Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/09/13 7:14 p.m.155 views

CVE-2022-20392

CVE-2022-20392: Android framework flaw in declareDuplicatePermission (ParsedPermissionUtils.java) could allow obtaining a dangerous permission without user consent due to input validation issues, enabling local privilege escalation during app installation or upgrade with no extra execution privil...

7.8CVSS7.6AI score0.00102EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.155 views

CVE-2022-20442

CVE-2022-20442 is a local elevation-of-privilege in Android via ReviewPermissionsActivity.java: an overlay/tapjacking path could allow granting permissions to another app on devices with API

7.3CVSS7.1AI score0.00096EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.155 views

CVE-2022-20500

CVE-2022-20500 : In ShortcutPackage.java, loadFromXml may crash on boot due to an uncaught exception, causing local denial of service without extra privileges. Affected: Android 10–13. Impact is a local DoS; exploitation requires no user interaction. Mitigation: update Android to a patched build ...

5.5CVSS5.3AI score0.00128EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.155 views

CVE-2023-20921

CVE-2023-20921 affects Android 10–13, where a logic error in AccessibilityManagerService.java can automatically grant accessibility services, enabling local elevation of privilege. The issue requires user interaction for exploitation and does not state additional execution privileges. Public refe...

7.3CVSS7.2AI score0.00272EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.155 views

CVE-2024-23710

CVE-2024-23710 affects Google Android: a logic error in InstallPackageHelper.java (assertPackageWithSharedUserIdIsPrivileged) could allow local elevation of privilege by executing arbitrary code as a privileged app, without extra privileges or user interaction. Impact is described as high (CVE-20...

7.8CVSS7.2AI score0.0009EPSS
CVE
CVE
added 2019/06/19 8:7 p.m.154 views

CVE-2019-2025

CVE-2019-2025 affects the Android kernel via the binder.c function, in which the binder_thread_read path can trigger a use-after-free caused by improper locking. This potential defect could permit local escalation of privilege with no additional execution privileges required and without user inte...

7.8CVSS7.5AI score0.00523EPSS
CVE
CVE
added 2019/09/05 9:31 p.m.154 views

CVE-2019-2123

CVE-2019-2123 is an Elevation of Privilege flaw in Android’s Framework, triggered by a memory overwrite in Binder.java during execTransact. Affects Android 7.1.1, 7.1.2, 8.0, 8.1, and 9; exploitation can occur locally in a privileged process without user interaction. The issue is surfaced in the ...

7.8CVSS7.8AI score0.00163EPSS
CVE
CVE
added 2019/09/05 9:38 p.m.154 views

CVE-2019-2178

CVE-2019-2178 affects Android 7.1.1–9 in the rw_t4t NFC stack (rw_t4t_sm_read_ndef). The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege in the NFC service with no user interaction required. The vulnerability is documented across multiple f...

7.8CVSS7.7AI score0.00189EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.154 views

CVE-2021-0481

CVE-2021-0481 affects Android platform apps: in EditUserPhotoController.java, onActivityResult allows possible access to unauthorized files due to an unexpected URI handler, potentially enabling local escalation of privilege with user interaction. Affected Android versions include 8.1–11. The And...

9.3CVSS7.6AI score0.00754EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.154 views

CVE-2021-39672

CVE-2021-39672 describes a secure boot bypass in the Fastboot component due to a configuration error, enabling local elevation of privilege with no user interaction. The issue is documented in Android/AOSP risk tables and is listed under Amlogic components in the 2022 February security bulletin. ...

7.8CVSS7.7AI score0.00133EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.154 views

CVE-2022-20450

The CVE-2022-20450 entry concerns Android: In restorePermissionState of PermissionManagerServiceImpl.java, a missing permission check could allow local privilege escalation without user interaction. Affected: Android 10–13 (Android-10, -11, -12, -12L, -13). Impact stated as local EoP with high co...

7.8CVSS7.7AI score0.00088EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.154 views

CVE-2022-20473

CVE-2022-20473 is an Android Framework vulnerability caused by an out-of-bounds read in LocaleListCache.cpp:toLanguageTag, stemming from an incorrect bounds check. This can enable remote code execution without user interaction on affected builds. Public details confirm impact across Android-10, A...

9.8CVSS9.2AI score0.08854EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.154 views

CVE-2022-20485

CVE-2022-20485 affects Android’s NotificationChannel.java across Android 10–13 (including 12L/12) and is due to a resource-exhaustion path that can fail to persist permissions settings. The issue enables local elevation of privilege with no extra execution privileges required and no user interact...

