Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/05/09 1:21 a.m.49 views

CVE-2022-48375

CVE-2022-48375 concerns the UNISOC chipsets’ contacts service module, where a missing permission check may allow a local attacker to cause a denial of service with no additional privileges. The available documents consistently describe the issue as a local impact vulnerability due to insufficient...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.49 views

CVE-2022-48388

The CVE-2022-48388 entry concerns UNISOC Chipsets’ powerEx service module. The vulnerability arises from a missing permission check in the powerEx service, enabling local escalation of privilege with no additional execution privileges. Affected component: powerEx service on UNISOC chipsets. Impac...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.49 views

CVE-2023-20651

CVE-2023-20651 concerns the MediaTek apu component, where a missing bounds check enables an out-of-bounds read. This could lead to local information disclosure with System execution privileges needed; no user interaction is required. Public details consistently identify the vulnerability in apu a...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.49 views

CVE-2023-20704

The CVE-2023-20704 involves the apu component in MediaTek chips, where a missing bounds check can trigger an out-of-bounds read and local information disclosure without requiring user interaction. Affected element: apu on MediaTek hardware. Root cause: bounds-check omission leading to memory read...

5.5CVSS5AI score0.0009EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.49 views

CVE-2023-20706

CVE-2023-20706 affects the MediaTek apu module. The issue is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with no user interaction and no additional privileges required. Exploitation details or active exploit status are not provided in the document...

5.5CVSS5AI score0.0009EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.49 views

CVE-2023-20709

CVE-2023-20709 affects the keyinstall module in MediaTek systems. The issue is an out-of-bounds read caused by a missing bounds check, leading to potential local information disclosure and requiring System execution privileges for exploitation. User interaction is not needed. References to patche...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.49 views

CVE-2023-20795

The CVE-2023-20795 entry describes a vulnerability in the ril module (MediaTek-based environments) where a missing bounds check enables an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required, and exploitation does not require user interaction...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/08/14 9:10 p.m.49 views

CVE-2023-21230

CVE-2023-21230 affects Google Wear OS / Android framework. A precondition check failure in the onAccessPointChanged method of AccessPointPreference.java could allow unprivileged apps to receive broadcasts about WiFi access point changes (including BSSID/SSID), enabling local information disclosur...

5.5CVSS5.2AI score0.00082EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.49 views

CVE-2023-21327

CVE-2023-21327 relates to a side-channel information disclosure in Android’s Permission Manager, enabling an attacker to determine if an app is installed without query permissions. The vulnerability allows local information disclosure with no extra execution privileges and requires no user intera...

5.5CVSS5.1AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.49 views

CVE-2023-21370

CVE-2023-21370 is an elevation-of-privilege flaw in the Android Security Element API. The root cause is an integer overflow that enables an out-of-bounds write, leading to local privilege escalation with System privileges. Exploitation requires no user interaction. The affected component is the S...

6.7CVSS6.9AI score0.00092EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.49 views

CVE-2023-21372

CVE-2023-21372 concerns a vulnerability in libdexfile where a missing bounds check allows an out-of-bounds read, enabling local elevation of privilege without user interaction. The issue affects Android’s libdexfile component and is classified as a local EoP (MITRE ambiguous, but Android bulletin...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.49 views

CVE-2023-21380

CVE-2023-21380 is a Bluetooth heap buffer overflow in Android that can enable local elevation of privilege with SYSTEM execution when exploited without user interaction. The vulnerability is listed in Android 14 security release notes and associated with an out-of-bounds write in Bluetooth. Affec...

6.7CVSS7AI score0.00094EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.49 views

CVE-2023-30914

Technical details about CVE-2023-30914 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.49 views

CVE-2023-32817

CVE-2023-32817 affects the gnss service. The issue is an out-of-bounds read caused by improper input validation, leading to local information disclosure with system execution privileges required. Exploitation does not require user interaction. A patch is available: ALPS08044040 (Issue ALPS0804403...

4.4CVSS4.3AI score0.00089EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.49 views

CVE-2023-32855

CVE-2023-32855 describes a privilege-escalation defect in the aee module (MediaTek context) caused by a missing permission check, enabling local escalation to System privileges without user interaction. Exploitation status is not detailed in the provided documents. A fix is referenced as Patch ID...

6.7CVSS6.6AI score0.00107EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.49 views

CVE-2023-32879

The CVE-2023-32879 entry is connected to MediaTek devices, specifically a vulnerability in the battery module where a missing bounds check allows an out-of-bounds write. This leads to local escalation of privilege with System-level execution privileges required, and exploitation is not shown as r...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.49 views

CVE-2023-33884

CVE-2023-33884 reflects a vulnerability in the telephony service where a missing privilege check enables local information disclosure without extra execution privileges. The issue affects UNISOC chipsets (examples include SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T616/T770/T820/S8000 and r...

