Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2019/09/27 6:21 p.m.46 views

CVE-2019-2191

CVE-2019-2191 affects LG’s LAF component, exposing information from a protected disk partition due to a missing bounds check. This permits local information disclosure via USB with no user interaction; exploitation requires user privileges and is possible without user action. The related Red Hat/...

4.3CVSS4.9AI score0.00139EPSS
CVE
CVE
added 2019/11/13 5:32 p.m.46 views

CVE-2019-2199

CVE-2019-2199 affects Android 10, where in PackageInstallerService.java’s createSessionInternal a permissions bypass could enable local elevation of privilege to System level. No exploitation details are provided beyond that; impact is local and requires no user interaction. The Android Security ...

7.2CVSS6.6AI score0.00184EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9249

CVE-2019-9249 refers to a Bluetooth vulnerability in Android 10 where an out-of-bounds read could lead to local information disclosure without privileges or user interaction. The issue arises from a missing bounds check in Bluetooth handling. Impact per sources: potential exposure of partial info...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9252

CVE-2019-9252 affects Android 10, where the libavc component suffers an out-of-bounds read caused by uninitialized data. This leads to remote information disclosure without additional execution privileges; exploitation requires user interaction. Multiple sources (NVD, Red Hat, CVE lists) consiste...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9293

CVE-2019-9293 affects Android 10, describing an out-of-bounds read in libstagefright due to a missing bounds check. This could allow remote information disclosure with no execution privileges, though exploitation requires user interaction. The vulnerability is documented across multiple sources (...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9294

CVE-2019-9294 affects the Android 10 libstagefright component, describing an out-of-bounds read due to a missing bounds check. This vulnerability can lead to remote information disclosure with user interaction required for exploitation; no explicit in-the-wild exploit details are provided in the ...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9296

CVE-2019-9296 affects Android 10 and is described as an NFC-related out-of-bounds read that can disclose information locally without execution privileges. The root cause is a missing bounds check in NFC handling, with exploitation requiring user interaction. Impact is information disclosure (conf...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9319

CVE-2019-9319 affects Android 10 media stack (libavc) where a missing variable initialization in the library can lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The Android 10 security release notes state these issues are addressed...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9328

CVE-2019-9328 affects the Android 10 Bluetooth stack, with an out-of-bounds read caused by a missing bounds check. This can lead to remote information disclosure without privileges and without user interaction. The entries consistently describe the issue as part of Android 10 and reference the An...

7.5CVSS7.6AI score0.00526EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9352

CVE-2019-9352 affects the Android Media framework (libstagefright) on Android 10, where a missing bounds check can cause resource exhaustion and remote denial of service. The issue requires user interaction to exploit and is reported as a DoS with an impact to availability. Root cause: insufficie...

6.5CVSS6.8AI score0.00635EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.46 views

CVE-2019-9414

CVE-2019-9414 affects wpa_supplicant on Android 10. The root cause is improper input validation of the basicConstraints field in intermediary certificates, enabling a remote information disclosure via a man‑in‑the‑middle scenario with no user interaction. Impact is partial confidentiality loss; n...

5.9CVSS6AI score0.00565EPSS
CVE
CVE
added 2020/01/06 5:25 p.m.46 views

CVE-2019-9470

CVE-2019-9470 is an Android kernel vulnerability affecting the dma_sblk_start path in abc-pcie.c. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with system execution privileges required; no user interaction is needed. Publicly documen...

6.7CVSS7AI score0.00156EPSS
CVE
CVE
added 2020/09/18 2:52 p.m.46 views

CVE-2020-0089

CVE-2020-0089 is a localElevation of privilege issue in Android 11, caused by a missing permission check in the audio server. The vulnerability allows escalation of privileges to modify audio settings without extra execution privileges or user interaction. Affected software/module: Android 11 aud...

7.8CVSS8.1AI score0.00138EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0134

The CVE-2020-0134 entry concerns Android 10 where in BnDrm::onTransact of IDrm.cpp there is information disclosure due to uninitialized data. This can lead to local information disclosure without extra privileges and without user interaction. Public references include NVD and Red Hat advisories, ...

5.5CVSS5.7AI score0.0014EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0135

CVE-2020-0135 affects Android 10, where in RollbackManagerServiceImpl.java a missing permission check can cause backup metadata exposure, enabling local information disclosure with System privileges (no user interaction required). The issue is documented across multiple sources (NVD/Red Hat/PRION...