7.8CVSS7.7AI score0.0012EPSS
CVE
CVE
added 2023/08/14 8:59 p.m.154 views

CVE-2023-21268

CVE-2023-21268 concerns a path traversal issue in the Android MmsProvider.java update that can alter directory permissions. The vulnerability enables a local attacker to trigger a denial of service affecting SIM recognition, without requiring additional execution privileges. Exploitation is descr...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2023/08/14 9:0 p.m.154 views

CVE-2023-21269

CVE-2023-21269 involves an elevation-of-privilege via a BAL bypass in Android’s startActivityInner (ActivityStarter.java) that could allow launching an activity into PiP mode from the background with no user interaction. The issue is documented across multiple sources (NVD/Red Hat/CNVD/OSV) and i...

7.8CVSS7.7AI score0.00084EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.154 views

CVE-2023-32820

CVE-2023-32820 affects MediaTek wlan firmware. The issue arises from improper input handling that can trigger a firmware assertion, potentially enabling remote denial of service without extra privileges or user interaction. Public details consistently reference a patch ID ALPS07932637 (and ALPS07...

7.5CVSS7.3AI score0.00407EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.154 views

CVE-2023-35673

CVE-2023-35673 involves a potential out-of-bounds write in the Bluetooth stack (gatt_sr.cc: build_read_multi_rsp) caused by an integer overflow. This could enable remote code execution on nearby devices without user interaction. The vulnerability affects Android-related Bluetooth components as de...

8.8CVSS8.7AI score0.00202EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.154 views

CVE-2023-40094

CVE-2023-40094 is a local-EoP flaw in Android’s System component. The root cause is a missing permission check in keyguardGoingAway() within ActivityTaskManagerService.java, enabling a lock-screen bypass with no user interaction. The vulnerability affects Android 11–14 per the 2023-12 security bu...

7.8CVSS7.7AI score0.00131EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.154 views

CVE-2024-20007

CVE-2024-20007 affects MediaTek MP3 decoder: a race condition could trigger an out-of-bounds write, enabling remote escalation of privileges with user interaction required. Public details confirm the mp3 decoder component and patch ALPS08441369; exploitation status is not provided in the sources....

7.5CVSS7.8AI score0.00252EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.154 views

CVE-2024-34727

CVE-2024-34727 describes an out-of-bounds read caused by a heap buffer overflow in sdpu_compare_uuid_with_attr (sdp_utils.cc), enabling remote information disclosure with no privileges and no user interaction. Public details come from Android/Blueprints and Red Hat CVE records; the Android Securi...

7.5CVSS6.5AI score0.00393EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.153 views

CVE-2016-2431

CVE-2016-2431 affects Android devices with Qualcomm TrustZone prior to 2016-05-01 (notably Nexus 5, Nexus 6, Nexus 7 (2013), and Android One). The issue is an Elevation of Privilege in the Qualcomm TrustZone component that could allow a local attacker via a crafted application to gain privileged ...

9.3CVSS7.4AI score0.01782EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.153 views

CVE-2017-0663

CVE-2017-0663: libxml2 remote code execution via a crafted file. The Android-impacting flaw is a libxml2 out-of-bounds write that can crash or enable code execution in an unprivileged process. Exploitation and impact are stated in the CVE entry, with high severity (CVSSv3 7.8). No public fix vers...

7.8CVSS7.4AI score0.02142EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.153 views

CVE-2018-9473

Summary : CVE-2018-9473 affects Android 8.0, involving the function ihevcd_parse_sei_payload in ihevcd_parse_headers.c. The vulnerability is an out‑of‑bounds write caused by an integer overflow, with the potential for remote code execution and requiring user interaction to exploit. The Android se...

9.3CVSS7.9AI score0.01505EPSS
CVE
CVE
added 2020/04/17 6:20 p.m.153 views

CVE-2019-2056

CVE-2019-2056 describes a local information disclosure in Android 10 caused by improper crypto usage that can leak RAM via a shared crypto key. The impact is local information disclosure with no user interaction required. The CVE is listed under Android Framework in the 2020-04 Android security b...

5.5CVSS5.1AI score0.00148EPSS
CVE
CVE
added 2019/09/05 9:33 p.m.153 views

CVE-2019-2174

CVE-2019-2174 affects Android devices running 7.1.1, 7.1.2, 8.0, 8.1 and 9, where SensorManager::assertStateLocked in SensorManager.cpp has a use-after-free due to improper locking. This is an Elevation of Privilege vulnerability with local attack vector and no user interaction required, as descr...

