8153 matches found
CVE-2022-20392
CVE-2022-20392: Android framework flaw in declareDuplicatePermission (ParsedPermissionUtils.java) could allow obtaining a dangerous permission without user consent due to input validation issues, enabling local privilege escalation during app installation or upgrade with no extra execution privil...
CVE-2022-20442
CVE-2022-20442 is a local elevation-of-privilege in Android via ReviewPermissionsActivity.java: an overlay/tapjacking path could allow granting permissions to another app on devices with API
CVE-2022-20500
CVE-2022-20500 : In ShortcutPackage.java, loadFromXml may crash on boot due to an uncaught exception, causing local denial of service without extra privileges. Affected: Android 10–13. Impact is a local DoS; exploitation requires no user interaction. Mitigation: update Android to a patched build ...
CVE-2023-20921
CVE-2023-20921 affects Android 10–13, where a logic error in AccessibilityManagerService.java can automatically grant accessibility services, enabling local elevation of privilege. The issue requires user interaction for exploitation and does not state additional execution privileges. Public refe...
CVE-2024-23710
CVE-2024-23710 affects Google Android: a logic error in InstallPackageHelper.java (assertPackageWithSharedUserIdIsPrivileged) could allow local elevation of privilege by executing arbitrary code as a privileged app, without extra privileges or user interaction. Impact is described as high (CVE-20...
CVE-2019-2025
CVE-2019-2025 affects the Android kernel via the binder.c function, in which the binder_thread_read path can trigger a use-after-free caused by improper locking. This potential defect could permit local escalation of privilege with no additional execution privileges required and without user inte...
CVE-2019-2123
CVE-2019-2123 is an Elevation of Privilege flaw in Android’s Framework, triggered by a memory overwrite in Binder.java during execTransact. Affects Android 7.1.1, 7.1.2, 8.0, 8.1, and 9; exploitation can occur locally in a privileged process without user interaction. The issue is surfaced in the ...
CVE-2019-2178
CVE-2019-2178 affects Android 7.1.1–9 in the rw_t4t NFC stack (rw_t4t_sm_read_ndef). The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege in the NFC service with no user interaction required. The vulnerability is documented across multiple f...
CVE-2021-0481
CVE-2021-0481 affects Android platform apps: in EditUserPhotoController.java, onActivityResult allows possible access to unauthorized files due to an unexpected URI handler, potentially enabling local escalation of privilege with user interaction. Affected Android versions include 8.1–11. The And...
CVE-2021-39672
CVE-2021-39672 describes a secure boot bypass in the Fastboot component due to a configuration error, enabling local elevation of privilege with no user interaction. The issue is documented in Android/AOSP risk tables and is listed under Amlogic components in the 2022 February security bulletin. ...
CVE-2022-20450
The CVE-2022-20450 entry concerns Android: In restorePermissionState of PermissionManagerServiceImpl.java, a missing permission check could allow local privilege escalation without user interaction. Affected: Android 10–13 (Android-10, -11, -12, -12L, -13). Impact stated as local EoP with high co...
CVE-2022-20473
CVE-2022-20473 is an Android Framework vulnerability caused by an out-of-bounds read in LocaleListCache.cpp:toLanguageTag, stemming from an incorrect bounds check. This can enable remote code execution without user interaction on affected builds. Public details confirm impact across Android-10, A...
CVE-2022-20485
CVE-2022-20485 affects Android’s NotificationChannel.java across Android 10–13 (including 12L/12) and is due to a resource-exhaustion path that can fail to persist permissions settings. The issue enables local elevation of privilege with no extra execution privileges required and no user interact...
CVE-2023-21268
CVE-2023-21268 concerns a path traversal issue in the Android MmsProvider.java update that can alter directory permissions. The vulnerability enables a local attacker to trigger a denial of service affecting SIM recognition, without requiring additional execution privileges. Exploitation is descr...
CVE-2023-21269
CVE-2023-21269 involves an elevation-of-privilege via a BAL bypass in Android’s startActivityInner (ActivityStarter.java) that could allow launching an activity into PiP mode from the background with no user interaction. The issue is documented across multiple sources (NVD/Red Hat/CNVD/OSV) and i...
CVE-2023-32820
CVE-2023-32820 affects MediaTek wlan firmware. The issue arises from improper input handling that can trigger a firmware assertion, potentially enabling remote denial of service without extra privileges or user interaction. Public details consistently reference a patch ID ALPS07932637 (and ALPS07...
CVE-2023-35673
CVE-2023-35673 involves a potential out-of-bounds write in the Bluetooth stack (gatt_sr.cc: build_read_multi_rsp) caused by an integer overflow. This could enable remote code execution on nearby devices without user interaction. The vulnerability affects Android-related Bluetooth components as de...
