Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/03/24 7:12 p.m.48 views

CVE-2019-20601

CVE-2019-20601 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) with Exynos 7570/7580/7870/7880/8890, where RKP memory corruption results in an arbitrary write to protected memory. The issue, tracked under Samsung ID SVE-2019-13921-2 (May 2019), is documented across multiple sour...

7.5CVSS7.8AI score0.00346EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.48 views

CVE-2019-2142

The CVE-2019-2142 entry affects Android 10, specifically the libxaac library. The vulnerability is an information-disclosure flaw caused by a missing bounds check that could trigger an out-of-bounds read. Exploitation requires user interaction, and successful exploitation could disclose partial t...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:21 p.m.48 views

CVE-2019-2190

CVE-2019-2190 affects LG's LAF component in the Android kernel, where a missing bounds check in a protected disk partition can cause local information disclosure via USB. Exploitation requires user privileges but not user interaction. The vulnerability is documented across multiple sources (NVD, ...

4.3CVSS4.9AI score0.00139EPSS
CVE
CVE
added 2019/11/13 5:31 p.m.48 views

CVE-2019-2193

CVE-2019-2193 affects Android 8.0–10 where a partially provisioned Device Policy Client in WelcomeActivity.java could bypass permissions, enabling local escalation of privilege and leaving an Admin app installed without user notification. Exploitation is described as local with no user interactio...

7.8CVSS7.6AI score0.0017EPSS
CVE
CVE
added 2019/11/13 5:36 p.m.48 views

CVE-2019-2202

CVE-2019-2202 occurs in Android’s CryptoPlugin.decrypt and describes a possible heap buffer overflow leading to local privilege escalation without user interaction. Affected software is Android 9 and Android 10 (Media/crypto plugin path). The issue is described as an out-of-bounds write in Crypto...

7.8CVSS7.8AI score0.00173EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.48 views

CVE-2019-9235

CVE-2019-9235 affects Android 10 NFC functionality. The issue is an out-of-bounds read caused by a missing bounds check in NFC, enabling local information disclosure with user interaction required for exploitation. Impact is described as partial confidentiality loss with no privilege escalation. ...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.48 views

CVE-2019-9305

CVE-2019-9305 affects libAACdec in Android 10 (Android-10). The root cause is an integer overflow causing an out-of-bounds write, enabling remote code execution. Exploitation requires user interaction; no additional privileges are needed beyond the targeted device. Documented under Android 10 rel...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.48 views

CVE-2019-9319

CVE-2019-9319 affects Android 10 media stack (libavc) where a missing variable initialization in the library can lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The Android 10 security release notes state these issues are addressed...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.48 views

CVE-2019-9382

CVE-2019-9382 affects Android 10 via the libeffects component, where a missing bounds check allows an out-of-bounds write. This could enable remote code execution with the attacker leveraging a vulnerable path in the media stack. Exploitation details in the source documents indicate the issue may...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.48 views

CVE-2019-9415

CVE-2019-9415 affects Android 10 via the libstagefright component. The issue is an information-disclosure vulnerability caused by uninitialized data, enabling remote information leakage without extra execution privileges. Exploitation requires user interaction. Public details originate from Andro...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/11/13 7:48 p.m.48 views

CVE-2019-9467

CVE-2019-9467 affects Google's Android Bootloader (Bootloader/Android kernel component). The issue is a kernel command injection caused by missing command sanitization in the Bootloader, which can enable local privilege escalation to SYSTEM. Exploitation requires local access with high privileges...

7.2CVSS7AI score0.00286EPSS
CVE
CVE
added 2020/05/14 8:12 p.m.48 views

CVE-2020-0091

CVE-2020-0091 affects the MediaTek mnld component; description in the initial docs notes an incorrect configuration in driver_cfg of mnld for meta factory mode. The entry is listed under Android/Microsoft 2020-05 release details as a High severity issue for the MediaTek mnld in the 2020-05-01 sec...

5.5CVSS5.5AI score0.00134EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.48 views

CVE-2020-0132

CVE-2020-0132 affects Android 10 via BnAAudioService::onTransact in IAAudioService.cpp, where unsafe deserialization can trigger an out-of-bounds read. The underlying bug permits local information disclosure without extra privileges or user interaction. Publicly documented references in the Pixel...

