Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/05/10 7:54 p.m.161 views

CVE-2021-39670

CVE-2021-39670: In Android, the setStream method of WallpaperManager.java can trigger a permanent DoS via improper input validation, requiring local access and no user interaction. Affected: Android 12 and Android 12L (Android ID A-204087139). The issue is described across multiple sources (NVD/N...

5.5CVSS5.3AI score0.00184EPSS
CVE
CVE
added 2022/08/09 8:20 p.m.161 views

CVE-2021-39696

CVE-2021-39696 affects Android (10–12) via Task.java, enabling local privilege escalation (confused deputy) with no extra execution privileges; exploitation requires user interaction. CVSS3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base score 7.8 (High). The vulnerability is documented in Android s...

7.8CVSS7.6AI score0.00221EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.161 views

CVE-2021-39798

CVE-2021-39798 affects Google Android 12 and Android 12L. The flaw is in Bitmap_createFromParcel (Bitmap.cpp) where a missing bounds check enables arbitrary code execution, leading to local escalation of privileges with user-level rights and no user interaction required. Exploitation would occur ...

7.8CVSS7.9AI score0.00113EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.161 views

CVE-2022-20452

CVE-2022-20452 affects Android 13 in the BaseBundle.java method initializeFromParcelLocked, where a flaw (confused deputy) can allow arbitrary code execution, enabling local escalation of privilege without extra privileges or user interaction. Related evidence: CVE described in NVD/NV D represent...

7.8CVSS7.9AI score0.00365EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.161 views

CVE-2022-20477

CVE-2022-20477 affects Android 13, due to a logic error in KeyguardNotificationVisibilityProvider.kt (shouldHideNotification) that can cause hidden notifications to be shown. This may enable local elevation of privilege with no extra execution privileges and no user interaction required. Public d...

7.8CVSS7.6AI score0.00143EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.161 views

CVE-2023-21107

CVE-2023-21107 describes an elevation-of-privilege flaw in Android where a missing permission check in retrieveAppEntry(NotificationAccessDetails.java) could allow a local attacker to escalate privileges across user boundaries without extra execution privileges or user interaction. Affected are A...

7.8CVSS7.6AI score0.00086EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.161 views

CVE-2024-40649

Technical details (affected product, version, root cause, exploitability) are not publicly available in the provided documents; monitor for updates.

8.4CVSS7.3AI score0.00086EPSS
CVE
CVE
added 2022/06/15 12:57 p.m.160 views

CVE-2021-39691

CVE-2021-39691 describes a tapjacking risk in Android’s WindowManager caused by an incorrect window flag when processing user input, enabling a local elevation of privilege with user interaction required. Affected: Android 10–12. Exploitation would be local; no remote access indicated. The issue ...

7.3CVSS7.2AI score0.00111EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.160 views

CVE-2022-20228

CVE-2022-20228 affects Android (Android-12/12L) via use-after-free in C2DmaBufAllocator.cpp, causing memory corruption and potential remote information disclosure. Exploitation requires user interaction; no privileges are required beyond normal access. Mitigation: apply Android patch level 2022-0...

6.5CVSS6.4AI score0.00477EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.160 views

CVE-2023-20916

CVE-2023-20916 affects Android 12 and Android 12L. In the LauncherAppsService.getMainActivityLaunchIntent function, there is a reported bypass of restrictions on starting activities from the background due to a missing permission check. This could enable local elevation of privilege with no addit...

7.8CVSS7.7AI score0.00126EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.160 views

CVE-2023-20933

CVE-2023-20933 affects Google Android: a use-after-free in several MediaCodec.cpp functions can lead to memory corruption and local elevation of privilege without extra exploitation steps. Affected are Android 10–13 (including 12L/12). The issue is described as a memory corruption vulnerability i...

7.8CVSS7.7AI score0.00172EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.160 views

CVE-2023-21115

CVE-2023-21115: In Android, the vulnerability stems from a weakness in btm_sec_encrypt_change in btm_sec.cc that allows downgrading the link key type due to improper crypto, enabling paired-device elevation of privilege without user interaction. Affected: Android 11, 12, 12L. Status: remediation ...

8.8CVSS8.6AI score0.00105EPSS
CVE
CVE
added 2018/04/05 6:0 p.m.159 views

CVE-2015-9016

CVE-2015-9016 : In the upstream Linux kernel, the use-after-free race in blk_mq_tag_to_rq (blk-mq.c) can occur when a request was already freed by blk_mq_complete_request . This race enables local escalation of privilege on affected systems, with the Android kernel explicitly mentioned as impacte...

7CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2020/05/14 8:10 p.m.159 views

CVE-2020-0110

CVE-2020-0110 affects the Android kernel, with the issue located in psi_write of psi.c. The flaw is an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation without required user interaction. The available documents do not specify exploit details, affected vers...

7.8CVSS8AI score0.00182EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.159 views

CVE-2021-39809

CVE-2021-39809 affects Android platforms (Android 10–12, including 12L). The issue resides in avrc_ctrl_pars_vendor_rsp within avrc_pars_ct.cc, where a missing bounds check leads to an out-of-bounds read. This can cause remote information disclosure without requiring user interaction or additiona...

7.5CVSS7AI score0.00709EPSS
CVE
CVE
added 2022/07/13 6:22 p.m.159 views

CVE-2022-20223

CVE-2022-20223 affects Android (10–12/12L). Root cause: an obfuscated proxy in AppRestrictionsFragment.java (assertSafeToStartCustomActivity) may allow starting a phone call without required permissions, due to a confused deputy, enabling local elevation of privilege with no extra execution privi...

7.8CVSS7.7AI score0.00167EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.159 views

CVE-2022-20490

CVE-2022-20490 affects Android devices via the file AutomaticZenRule.java, with a vulnerability caused by resource exhaustion that can cause a failure to persist permissions settings. The impact is a local escalation of privilege, requiring local access with no additional execution privileges and...

7.8CVSS7.7AI score0.00269EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.159 views

CVE-2023-20932

CVE-2023-20932 affects Android 10–13 where, in the onCreatePreferences method of EditInfoFragment.java, improper input validation could allow reading contacts belonging to other users. This is an information-disclosure vulnerability with local access and no required user interaction. The issue is...

3.3CVSS3.6AI score0.00107EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.159 views

CVE-2023-40140

CVE-2023-40140: Android component android_view_InputDevice_create (android_view_InputDevice.cpp) has a use-after-free vulnerability that can lead to arbitrary code execution and local escalation of privilege. Impact is local, with no user interaction required. The Android Security Bulletin notes ...

7.8CVSS8AI score0.00208EPSS
CVE
CVE
added 2020/09/17 6:42 p.m.158 views

CVE-2020-0429

CVE-2020-0429 affects the Android/Linux kernel in the l2tp_core.c path, specifically the l2tp_session_delete and related functions. The vulnerability enables memory corruption via a use-after-free, which could allow local privilege escalation to SYSTEM. Exploitation is described as local with no ...

6.7CVSS7AI score0.00176EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.158 views

CVE-2021-0318

CVE-2021-0318 affects Android and is tied to SensorEventConnection.cpp, where a use-after-free can cause an out-of-bounds write. This leads to local escalation of privilege with no extra execution privileges required and no user interaction. Documented impact covers Android versions 8.1, 9, 10, a...

7.8CVSS7.7AI score0.00257EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.158 views

CVE-2021-39635

CVE-2021-39635 concerns Unisoc’s ims_ex, a vendor system service used to manage VoLTE on Android devices. The root cause is that ims_ex does not verify the caller’s permissions, allowing normal apps without phone permissions to access VoLTE‑sensitive information and to manage VoLTE calls. Various...

9.4CVSS8.5AI score0.005EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.158 views

CVE-2021-39804

CVE-2021-39804 describes a DoS in Google Android, caused by a missing null check in the reinit path of HeifDecoderImpl.cpp. The flaw can allow a remote persistent denial of service in the file picker with user interaction required and no extra privileges. Affected products/versions include Androi...

6.5CVSS6.4AI score0.00399EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.158 views

CVE-2023-20919

CVE-2023-20919 affects Android 13 (Settings.java: getStringsForPrefix). A logic error could prevent package uninstallation, enabling local elevation of privilege with no user interaction. CVSS v3.1: Local attacker, low privileges, no user interaction, high confidentiality/ integrity/ availability...

7.8CVSS7.6AI score0.00142EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.158 views

CVE-2023-20941

CVE-2023-20941 : In the Android kernel, the function acc_ctrlrequest_composite in f_accessory.c has an out-of-bounds write due to a missing bounds check. This could enable elevation of privilege with user interaction required. The impact is reported as a physical escalation of privilege with high...