4.4CVSS5AI score0.00138EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0136

CVE-2020-0136 affects Android 10, with an out-of-bounds write in Parcel.cpp caused by an integer overflow, enabling local privilege escalation in the system server without extra execution privileges or user interaction. Documents consistently describe the issue as a local elevation of privilege v...

7.8CVSS8.2AI score0.00246EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0141

CVE-2020-0141 is an Android 10 vulnerability described as a race-condition in OutputBuffersArray::realloc within CCodecBuffers.cpp that can cause a heap disclosure, enabling potential information exposure with System privileges. The vulnerability is associated with remote information disclosure a...

4.4CVSS5.2AI score0.00493EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0143

CVE-2020-0143 affects Android 10 with a flaw in the NFC stack: in nfa_dm_ndef_find_next_handler (nfa_dm_ndef.c) there is a missing bounds check that allows an out-of-bounds read. This can lead to local information disclosure of heap data when the device firmware is compromised and System executio...

4.4CVSS4.9AI score0.00143EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0153

CVE-2020-0153 is an Android elevation-of-privilege issue caused by a missing bounds check in phNxpNciHal_ext.cc, specifically in phNxpNciHal_write_ext. The out-of-bounds write could grant local SYSTEM-level execution without user interaction. The vulnerability affects Android-10; exploitation sta...

6.7CVSS7.2AI score0.00153EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0155

CVE-2020-0155 affects Android 10, specifically in the NFC HAL code path: phNxpNciHal_send_ese_hal_cmd in phNxpNciHal_ext.cc. The root cause is a missing bounds check that enables an out-of-bounds write. Impact per the description is local elevation of privilege with user privileges required; expl...

7.8CVSS8.2AI score0.00246EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0160

Concretely affected: Android 10 devices vulnerable through the Media/SampleTable path in SampleTable.cpp (setSyncSampleParams). The root cause is a missing bounds check that can trigger resource exhaustion, leading to remote denial of service. Exploitation requires user interaction, and the impac...

8.8CVSS8.4AI score0.01059EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0163

CVE-2020-0163 targets MPEG4Extractor.cpp (parseSampleAuxiliaryInformationSizes) and can cause resource exhaustion leading to remote DoS on Android 10. Documents confirm a vulnerability in the Android Media Framework with input validation weaknesses; CVSS2/3 metrics indicate network access with no...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/06/11 2:10 p.m.46 views

CVE-2020-0166

CVE-2020-0166 affects Android 10, where in multiple functions of URI.java a missing validation during parceling of URI information can lead to local privilege escalation. The Android Security Bulletin (Pixel Update Bulletin) lists CVE-2020-0166 under the Android runtime with Updated AOSP version ...

7.8CVSS8.1AI score0.0015EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0179

CVE-2020-0179 concerns a path traversal vulnerability in Android’s MtpServer.cpp (doSendObjectInfo) caused by insufficient input validation. The issue can enable local privilege escalation with no extra privileges required; exploitation requires user interaction. Affected product: Android 10. The...

7.8CVSS8.1AI score0.00475EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0196

CVE-2020-0196 affects Android 10 in the Bluetooth stack. In RegisterNotificationResponse::GetEvent, improper input validation can cause an abort, resulting in remote denial of service over Bluetooth with no extra privileges and no user interaction required. This is described in Android Pixel secu...

6.5CVSS6.9AI score0.00296EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0209

CVE-2020-0209 affects Android 10 Framework (AccountManager.java). Description: permissions bypass in multiple AccountManager functions could enable local elevation of privilege without additional execution privileges required; exploitation requires no user interaction. Evidence across documents s...

7.8CVSS8.2AI score0.00246EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.46 views

CVE-2020-0210

CVE-2020-0210 affects Android 10 Framework code (removeSharedAccountAsUser in AccountManager.java), enabling a local elevation of privilege due to a permissions bypass (confused deputy). Exploitation requires no user interaction; local access suffices. The Pixel security bulletin lists this issue...

7.8CVSS8.2AI score0.0017EPSS
CVE
CVE
added 2020/06/16 1:31 p.m.46 views

CVE-2020-0223

CVE-2020-0223 is an Android kernel vulnerability (kernel audio component) described as an unbounded write into kernel global memory via a user-controlled buffer size. Affects Android kernel with Audio subcomponent; root cause is uncontrolled buffer handling that can lead to elevation of privilege...