5.5CVSS5.7AI score0.00252EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.48 views

CVE-2020-0138

CVE-2020-0138 affects Android 10 with the flaw in get_element_attr_rsp of btif_rc.cc, where a missing bounds check allows an out-of-bounds write. This could enable remote code execution without additional privileges and without user interaction, typically via Bluetooth usage (though Bluetooth is ...

9.8CVSS9.3AI score0.01355EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.48 views

CVE-2020-0140

CVE-2020-0140 relates to Android 10 and is described in multiple sources as an information-disclosure vulnerability due to a missing bounds check in rw_i93_sm_detect_ndef of rw_i93.c. The underlying issue can enable remote information disclosure without extra execution privileges and without user...

7.5CVSS7.4AI score0.00804EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.48 views

CVE-2020-0205

Technical details for CVE-2020-0205 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2020/09/18 3:3 p.m.48 views

CVE-2020-0273

CVE-2020-0273 describes an out-of-bounds write in hwservicemanager that may allow local privilege escalation without user interaction on Android 11. The root cause is freeing a wild pointer. Documented impact is local elevation of privilege with partial confidentiality/integrity/availability impa...

7.8CVSS8.2AI score0.0015EPSS
CVE
CVE
added 2020/09/17 8:51 p.m.48 views

CVE-2020-0321

CVE-2020-0321 affects Android 11, involving the MP3 extractor in the Media Framework where an out-of-bounds write due to uninitialized data can lead to remote code execution. Exploitation requires user interaction and is conveyed as a high-severity issue (Android 11 Security Release Notes; CVSS d...

8.8CVSS9.1AI score0.00714EPSS
CVE
CVE
added 2020/09/17 8:50 p.m.48 views

CVE-2020-0322

CVE-2020-0322 affects Android 11, specifically the apexd component. The vulnerability is an out-of-bounds read caused by a missing bounds check in apexd, which could lead to local information disclosure and, with system privileges, potential execution. Exploitation requires no user interaction an...

4.4CVSS4.9AI score0.00151EPSS
CVE
CVE
added 2020/09/17 8:47 p.m.48 views

CVE-2020-0345

CVE-2020-0345 affects Android 11 DocumentsUI, enabling a local elevation of privilege via a permission bypass (confused deputy). Impact: partial/full escalation on affected builds; CVSS v3.1: LOCAL, LOW complexity, UI REQUIRED, with HIGH confidentiality, integrity, and availability impacts. Root ...

7.8CVSS8.2AI score0.00187EPSS
CVE
CVE
added 2020/09/17 8:58 p.m.48 views

CVE-2020-0363

CVE-2020-0363 affects Android 11 libmedia and can cause resource exhaustion leading to remote DoS. Exploitation requires user interaction (per CVSS3.1); CVSS2 indicates network access with partial availability impact. Public documents identify the issue as improper input validation in libmedia. A...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.48 views

CVE-2020-0490

CVE-2020-0490 affects Android 11. The issue is in floor1_info_unpack of floor1.c and stems from a missing bounds check, causing an out-of-bounds read that can disclose information. Exploitation requires user interaction. The impact is information disclosure with no additional execution privileges...

6.5CVSS6.5AI score0.00702EPSS
CVE
CVE
added 2020/09/11 9:17 p.m.48 views

CVE-2020-25282

Technical details about CVE-2020-25282 are not publicly available in the provided connected documents. No specifics on affected products, components, root cause, impact, or fixes are present. Monitor for updates from the cited sources.

9.8CVSS9.1AI score0.00438EPSS
CVE
CVE
added 2020/12/18 8:45 a.m.48 views

CVE-2020-35549

Technical details about CVE-2020-35549 are not publicly available in the provided connected documents. Monitor for updates.

5.5CVSS5.6AI score0.00143EPSS
CVE
CVE
added 2020/12/18 8:44 a.m.48 views

CVE-2020-35555

The CVE-2020-35555 entry concerns LG mobile devices running Android 10 with dual-screen support. The issue is that, when a call is disconnected while the cover is closed, the device does not lock as expected, potentially leaving the device accessible without authentication. The details specify th...

7.8CVSS7.5AI score0.00135EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.48 views

CVE-2021-0357

Technical details about CVE-2021-0357 are not publicly available in the provided Connected documents. The descriptions reiterate an out-of-bounds write in netdiag affecting Android 10/11 with local privilege escalation. Monitor for updates.

