CVE-2022-48388 entry concerns UNISOC Chipsets’ powerEx service module. The vulnerability arises from a missing permission check in the powerEx service, enabling local escalation of privilege with no additional execution privileges. Affected component: powerEx service on UNISOC chipsets. Impac...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.49 views

CVE-2023-20651

CVE-2023-20651 concerns the MediaTek apu component, where a missing bounds check enables an out-of-bounds read. This could lead to local information disclosure with System execution privileges needed; no user interaction is required. Public details consistently identify the vulnerability in apu a...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.49 views

CVE-2023-20704

The CVE-2023-20704 involves the apu component in MediaTek chips, where a missing bounds check can trigger an out-of-bounds read and local information disclosure without requiring user interaction. Affected element: apu on MediaTek hardware. Root cause: bounds-check omission leading to memory read...

5.5CVSS5AI score0.0009EPSS
Total number of security vulnerabilities8153