6.6CVSS6.5AI score0.00189EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.158 views

CVE-2023-21110

The CVE 2023-21110 entry documents an elevation-of-privilege in Android related to SnoozeHelper.java, enabling a local attacker to gain notification access due to resource exhaustion. Affected products include Android 11, 12, and 12L/13, with a local-exploit path that does not require user intera...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
added 2021/02/10 4:48 p.m.157 views

CVE-2021-0339

CVE-2021-0339 is an Android elevation-of-privilege issue found in WindowContainer.java loadAnimation, enabling a malicious app to remain visible while another app is foregrounded. This could allow local privilege escalation with no extra execution privileges; user interaction is required to explo...

9.3CVSS7.6AI score0.00732EPSS
CVE
CVE
added 2022/09/13 7:15 p.m.157 views

CVE-2022-20396

CVE-2022-20396 affects SettingsActivity.java on Android 12L and 13, where a permissions bypass could allow a device to be discovered over Bluetooth without user interaction or required permissions. This enables local elevation of privilege with no additional execution privileges needed, and explo...

5.5CVSS5.7AI score0.00076EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.157 views

CVE-2022-20482

CVE-2022-20482 affects Android 12, 12L, and 13, specifically the NotificationManager.java createNotificationChannel path. The vulnerability stems from a resource exhaustion condition that can be triggered locally, without user interaction, to make the device unusable and potentially require a fac...

5.5CVSS5.3AI score0.00157EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.157 views

CVE-2022-20497

CVE-2022-20497 описывает возможность локального раскрытия информации через неправильное состояние в методе updatePublicMode в NotificationLockscreenUserManagerImpl.java на Android 12–13 (Android-12, Android-12L, Android-13). Уязвимость связана с тем, что в результате некорректного перехода состоя...

4.6CVSS4.2AI score0.00183EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.157 views

CVE-2023-20956

The CVE-2023-20956 entry affects Android 12–13 and is due to an out-of-bounds write in C2SurfaceSyncObj.cpp caused by a missing bounds check. This leads to potential local information disclosure with System-level privileges required; exploitation does not require user interaction. Public referenc...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.157 views

CVE-2023-21088

The CVE affects Android (Android-12, Android-12L, Android-13) via a logic error in LocationProviderManager.java’s deliverOnFlushComplete, enabling bypass of background activity launch restrictions and leading to local elevation of privilege without extra privileges or user interaction. Affected c...

7.8CVSS7.7AI score0.00099EPSS
CVE
CVE
added 2024/02/16 12:8 a.m.157 views

CVE-2023-40122

CVE-2023-40122 : Affected component is Android’s SaveUi.java (applyCustomDescription). The issue enables a confused deputy to disclose another user’s images via local information disclosure, requiring no additional execution privileges and no user interaction. This is a local vulnerability; no re...

5.3CVSS6AI score0.0029EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.156 views

CVE-2021-0870

CVE-2021-0870 describes a memory corruption race condition in RW_SetActivatedTagType (rw_main.cc) that could allow remote code execution with no privileges required and no user interaction. Affected: Android 9, 10, 11, and 8.1. CVSSv3 base score 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). Public r...

9.3CVSS8AI score0.07014EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.156 views

CVE-2021-39805

The CVE-2021-39805 issue affects Android 12/12L where the l2cble_process_sig_cmd function in l2c_ble.cc may trigger an out-of-bounds read due to a missing bounds check, enabling remote information disclosure over Bluetooth without user interaction. Available details indicate the vulnerability exi...

6.5CVSS6.1AI score0.00256EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.156 views

CVE-2022-20496

CVE-2022-20496 affects Android’s media framework via a vulnerability in the setDataSource function of initMediaExtractor.cpp. The issue is caused by a use-after-free, which could allow arbitrary code execution and/or local information disclosure without user interaction. Affected products include...

5.5CVSS5.7AI score0.0013EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.156 views

CVE-2023-20922

CVE-2023-20922 affects Android 11–13 and targets the Java function PackageManagerService.setMimeGroup, where a crash loop caused by resource exhaustion can lead to a local DoS without user interaction. The vulnerability arises from a resource exhaustion condition in the setMimeGroup path; the imp...

5.5CVSS5.3AI score0.00124EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.156 views

CVE-2023-20929

CVE-2023-20929 involves an information disclosure in Android 13 where the method sendHalfSheetCancelBroadcast in HalfSheetActivity.java can leak nearby Bluetooth MAC addresses via an unrestricted broadcast intent. This enables local information disclosure without extra execution privileges or use...