9.8CVSS8.9AI score0.00443EPSS
CVE
CVE
added 2020/09/17 8:46 p.m.46 views

CVE-2020-0277

Summary (CVE-2020-0277) : The vulnerability affects Android 11 in the NetworkPolicyManagerService . It arises from a missing permission check , allowing a local attacker to perform a permissions bypass and achieve local elevation of privilege to modify the device’s data plan without any extra exe...

7.8CVSS8.1AI score0.00139EPSS
CVE
CVE
added 2020/09/17 8:47 p.m.46 views

CVE-2020-0288

CVE-2020-0288 concerns Android 11’s PackageManager, where a missing permission check could enable local information disclosure across user boundaries without any user interaction. The issue is tied to the Android 11 platform and is documented in the Android 11 Security Release Notes; Red Hat and ...

5.5CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2020/09/18 3:24 p.m.46 views

CVE-2020-0302

CVE-2020-0302 affects Android 11 in Settings, where an unsafe PendingIntent enables a permission bypass leading to local information disclosure. Exploitation requires no user interaction, with user privileges required. Root cause: unsafe PendingIntent in Settings. Impact: partial disclosure of da...

5.5CVSS5.8AI score0.00153EPSS
CVE
CVE
added 2020/09/18 3:25 p.m.46 views

CVE-2020-0311

In CVE-2020-0311, the issue concerns Android 11's InputManagerService where an unsafe PendingIntent enables a permission bypass, causing local information disclosure. Exploitation is possible with LOCAL access and does not require user interaction, but certain user/EOS privileges are indicated as...

5.5CVSS5.7AI score0.00141EPSS
CVE
CVE
added 2020/09/17 8:52 p.m.46 views

CVE-2020-0336

CVE-2020-0336 pertains to Android 11 SurfaceFlinger where memory corruption arises from a type confusion issue. The vulnerability enables local escalation of privilege with system-level execution privileges required, and exploitation does not require user interaction. Affected component: SurfaceF...

6.7CVSS7.3AI score0.0016EPSS
CVE
CVE
added 2020/09/17 8:49 p.m.46 views

CVE-2020-0343

CVE-2020-0343 affects Android 11, specifically the NetworkStatsService. Root cause: a missing permission check allows access to protected data, enabling local information disclosure with no extra execution privileges. Exploitation prerequisites: none (user interaction not required). Impact (as st...

5.5CVSS5.7AI score0.00139EPSS
CVE
CVE
added 2020/09/17 8:58 p.m.46 views

CVE-2020-0362

CVE-2020-0362 affects Android 11 and targets the libstagefright component. The issue is a resource exhaustion vulnerability caused by improper input validation, leading to a remote denial of service. Exploitation requires user interaction and is delivered over a network, with the CVSS v3.1 vector...

6.5CVSS6.9AI score0.00724EPSS
CVE
CVE
added 2020/09/17 6:42 p.m.46 views

CVE-2020-0428

CVE-2020-0428 describes a race-condition in CamX code that enables a use-after-free vulnerability, leading to local escalation of privilege to SYSTEM level with no user interaction. Affected software is Android kernel camera components (CamX). The NVD entry lists CVSS2 as 4.4 (LOCAL, MEDIUM) and ...

6.4CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2020/12/15 3:53 p.m.46 views

CVE-2020-0474

CVE-2020-0474 affects Android 11 in the Media framework (HalCamera.cpp, HalCamera::requestNewFrame). It is a use-after-free due to a race condition, enabling local elevation of privilege with no extra execution privileges required. Exploitation is local and does not require user interaction. NVD ...

7CVSS7.5AI score0.00104EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.46 views

CVE-2020-0483

CVE-2020-0483 affects DrmManagerService in Android-11. The issue is a memory corruption via a use-after-free in the DrmManagerService destructor (DrmManagerService.cpp), enabling local elevation of privilege with System execution privileges required. User interaction is not needed. The descriptio...

6.7CVSS7.3AI score0.00141EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.46 views

CVE-2020-0486

CVE-2020-0486 affects Android 11 (ContactsProvider2.java) via openAssetFileListener, where an insecure default value enables a permission bypass. This can allow local escalation of privilege to modify contact data with no additional execution privileges and no user interaction. The issue is ackno...

7.8CVSS8.2AI score0.00134EPSS
CVE
CVE
added 2020/03/24 5:19 p.m.46 views

CVE-2020-10837

The CVE-2020-10837 vulnerability affects Samsung mobile devices running P(9.0) and Q(10.0) with TEEGRIS. The issue resides in the Esecomm Trustlet, enabling a stack overflow that can lead to arbitrary code execution. Affected software/component: Esecomm Trustlet within Samsung TEEGRIS on P9.0/Q10...