CVE-2023-40094
CVE-2023-40094 is a local-EoP flaw in Android’s System component. The root cause is a missing permission check in keyguardGoingAway() within ActivityTaskManagerService.java, enabling a lock-screen bypass with no user interaction. The vulnerability affects Android 11–14 per the 2023-12 security bu...
CVE-2024-20007
CVE-2024-20007 affects MediaTek MP3 decoder: a race condition could trigger an out-of-bounds write, enabling remote escalation of privileges with user interaction required. Public details confirm the mp3 decoder component and patch ALPS08441369; exploitation status is not provided in the sources....
CVE-2024-34727
CVE-2024-34727 describes an out-of-bounds read caused by a heap buffer overflow in sdpu_compare_uuid_with_attr (sdp_utils.cc), enabling remote information disclosure with no privileges and no user interaction. Public details come from Android/Blueprints and Red Hat CVE records; the Android Securi...
CVE-2016-2431
CVE-2016-2431 affects Android devices with Qualcomm TrustZone prior to 2016-05-01 (notably Nexus 5, Nexus 6, Nexus 7 (2013), and Android One). The issue is an Elevation of Privilege in the Qualcomm TrustZone component that could allow a local attacker via a crafted application to gain privileged ...
CVE-2017-0663
CVE-2017-0663: libxml2 remote code execution via a crafted file. The Android-impacting flaw is a libxml2 out-of-bounds write that can crash or enable code execution in an unprivileged process. Exploitation and impact are stated in the CVE entry, with high severity (CVSSv3 7.8). No public fix vers...
CVE-2018-9473
Summary : CVE-2018-9473 affects Android 8.0, involving the function ihevcd_parse_sei_payload in ihevcd_parse_headers.c. The vulnerability is an out‑of‑bounds write caused by an integer overflow, with the potential for remote code execution and requiring user interaction to exploit. The Android se...
CVE-2019-2056
CVE-2019-2056 describes a local information disclosure in Android 10 caused by improper crypto usage that can leak RAM via a shared crypto key. The impact is local information disclosure with no user interaction required. The CVE is listed under Android Framework in the 2020-04 Android security b...
CVE-2019-2174
CVE-2019-2174 affects Android devices running 7.1.1, 7.1.2, 8.0, 8.1 and 9, where SensorManager::assertStateLocked in SensorManager.cpp has a use-after-free due to improper locking. This is an Elevation of Privilege vulnerability with local attack vector and no user interaction required, as descr...
CVE-2020-0070
CVE-2020-0070 is a Android System out-of-bounds write in rw_t2t_update_lock_attributes of rw_t2t_ndef.cc caused by a missing bounds check, enabling remote code execution over NFC without extra privileges. Affected: Android 8.0–10 (Android 8.0, 8.1, 9, 10). MITRE/ATT&CK not explicitly stated in pr...
CVE-2021-0981
Summary. CVE-2021-0981 describes an input-validation flaw in Android’s NotificationManagerService.enqueueNotificationInternal that could allow a foreground service to run without displaying a notification, enabling local elevation of privilege with no additional execution privileges needed on And...
CVE-2022-20154
CVE-2022-20154 : In the Android kernel, the vulnerability occurs in lock_sock_nested() within sock.c due to a race that can cause a use-after-free, enabling local privilege escalation with SYSTEM privileges; exploitation does not require user interaction. The initial description notes this as a l...
CVE-2022-20457
CVE-2022-20457 affects Android 13 and is caused by improper input validation in StorageManagerService.getMountModeInternal, which can prevent package installation and enable local privilege escalation without additional privileges. Exploitation details are not provided in the sources; the vulnera...
CVE-2023-20912
CVE-2023-20912 affects Android 13 where AvatarPickerActivity.java’s onActivityResult lacks a permission check, enabling local privilege escalation by letting an app access other users’ images. Exploitation reportedly requires no user interaction; CVSS shows HIGH severity (LOCAL, LOW PRIVILEGES, N...
CVE-2023-20960
CVE-2023-20960 affects Google Android 12L–13, involving the function launchDeepLinkIntentToRight in SettingsHomepageActivity.java . The root cause is improper input validation that can allow launching arbitrary activities, enabling a local elevation of privilege with user privileges and no user i...
CVE-2023-21094
CVE-2023-21094 describes a local elevation-of-privilege in Android: in the sanitize path of LayerState.cpp a missing permission check could allow an attacker to take over the display content on Android 11, 12, 12L, and 13. The issue enables local code execution without additional privileges or us...
CVE-2024-0048
CVE-2024-0048 affects Android (AccountManagerService.java) where NULL-response handling can allow local elevation of privileges. Exploitation requires local access; no user interaction documented. Root cause: incorrect handling of NULL responses in the AccountManagerService session. Android secur...