5.5CVSS5.1AI score0.00091EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.156 views

CVE-2023-21124

CVE-2023-21124 affects the Android System component. It describes an elevation of privilege via unsafe deserialization in the execution of multiple files, with local exploitability and no user interaction. The vulnerability is listed for Android 11–Android 13 (AOSP updated versions 11, 12, 12L, 1...

7.8CVSS7.7AI score0.00105EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.156 views

CVE-2023-21129

CVE-2023-21129 affects Android 11–13 and is described as a BAL bypass in getFullScreenIntentDecision within NotificationInterruptStateProviderImpl.java, enabling a possible activity launch when the app is in the background and potentially allowing local elevation of privilege with no extra execut...

7.8CVSS7.6AI score0.001EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.156 views

CVE-2023-40120

CVE-2023-40120 is an Android elevation-of-privilege issue caused by improper input validation in multiple locations that bypasses user notification of foreground services. The vulnerability enables local escalation of privilege with no user interaction and is exploitable with local access. Public...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.156 views

CVE-2024-40677

CVE-2024-40677 concerns the Android shouldSkipForInitialSUW path in AdvancedPowerUsageDetail.java. The issue enables bypassing factory reset protections via a missing permission check, enabling local elevation of privilege with no extra execution privileges required and no user interaction needed...

8.4CVSS7.4AI score0.00085EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.156 views

CVE-2024-43770

CVE-2024-43770 stems from a missing bounds check in the Bluetooth GATT server path (gatts_process_find_info in gatt_sr.cc), causing an out-of-bounds write. This can enable remote code execution on Android devices with no user interaction and without extra privileges. The issue is classified as a ...

8.8CVSS7.2AI score0.00221EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.155 views

CVE-2017-7375

CVE-2017-7375 describes a flaw in the libxml2 parser that allows remote XML entity inclusion when default parser flags are used (no substitution/validation/DTD loading). This XXE can cause access to local files or remote resources (HTTP/FTP) depending on context, potentially expanding the attacke...

9.8CVSS6.9AI score0.0264EPSS
CVE
CVE
added 2019/09/05 9:37 p.m.155 views

CVE-2019-2177

CVE-2019-2177 affects Android 7.1.1–9 (HidProfile.java, isPreferred) where a permissions bypass can cause device type confusion in the System component, enabling remote code execution. The issue is described as a possible RCE with user interaction required for exploitation. The Android Security B...

8.8CVSS8.7AI score0.00891EPSS
CVE
CVE
added 2020/04/17 6:19 p.m.155 views

CVE-2020-0081

CVE-2020-0081 is a local-elevation vulnerability in the Android Framework (AssetManager.java) caused by a double-free leading to memory corruption. Affected: Android 8.0–10; exploit requires local access with no user interaction. Exploitation status is not detailed in the provided documents. Reme...

7.8CVSS7.8AI score0.00165EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.155 views

CVE-2021-0646

CVE-2021-0646 affects Android via an out-of-bounds write in sqlite3_str_vappendf (sqlite3.c) caused by improper input validation. This could enable local privilege escalation if an attacker can inject a printf into a privileged process' SQL; exploitation does not require user interaction. Android...

7.8CVSS7.8AI score0.0012EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.155 views

CVE-2021-39616

CVE-2021-39616 affects Android via the Unisoc component sprd-vowifi; listed as High severity in the 2022-02-05 Android bulletin under Unisoc components. The provided documents do not include exploit details or a specific patched version. No root-cause or impact outside the stated classification i...

10CVSS9AI score0.00583EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.155 views

CVE-2021-39658

CVE-2021-39658 concerns the ismsEx service (Unisoc Android) which extends the SMS system service. The vulnerability arises because ismsEx does not enforce caller permissions, leading to permission leaks. This allows third‑party apps to arbitrarily modify and set system properties. Reports in conn...

10CVSS8.8AI score0.00561EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.155 views

CVE-2021-39808

In CVE-2021-39808, the issue is in Android’s PreferencesHelper.java within createNotificationChannelGroup, where improper input validation can allow a service to run in the foreground without a user notification. This enables local elevation of privilege on Android 10–12, with no additional execu...

7.8CVSS7.6AI score0.00104EPSS
Total number of security vulnerabilities8153