5.5CVSS5.2AI score0.00099EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.49 views

CVE-2023-42635

Technical details about CVE-2023-42635 are not publicly provided in the supplied documents; monitor for updates.

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.49 views

CVE-2023-42648

CVE-2023-42648 affects UNISOC chipsets in engineermode, where a missing permission check can lead to local information disclosure without requiring elevated privileges. The available connected documents confirm the root cause (in engineermode) and the potential impact (local information disclosur...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/09/27 2:1 p.m.49 views

CVE-2023-44126

The CVE-2023-44126 issue concerns the Android Call management component (com.android.server.telecom) patched by LG. The vulnerability arises because LG’s patch sends a large number of LG-owned implicit broadcasts that disclose sensitive telephony data to all third-party apps on the same device. T...

5.5CVSS4.3AI score0.00121EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.49 views

CVE-2023-52351

The CVE-2023-52351 issue affects the ril service in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local denial of service with System execution privileges required. Affected component: ril service (UNISOC). Impact is described as local D...

7.8CVSS6.7AI score0.00088EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.49 views

CVE-2024-20016

Inged ged module, CVE-2024-20016 involves a possible out-of-bounds write caused by an integer overflow, leading to local denial of service with system execution privileges required and no user interaction. Patch ID ALPS07835901 is noted; issue ID ALPS07835901. Red Hat and other feeds corroborate ...

4.4CVSS4.7AI score0.00107EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.49 views

CVE-2024-20098

The CVE-2024-20098 issue concerns Power module boundary checks: a possible out-of-bounds write may enable local escalation of privilege with System execution privileges required, and no user interaction is needed. Multiple connected sources (NVD, Red Hat, OSV, CVE lists, PT Security, CNNVD) corro...

6.7CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.49 views

CVE-2024-20114

CVE-2024-20114 affects the ccu component (MediaTek CCU family). It describes a possible out-of-bounds write caused by a missing bounds check, potentially enabling local escalation of privilege with System execution privileges. Exploitation requires no user interaction per the description. The pat...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.49 views

CVE-2024-20123

In vdec, a vulnerability described as an out-of-bounds read from improper structure design could cause local information disclosure with system execution privileges required. Notably, exploitation requires no user interaction, and the issue is associated with Patch ID ALPS09008925 and Issue MSV-1...

4.4CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2025/03/10 8:50 p.m.49 views

CVE-2024-56191

The CVE-2024-56191 issue affects Google Pixel Watch, rooted in an integer overflow in dhd_process_full_gscan_result (dhd_pno.c). The vulnerability allows local elevation of privilege without additional execution privileges and does not require user interaction. Affected component/file: dhd_pno.c ...

8.4CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.49 views

CVE-2026-0076

CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.49 views

CVE-2026-0078

CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2018/04/20 9:0 p.m.48 views

CVE-2014-0900

CVE-2014-0900 affects the Android Device Administrator code prior to 4.4.1_r1. The root cause is the failure to update the mAdminMap data structure, which may allow an attacker to spoof device administrators and thereby bypass Mobile Device Management (MDM) restrictions. Documents indicate the im...

8.8CVSS8.4AI score0.00493EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.48 views

CVE-2014-9896

Technical details (affected product/component, root cause, impact, fix) are not publicly provided in the connected documents. Please monitor for updates from official advisories to obtain confirmed remediation guidance.

5.5CVSS5.2AI score0.0046EPSS
CVE
CVE
added 2017/01/18 5:0 p.m.48 views

CVE-2014-9910

CVE-2014-9910 is a local elevation-of-privilege in the Broadcom Wi‑Fi driver on Android that could allow a malicious local app to run code in kernel context. The issue requires compromising a privileged process and affects Android, with no specific patch version or remediation provided in the sup...

7.6CVSS6.8AI score0.00532EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2014-9928

Technical details are not publicly available in the provided documents. Monitor for updates and new disclosures regarding CVE-2014-9928.

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2014-9948

CVE-2014-9948 is described as an Improper Validation of Array Index vulnerability in TrustZone across CAF Android releases that use the Linux kernel. The affected component is TrustZone; the root cause is improper validation of an array index. The CVSS3 metrics indicate a HIGH-severity, with a ba...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.48 views

CVE-2014-9954

CVE-2014-9954 is an elevation of privilege vulnerability in Qualcomm closed‑source components used by Android. Affected product: Android kernel. Root cause details are not fully disclosed in the provided documents, but the NVD entry lists an elevation of privilege impact with a as‑is Android kern...

10CVSS8.7AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.48 views

CVE-2014-9966

CVE-2014-9966 describes a TOCTOU race condition in Android CAF Secure Display implemented in the Linux kernel used by Android. The vulnerability affects Android releases using CAF’s Linux kernel and Secure Display, with impact on confidentiality, integrity, and availability as reflected in CVSS (...