7.8CVSS7.8AI score0.00139EPSS
CVE
CVE
added 2020/04/17 6:19 p.m.153 views

CVE-2020-0070

CVE-2020-0070 is a Android System out-of-bounds write in rw_t2t_update_lock_attributes of rw_t2t_ndef.cc caused by a missing bounds check, enabling remote code execution over NFC without extra privileges. Affected: Android 8.0–10 (Android 8.0, 8.1, 9, 10). MITRE/ATT&CK not explicitly stated in pr...

10CVSS9.2AI score0.01338EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.153 views

CVE-2021-0981

Summary. CVE-2021-0981 describes an input-validation flaw in Android’s NotificationManagerService.enqueueNotificationInternal that could allow a foreground service to run without displaying a notification, enabling local elevation of privilege with no additional execution privileges needed on And...

7.8CVSS7.7AI score0.00116EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.153 views

CVE-2022-20154

CVE-2022-20154 : In the Android kernel, the vulnerability occurs in lock_sock_nested() within sock.c due to a race that can cause a use-after-free, enabling local privilege escalation with SYSTEM privileges; exploitation does not require user interaction. The initial description notes this as a l...

6.4CVSS6.8AI score0.00107EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.153 views

CVE-2022-20457

CVE-2022-20457 affects Android 13 and is caused by improper input validation in StorageManagerService.getMountModeInternal, which can prevent package installation and enable local privilege escalation without additional privileges. Exploitation details are not provided in the sources; the vulnera...

5.5CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.153 views

CVE-2023-20912

CVE-2023-20912 affects Android 13 where AvatarPickerActivity.java’s onActivityResult lacks a permission check, enabling local privilege escalation by letting an app access other users’ images. Exploitation reportedly requires no user interaction; CVSS shows HIGH severity (LOCAL, LOW PRIVILEGES, N...

7.8CVSS7.7AI score0.00125EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.153 views

CVE-2023-20960

CVE-2023-20960 affects Google Android 12L–13, involving the function launchDeepLinkIntentToRight in SettingsHomepageActivity.java . The root cause is improper input validation that can allow launching arbitrary activities, enabling a local elevation of privilege with user privileges and no user i...

8.8CVSS8.3AI score0.0022EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.153 views

CVE-2023-21094

CVE-2023-21094 describes a local elevation-of-privilege in Android: in the sanitize path of LayerState.cpp a missing permission check could allow an attacker to take over the display content on Android 11, 12, 12L, and 13. The issue enables local code execution without additional privileges or us...

7.8CVSS7.6AI score0.00162EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.153 views

CVE-2024-0048

CVE-2024-0048 affects Android (AccountManagerService.java) where NULL-response handling can allow local elevation of privileges. Exploitation requires local access; no user interaction documented. Root cause: incorrect handling of NULL responses in the AccountManagerService session. Android secur...

8.4CVSS7AI score0.00126EPSS
CVE
CVE
added 2019/09/05 9:38 p.m.152 views

CVE-2019-2115

CVE-2019-2115 affects Google Android GateKeeper:MintAuthToken in gatekeeper.cpp across Android 7.1.1–9. The issue is memory corruption due to a double free, enabling local privilege escalation to the System level without user interaction. Affected component: GateKeeper/auth token generation path....

7.8CVSS7.8AI score0.00269EPSS
CVE
CVE
added 2019/09/05 9:40 p.m.152 views

CVE-2019-2180

The CVE-2019-2180 entry refers to an out-of-bounds read in ippSetValueTag of ipp.c on Android 8.0/8.1/9, caused by improper input validation. This can lead to local information disclosure from the printer service without extra privileges and without user interaction. The connected documents confi...

5.5CVSS5.2AI score0.00179EPSS
CVE
CVE
added 2020/04/17 6:20 p.m.152 views

CVE-2020-0072

The CVE-2020-0072 issue affects Android devices (Android 8.0–10) in rw_t2t_handle_tlv_detect_rsp within rw_t2t_ndef.cc, where a missing bounds check allows an out-of-bounds write that could enable remote code execution over NFC without user interaction. The NVD/Android bulletin context confirms h...

10CVSS9.2AI score0.01338EPSS
CVE
CVE
added 2020/07/17 8:9 p.m.152 views

CVE-2020-0224

CVE-2020-0224 is a documented Android vulnerability affecting Android 8.0–10. It exploits an out-of-bounds write in FastKeyAccumulator::GetKeysSlow (keys.cc) caused by type confusion, enabling remote code execution when processing a proxy configuration without extra privileges. No user interactio...

10CVSS9.3AI score0.01581EPSS
CVE
CVE
added 2021/01/11 9:46 p.m.152 views

CVE-2021-0307

CVE-2021-0307 is an Android elevation-of-privilege issue in updatePermissionSourcePackage within PermissionManagerService.java. A careless deputy flaw could allow a malicious app on Android 10–11 to gain a dangerous permission automatically, without user interaction, leading to local privilege es...