CVE-2019-2115
CVE-2019-2115 affects Google Android GateKeeper:MintAuthToken in gatekeeper.cpp across Android 7.1.1–9. The issue is memory corruption due to a double free, enabling local privilege escalation to the System level without user interaction. Affected component: GateKeeper/auth token generation path....
CVE-2019-2180
The CVE-2019-2180 entry refers to an out-of-bounds read in ippSetValueTag of ipp.c on Android 8.0/8.1/9, caused by improper input validation. This can lead to local information disclosure from the printer service without extra privileges and without user interaction. The connected documents confi...
CVE-2020-0072
The CVE-2020-0072 issue affects Android devices (Android 8.0–10) in rw_t2t_handle_tlv_detect_rsp within rw_t2t_ndef.cc, where a missing bounds check allows an out-of-bounds write that could enable remote code execution over NFC without user interaction. The NVD/Android bulletin context confirms h...
CVE-2020-0224
CVE-2020-0224 is a documented Android vulnerability affecting Android 8.0–10. It exploits an out-of-bounds write in FastKeyAccumulator::GetKeysSlow (keys.cc) caused by type confusion, enabling remote code execution when processing a proxy configuration without extra privileges. No user interactio...
CVE-2021-0307
CVE-2021-0307 is an Android elevation-of-privilege issue in updatePermissionSourcePackage within PermissionManagerService.java. A careless deputy flaw could allow a malicious app on Android 10–11 to gain a dangerous permission automatically, without user interaction, leading to local privilege es...
CVE-2022-20425
CVE-2022-20425 affects Android (10–13) via addAutomaticZenRule in ZenModeHelper.java. The issue: possible permanent degradation of performance due to resource exhaustion, enabling local DoS with low-privilege user and no user interaction required. Impact is limited to affected Android versions pe...
CVE-2022-20441
CVE-2022-20441 affects Android 10–13, originating from a logic error in Task.java: navigateUpTo can launch an unexported intent handler, enabling local elevation of privilege if the target app uses an intent trampoline. The vulnerability is described as requiring local access with no additional e...
CVE-2022-20494
The CVE-2022-20494 issue affects Android (Android 10–13) and involves the AutomaticZenRule component (AutomaticZenRule.java). The described vulnerability is a possible persistent DoS caused by resource exhaustion, enabling a local denial of service with no user interaction required. Impact is lim...
CVE-2022-20611
CVE-2022-20611 affects Android 10–13, arising from a permissions bypass in DeletePackageHelper.java: deletePackageVersionedInternal can bypass carrier restrictions, enabling local privilege escalation without additional execution privileges. Exploitation is local and does not require user interac...
CVE-2023-20726
The CVE-2023-20726 entry describes a GPS location information disclosure in the MediaTek mnld module caused by a missing permission check. Impact is local information disclosure with no privileges or user interaction required (CVSS v3.1 base score 3.3, LOW). Affected component: mnld in MediaTek S...
CVE-2023-20905
CVE-2023-20905 affects Android 10 via Mfc_Transceive in phNxpExtns_MifareStd.cpp, with a possible out-of-bounds write due to a missing bounds check. The impact is local escalation of privilege with high confidentiality/integrity/availability concerns, and no user interaction is required. Exploita...
CVE-2023-20920
CVE-2023-20920 describes a memory corruption vulnerability in the UsbRequest.java queue of Android, caused by a use-after-free. Affects Android 10–13 according to the Android security bulletin references. Impact is local escalation of privilege with high severity (CVSS: LO-CI). The vulnerability ...
CVE-2023-21277
CVE-2023-21277: The vulnerability is in Android’s RemoteViews.java visitUris method, where a missing permission check can allow an attacker to disclose images across users. The impact is local information disclosure with User privileges, and exploitation does not require user interaction. Public ...
CVE-2023-40131
CVE-2023-40131 affects the GpuService component in Android (GpuService.cpp). The issue is a use-after-free caused by a race condition, enabling local elevation of privilege with no additional execution privileges required, and no user interaction needed for exploitation. The available connected d...
CVE-2019-2124
CVE-2019-2124 affects Android 7.1.1–9 in ComposeActivityEmailExternal.py (ComposeActivityEmailExternal.java). A confused deputy could silently attach files to an email, enabling local information disclosure. Affected: Android 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation: local. Remediation: apply patc...
CVE-2019-2179
CVE-2019-2179 affects Android 7.1.1–9, with the flaw in NDEF_MsgValidate of ndef_utils that causes an out-of-bounds read due to an integer overflow. This may lead to local information disclosure without execution privileges; exploitation requires user interaction. The issue is documented across m...
CVE-2020-0368
Summary of CVE-2020-0368 (Android) Affects Android 11 where the issue lies in the CallLogProvider.java function queryInternal . The root cause is improper input validation, enabling a local permission bypass that could disclose voicemail metadata. Exploitation requires User privileges but not use...