6.7CVSS6.7AI score0.00155EPSS
CVE
CVE
added 2021/03/10 3:54 p.m.48 views

CVE-2021-0370

The CVE-2021-0370 entry concerns Android 11 with a vulnerability in NxpMfcReader.cc where an out-of-bounds write occurs due to a missing bounds check. This can lead to local escalation of privilege on the NFC server with System execution privileges required; exploitation does not require user int...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2021/03/10 3:57 p.m.48 views

CVE-2021-0375

CVE-2021-0375 affects Android 11 and is tied to VoiceInteractionManagerService.java: onPackageModified could change default apps due to an insecure default value, enabling local elevation of privilege without extra privileges. Exploitation is described as requiring no user interaction. The issue ...

5.5CVSS5.7AI score0.00119EPSS
CVE
CVE
added 2021/03/10 3:59 p.m.48 views

CVE-2021-0377

CVE-2021-0377 affects Android 11 (DeltaPerformer::Write in delta_performer.cc). Improper input validation allows a local elevation of privilege bypassing defense-in-depth protections with no user interaction. Exploitation details are not provided in the documents. The Pixel/Android bulletin indic...

5.5CVSS5.4AI score0.00119EPSS
CVE
CVE
added 2021/03/10 4:12 p.m.48 views

CVE-2021-0388

CVE-2021-0388 affects Android 11 and is tied to the ImsPhoneCallTracker.java onReceive path, where a misappropriation of data usage can occur due to an incorrect broadcast handler. This can enable local escalation of privilege by attributing video‑call data to the wrong app, without requiring any...

7.8CVSS7.7AI score0.00114EPSS
CVE
CVE
added 2021/03/10 4:13 p.m.48 views

CVE-2021-0450

CVE-2021-0450 affects the Titan M component in Google's Pixel devices. The Titan M firmware disclosure arises from uninitialized data leading to possible stack memory disclosure, enabling local information disclosure with system privileges without user interaction. Reported across multiple source...

4.4CVSS4.3AI score0.00124EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.48 views

CVE-2021-0489

CVE-2021-0489: In Android’s memory management driver, a missing bounds check enables an out-of-bounds write. This could allow local escalation of privilege without user interaction. Affected products/versions are tied to Android SoCs; the vulnerability is listed in the Android May 2021 security b...

7.8CVSS7.7AI score0.00131EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.48 views

CVE-2021-0496

CVE-2021-0496 is an Android memory management driver vulnerability caused by a use-after-free leading to local privilege escalation. Affected: Android devices with the memory management driver. Impact: local code execution with high integrity/availability impact; attacker requires local access, n...

7.8CVSS7.8AI score0.00129EPSS
CVE
CVE
added 2021/11/18 2:57 p.m.48 views

CVE-2021-0656

CVE-2021-0656 affects the edma driver and is characterized by a use-after-free memory corruption leading to local escalation of privilege with System execution privileges required. Public descriptions consistently note no user interaction is needed for exploitation. The issue is tied to the edma ...

6.7CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.48 views

CVE-2021-0679

CVE-2021-0679 affects MediaTek’s apusys. The issue is a memory corruption caused by a missing bounds check in apusys that could lead to local privilege escalation with System execution privileges required; exploitation is possible without user interaction. A patch is referenced (ALPS05672107; ALP...

6.7CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.48 views

CVE-2021-0903

CVE-2021-0903 concerns the MediaTek Apusys component, where a missing bounds check can trigger an out-of-bounds write. The condition enables local escalation of privilege with SYSTEM execution rights and does not require user interaction. Affected material mentions Apusys; Red Hat and other sourc...

6.7CVSS6.7AI score0.00115EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.48 views

CVE-2021-1039

CVE-2021-1039 affects Android Platform apps: NotificationAccessActivity in AndroidManifest.xml can enable a local elevation of privilege via a tapjacking/overlay trick. Affected: Android 9–12. Root cause: overlay/tapjacking allows bypass of user interaction requirements to gain higher privileges ...

7.8CVSS7.6AI score0.00133EPSS
CVE
CVE
added 2021/06/11 2:33 p.m.48 views

CVE-2021-25409

CVE-2021-25409 describes an improper access in the Notification setting prior to Samsung SMR June‑2021 Release 1, allowing physically proximate attackers to set arbitrary notifications by physically configuring the device. The NVD entry indicates a low overall impact (CVSS v2: AV:L/AC:L/Au:N/I:P/...