10CVSS9.8AI score0.00869EPSS
CVE
CVE
added 2020/03/24 5:22 p.m.46 views

CVE-2020-10840

Summary: CVE-2020-10840 describes a kernel pointer leak in the vipx driver affecting Samsung mobile devices with Exynos 9610 (P9.0 and Q10.0). The Samsung internal ID is SVE-2019-16293 (February 2020). The Red Hat entry reiterates the same description. What is affected: Samsung mobile devices wit...

7.1CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2020/03/24 5:29 p.m.46 views

CVE-2020-10846

CVE-2020-10846 affects Samsung mobile devices with P(9.x) and Q(10.x) software. The issue enables OEM unlock on KG-enrolled devices, potentially allowing download of unwanted binaries. Samsung ID: SVE-2019-16554. No explicit remediation or exploitation details are provided in the connected docume...

5.5CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2020/03/24 5:37 p.m.46 views

CVE-2020-10854

CVE-2020-10854 concerns information disclosure on Samsung mobile devices running O(8.x), P(9.0), or Q(10.0) software, where kernel stack addresses are leaked to userspace. The issue affects the kernel exposure path and is classified with a high impact in CVSS 3.1 (base score 7.5) and medium in CV...

7.5CVSS7.5AI score0.00413EPSS
CVE
CVE
added 2020/04/08 3:27 p.m.46 views

CVE-2020-11604

CVE-2020-11604 affects Samsung mobile devices running P (9.0) and Q (10.0) with TEEGRIS; the issue is an out-of-bounds read in the MLDAP Trustlet. Connected records confirm the vulnerability details and Samsung’s reference ID SVE-2019-16565. Impact details across sources indicate leakage of infor...

9.1CVSS9.1AI score0.00475EPSS
CVE
CVE
added 2020/07/07 1:32 p.m.46 views

CVE-2020-15578

The CVE-2020-15578 entry concerns Samsung mobile devices running O(8.x) software where the FactoryCamera component does not properly restrict runtime permissions. Affected software is described as Samsung devices with that Android/OS lineage; the root cause is the improper permission restriction ...

5.5CVSS5.6AI score0.00118EPSS
CVE
CVE
added 2020/07/07 1:23 p.m.46 views

CVE-2020-15581

CVE-2020-15581 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in the kernel logging feature, which can allow attackers to discover virtual addresses via vectors involving shared memory. The reported impact is partial disclosure of data (confidentiality impact) wi...

5.3CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2020/07/07 1:23 p.m.46 views

CVE-2020-15582

Summary of CVE-2020-15582 : A BLE buffer overflow issue was reported on Samsung mobile devices running P (9.0) and Q (10.0) on Exynos 7885, leading to a deadlock or crash in the Bluetooth Low Energy component. The Samsung internal ID is SVE-2020-16870 (July 2020). Connected documents confirm the ...

5.5CVSS5.9AI score0.00268EPSS
CVE
CVE
added 2020/08/31 8:25 p.m.46 views

CVE-2020-25050

CVE-2020-25050 affects Samsung mobile devices running P(9.0) and Q(10.0). The issue is in the CMC service, which can allow attackers to obtain sensitive information. Affected component is the CMC service on Samsung Android builds; root cause details are not fully disclosed in the provided documen...

7.5CVSS7.4AI score0.00431EPSS
CVE
CVE
added 2020/08/31 8:24 p.m.46 views

CVE-2020-25056

CVE-2020-25056 affects Samsung mobile devices on Q(10.0) (Galaxy S20). Root cause: HAL version checks mishandled bootloading by the S.LSI NFC chipset. Impact: potential security impact described as improper checks; no exploit details provided in the documents. Affected component: HAL in Samsung A...

7.5CVSS7.6AI score0.00366EPSS
CVE
CVE
added 2020/08/31 8:46 p.m.46 views

CVE-2020-25062

CVE-2020-25062 describes a privilege-bypass in LGTelephonyProvider on LG Android devices (9/10). Affected product: LG mobile devices running Android 9–10; root cause: bypass of intended privilege restrictions in LGTelephonyProvider (LG internal ID LVE-SMP-200017). Impact is reported as high to cr...

9.8CVSS9.2AI score0.00455EPSS
Total number of security vulnerabilities8153