7.8CVSS7.7AI score0.00167EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.152 views

CVE-2022-20425

CVE-2022-20425 affects Android (10–13) via addAutomaticZenRule in ZenModeHelper.java. The issue: possible permanent degradation of performance due to resource exhaustion, enabling local DoS with low-privilege user and no user interaction required. Impact is limited to affected Android versions pe...

5.5CVSS5.3AI score0.00128EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.152 views

CVE-2022-20441

CVE-2022-20441 affects Android 10–13, originating from a logic error in Task.java: navigateUpTo can launch an unexported intent handler, enabling local elevation of privilege if the target app uses an intent trampoline. The vulnerability is described as requiring local access with no additional e...

7.8CVSS7.7AI score0.00116EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.152 views

CVE-2022-20494

The CVE-2022-20494 issue affects Android (Android 10–13) and involves the AutomaticZenRule component (AutomaticZenRule.java). The described vulnerability is a possible persistent DoS caused by resource exhaustion, enabling a local denial of service with no user interaction required. Impact is lim...

5.5CVSS5.3AI score0.00429EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.152 views

CVE-2022-20611

CVE-2022-20611 affects Android 10–13, arising from a permissions bypass in DeletePackageHelper.java: deletePackageVersionedInternal can bypass carrier restrictions, enabling local privilege escalation without additional execution privileges. Exploitation is local and does not require user interac...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.152 views

CVE-2023-20726

The CVE-2023-20726 entry describes a GPS location information disclosure in the MediaTek mnld module caused by a missing permission check. Impact is local information disclosure with no privileges or user interaction required (CVSS v3.1 base score 3.3, LOW). Affected component: mnld in MediaTek S...

3.3CVSS3.7AI score0.00081EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.152 views

CVE-2023-20905

CVE-2023-20905 affects Android 10 via Mfc_Transceive in phNxpExtns_MifareStd.cpp, with a possible out-of-bounds write due to a missing bounds check. The impact is local escalation of privilege with high confidentiality/integrity/availability concerns, and no user interaction is required. Exploita...

7.8CVSS7.7AI score0.00136EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.152 views

CVE-2023-20920

CVE-2023-20920 describes a memory corruption vulnerability in the UsbRequest.java queue of Android, caused by a use-after-free. Affects Android 10–13 according to the Android security bulletin references. Impact is local escalation of privilege with high severity (CVSS: LO-CI). The vulnerability ...

7.8CVSS7.6AI score0.00136EPSS
CVE
CVE
added 2023/08/14 9:3 p.m.152 views

CVE-2023-21277

CVE-2023-21277: The vulnerability is in Android’s RemoteViews.java visitUris method, where a missing permission check can allow an attacker to disclose images across users. The impact is local information disclosure with User privileges, and exploitation does not require user interaction. Public ...

5.5CVSS5.1AI score0.00089EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.152 views

CVE-2023-40131

CVE-2023-40131 affects the GpuService component in Android (GpuService.cpp). The issue is a use-after-free caused by a race condition, enabling local elevation of privilege with no additional execution privileges required, and no user interaction needed for exploitation. The available connected d...

7CVSS7AI score0.00085EPSS
CVE
CVE
added 2019/09/05 9:41 p.m.151 views

CVE-2019-2124

CVE-2019-2124 affects Android 7.1.1–9 in ComposeActivityEmailExternal.py (ComposeActivityEmailExternal.java). A confused deputy could silently attach files to an email, enabling local information disclosure. Affected: Android 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation: local. Remediation: apply patc...

5.5CVSS5AI score0.00139EPSS
CVE
CVE
added 2019/09/05 9:39 p.m.151 views

CVE-2019-2179

CVE-2019-2179 affects Android 7.1.1–9, with the flaw in NDEF_MsgValidate of ndef_utils that causes an out-of-bounds read due to an integer overflow. This may lead to local information disclosure without execution privileges; exploitation requires user interaction. The issue is documented across m...

5.5CVSS5.1AI score0.00449EPSS
CVE
CVE
added 2020/12/15 3:53 p.m.151 views

CVE-2020-0368

Summary of CVE-2020-0368 (Android) Affects Android 11 where the issue lies in the CallLogProvider.java function queryInternal . The root cause is improper input validation, enabling a local permission bypass that could disclose voicemail metadata. Exploitation requires User privileges but not use...

3.3CVSS3.7AI score0.00149EPSS
Total number of security vulnerabilities8153