2.4CVSS4.2AI score0.00104EPSS
CVE
CVE
added 2021/08/05 7:43 p.m.48 views

CVE-2021-25443

CVE-2021-25443 is a use-after-free vulnerability in the Samsung conn_gadget driver prior to SMR AUG-2021 Release 1. Affected component: conn_gadget driver in Samsung mobile software. Root cause per records: use-after-free leading to potential malicious action by an attacker. Impact is described a...

5.3CVSS5.3AI score0.00104EPSS
CVE
CVE
added 2021/09/09 6:4 p.m.48 views

CVE-2021-25454

CVE-2021-25454 corresponds to an OOB read in the libsaacextractor.so library, vulnerability class affecting Samsung SMR components prior to the September 2021 Release 1. The flaw enables remote DoS via a crafted AAC file, as described across multiple sources (NVD/Red Hat/CVE records). Technical c...

5.5CVSS5.6AI score0.00224EPSS
CVE
CVE
added 2022/01/04 3:57 p.m.48 views

CVE-2022-20020

CVE-2022-20020 affects the libvcodecdrv component (noted in multiple sources, including Red Hat and CVE listings) where a missing bounds check can cause local information disclosure without requiring privileges or user interaction. Impact is confirmed as information disclosure; no exploitation ve...

5.5CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2022/01/04 3:57 p.m.48 views

CVE-2022-20022

CVE-2022-20022 concerns Bluetooth: a link disconnection can occur when a connection attempt comes from a host with the same BD_ADDR as the currently connected BT host. Documents consistently state this could enable a remote denial of service without extra privileges and with no user interaction r...

6.5CVSS6.4AI score0.00267EPSS
CVE
CVE
added 2022/06/07 5:55 p.m.48 views

CVE-2022-30714

CVE-2022-30714 affects Samsung Mobile’s SemIWCMonitor prior to SMR Jun-2022 Release 1. The vulnerability is an information-disclosure flaw that allows local attackers to obtain MAC address information. No exploit details are provided in the available documents. The issue has been associated with ...

3.3CVSS3.9AI score0.00102EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.48 views

CVE-2022-36844

Summary (concrete details from connected docs): CVE-2022-36844 is a heap-based overflow in HWR::EngJudgeModel::Construct() within the Samsung libSDKRecognitionText.spensdk.samsung.so library. Vulnerable component: libSDKRecognitionText.spensdk.samsung.so prior to SMR Sep-2022 Release 1. Impact de...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.48 views

CVE-2022-38697

CVE-2022-38697 affects the messaging service with a missing permission check that could allow a local attacker to access an unexpected provider in the contacts service without extra execution privileges. The NVD entry lists a CVSSv3.1 base score of 5.5 (HIGH confidentiality impact, LOCAL access, ...

5.5CVSS5.5AI score0.0009EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.48 views

CVE-2022-39080

CVE-2022-39080 concerns a missing permission check in the messaging service that could allow elevation of privilege in the contacts service without extra execution privileges. Connected documents reference the issue in UNISOC chipset contexts (SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.48 views

CVE-2022-39084

CVE-2022-39084 relates to UNISOC chipset network service with a missing permission check, enabling local privilege escalation requiring system execution privileges. CVSS details show Local access, high impact on confidentiality, integrity, and availability (score 6.7). Concrete affected-entity: U...

6.7CVSS6.7AI score0.00147EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.48 views

CVE-2022-39119

CVE-2022-39119 describes a missing permission check in a network service that could allow local escalation of privilege without extra execution privileges. Multiple connected sources reference Unisoc chipsets/networks as the affected context, noting the issue stems from inadequate privilege valid...

7.8CVSS7.8AI score0.00094EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.48 views

CVE-2022-42764

The CVE-2022-42764 entry concerns a missing bounds check in the wlan driver, causing a local denial of service in wlan services. Connected sources corroborate the issue as affecting the UNISOC WLAN driver/ chipset with similar wording. The available documents specify the vulnerability but do not ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.48 views

CVE-2022-42766

The CVE-2022-42766 entry concerns the wlan driver where a missing permission check could allow local information disclosure. Connected sources consistently describe this as a local-privilege issue affecting the wlan driver, with impact on confidentiality (high) and limited attack complexity (low)...

6.6CVSS5.1AI score0.0008EPSS
Total number of security vulnerabilities8153