7.6CVSS6.8AI score0.00443EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2014-9968

CVE-2014-9968 is a buffer‑overflow in the Qualcomm UIMDIAG interface found in Qualcomm closed‑source components included with Android CAF builds using the Linux kernel. Multiple connected sources describe a vulnerable UIMDIAG path in Qualcomm components and flag the issue as a potential for arbit...

10CVSS8AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-0576

CVE-2015-0576 describes a buffer overflow in the HSDPA component used by Qualcomm in Android CAF/Linux kernel implementations. Connected sources corroborate a Qualcomm HSDPA buffer overflow affecting CAF-based Android releases, with CNVD noting potential arbitrary-code execution or denial of serv...

7.6CVSS6.8AI score0.00541EPSS
CVE
CVE
added 2016/08/07 9:0 p.m.48 views

CVE-2015-3854

CVE-2015-3854 affects Android 5.x; the vulnerability exists in PowerNotificationWarnings.java within the Android SystemUI power package. A broadcast intent using the PNW.stopSaver action can bypass the DEVICE_POWER permission requirement, enabling local access to perform restricted actions. The i...

7.5CVSS7.2AI score0.00543EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-8595

Connected sources tie CVE-2015-8595 to a Qualcomm closed‑source DRM issue in Android CAF using the Linux kernel. CNVD-2017-26645 describes a buffer overflow in the digital television/digital radio DRM of the Qualcomm component, capable of enabling arbitrary code execution or DoS. The available do...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.48 views

CVE-2015-8892

CVE-2015-8892 affects the Qualcomm components in Android on Nexus 5X and 6P, where platform/msm_shared/boot_verifier.c can bypass intended access restrictions by using a digest with trailing data. The issue pertains to Android versions prior to 2016-07-05 and is referenced in Android/Qualcomm bug...

9.3CVSS7.3AI score0.00551EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.48 views

CVE-2015-8939

CVE-2015-8939 concerns a privilege-escalation flaw in the Qualcomm video driver used by Android on Nexus 7 (2013) . The issue stems from the driver file drivers/video/msm/mdp4_util.c , where data for the red/green/blue stages is not validated, enabling a local attacker with a crafted app to gain ...

9.3CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.48 views

CVE-2015-8943

CVE-2015-8943 affects Qualcomm/mdss mdss_mdp_util.c in Android on Nexus 5 prior to 2016-08-05. The root cause is that the code does not verify the existence of a mapping before unmapping, enabling privilege escalation via a crafted app. Connected sources (CNVD-2016-06202, Ubuntu/OSV entries, NVD ...

7.8CVSS7.6AI score0.00454EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2015-9006

Technical details for CVE-2015-9006 are not publicly available in the provided documents. Monitor for updates.

9.3CVSS7.2AI score0.00443EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2015-9007

Technical details for CVE-2015-9007 are not publicly available in the provided documents. No specifics on affected components, root cause, impact, or remediation are provided here. Monitor for updates.

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.48 views

CVE-2015-9022

Technical details about CVE-2015-9022 are not provided in the supplied documents. The description notes TOCTOU race conditions in TZ APIs on CAF Android/Linux kernel; no patch version or affected components specified here. Monitor for updates.

7.6CVSS6.9AI score0.00448EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.48 views

CVE-2015-9027

CVE-2015-9027 concerns an untrusted pointer dereference in WideVine DRM within Android CAF builds that use the Linux kernel. Per the NVD entry, the issue affects WideVine DRM and is rated with a high impact (CVSSv3: 7.8, Local attack vector, user interaction required; CVSSv2: 9.3). The connected ...

9.3CVSS7.4AI score0.00597EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-9040

Technical details (affected product/version, root cause, exploitability) for CVE-2015-9040 are not publicly provided in the connected documents; monitor for updates.

10CVSS7.8AI score0.00805EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-9066

CVE-2015-9066 describes a buffer overflow in the Inter-RAT procedure affecting Qualcomm components in Android CAF builds using the Linux kernel. Public sources flag it as a high-severity issue with potential remote code execution (CVSS ~9.8/10), but the provided documents do not specify affected ...

10CVSS9AI score0.01056EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.48 views

CVE-2016-0827

The CVE-2016-0827 issue affects Android mediaserver’s libeffects across Android 4.x (before 4.4.4), 5.x (before 5.1.1 LMY49H), and 6.x (before 2016-03-01). The root cause is multiple integer overflows in libeffects (notably in EffectBundle.cpp and EffectReverb.cpp) that can allow a crafted applic...

9.3CVSS7.5AI score0.00545EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.48 views

CVE-2016-0838

CVE-2016-0838 affects Sonivox in mediaserver on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-04-01. The flaw occurs when mediaserver’s Sonivox component does not check for a negative number of samples, allowing remote attackers to execute arbitrary code or ...

10CVSS8.8AI score0.02822EPSS
Total number of security vulnerabilities8153