Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/11/14 6:0 p.m.44 views

CVE-2018-9521

CVE-2018-9521 describes an out-of-bounds write in NuPlayer2CCDecoder.cpp (parseMPEGCCData) on Android 9, enabling remote code execution in an unprivileged process with user interaction. The issue arises from an incorrect bounds check in the Media framework’s MPEG data handling, potentially allowi...

9.3CVSS8.9AI score0.01539EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.44 views

CVE-2018-9557

CVE-2018-9557 affects Android 7.0, 7.1.1, and 7.1.2. In really_install_package() within install.cpp, there is a possible free of arbitrary memory caused by uninitialized data, enabling local elevation of privilege without extra execution privileges and without user interaction. The NVD entry conf...

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.44 views

CVE-2018-9559

CVE-2018-9559: In persist_set_key and related cryptfs.cpp functions, there is an out-of-bounds write caused by an uncaught error, enabling local elevation of privilege without user interaction on Android 7.0–9. No exploitation details are provided. The Android Security Bulletin indicates patches ...

7.8CVSS7.8AI score0.00166EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.44 views

CVE-2018-9567

CVE-2018-9567 affects Pixel devices: a bug in verified boot causes the certificate fingerprint to appear identical despite different signing keys, enabling local privilege escalation with no user interaction. The Android Security Bulletin (Dec 2018) indicates patches at the 2018-12-01 and 2018-12...

7.8CVSS7.6AI score0.00146EPSS
CVE
CVE
added 2019/04/19 7:45 p.m.44 views

CVE-2019-2032

CVE-2019-2032 affects Android devices (Android 8.0, 8.1, 9) and is tied to the function in ble_advertiser_hci_interface.cc: SetScanResponseData. The issue is an out-of-bounds write caused by a missing bounds check, leading to local elevation of privilege with no additional execution privileges re...

7.8CVSS7.7AI score0.00162EPSS
CVE
CVE
added 2019/05/08 4:31 p.m.44 views

CVE-2019-2052

CVE-2019-2052 : In VisitPointers of heap.cc, Android’s System component, there is a potential out-of-bounds read caused by type confusion. This could enable remote information disclosure without extra execution privileges or user interaction. Affected Android versions include 7.0, 7.1.1, 7.1.2, 8...

7.8CVSS6.9AI score0.01023EPSS
CVE
CVE
added 2020/03/24 6:8 p.m.44 views

CVE-2019-20547

CVE-2019-20547 affects Samsung mobile devices running Android O (8.x) and Pie (9.0). The issue allows data leakage through a Bluetooth debug command, implying a local-bypass-like interaction via Bluetooth tooling on affected software. The description does not specify exact vulnerable components, ...

5.3CVSS5.3AI score0.0034EPSS
CVE
CVE
added 2020/03/24 6:20 p.m.44 views

CVE-2019-20553

CVE-2019-20553 affects Samsung mobile devices running P9.0 on chipsets SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820. The issue allows arbitrary memory read and write operations in the RKP component, as described in multiple sources (Samsung ID SVE-2019-15143). Public refe...

9.8CVSS9.3AI score0.00443EPSS
CVE
CVE
added 2020/03/24 6:36 p.m.44 views

CVE-2019-20569

CVE-2019-20569 affects Samsung mobile devices running Android P (9.0). The vulnerability enables bypassing Factory Reset Protection (FRP) via manipulation of the status bar, as described in Red Hat and NVD references (Samsung ID SVE-2019-15089). Public details consistently state the issue as an F...

6.2CVSS6.4AI score0.00134EPSS
CVE
CVE
added 2020/03/24 6:59 p.m.44 views

CVE-2019-20588

CVE-2019-20588 affects Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS. The SEM Trustlet has a type confusion flaw that can lead to arbitrary code execution. Samsung ID SVE-2019-14891 is associated with this issue. The CVSS-3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a b...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/03/24 7:2 p.m.44 views

CVE-2019-20591

CVE-2019-20591 affects Samsung mobile devices running N (7.x), O (8.x), and P (9.0) with a local SQL injection in the Gear VR Service Content Provider. The issue, tracked as Samsung Samsung ID SVE-2019-14058, is documented across multiple feeds (NVD, Red Hat, etc.). The connected sources confirm ...

7.8CVSS8AI score0.00168EPSS
CVE
CVE
added 2020/03/24 7:3 p.m.44 views

CVE-2019-20592

CVE-2019-20592 affects Samsung mobile devices running N(7.x), O(8.x) and P(9.0). The issue is a local SQL injection in the Story Video Editor Content Provider, with Samsung ID SVE-2019-14062. Connected documents corroborate this vulnerability and do not provide concrete patch versions or remediat...

7.8CVSS8AI score0.00166EPSS
CVE
CVE
added 2020/03/24 7:22 p.m.44 views

CVE-2019-20609

CVE-2019-20609 affects Samsung mobile devices running P(9.0). An attacker with access to a paired smartwatch can view Secure Folder notification content, exposing confidential information. The root cause is not detailed in the provided documents; no vendor patch/version or remediation details are...

6.5CVSS6.4AI score0.00198EPSS
CVE
CVE
added 2020/03/24 7:30 p.m.44 views

CVE-2019-20615

CVE-2019-20615 affects Samsung mobile devices running N(7.x) and O(8.x) software. The issue enables bypassing Factory Reset Protection (FRP) through SVoice Terms & Conditions, as referenced by Samsung ID SVE-2018-13547 (March 2019). Publicly available documents in the provided set reiterate this ...

4.6CVSS4.9AI score0.00134EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-2073

CVE-2019-2073 affects the Android 10 libxaac library, where an out-of-bounds write occurs due to a missing bounds check. This can lead to remote code execution with network access and no extra privileges, with user interaction required for exploitation. The vulnerability is documented across seve...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-2074

This entry concerns CVE-2019-2074 affecting libxaac in Android 10. The issue is an out-of-bounds write due to a missing bounds check, enabling remote code execution. Impact: remote code execution with user interaction required, configured as HIGH in CVSS 3.1. Affected component: libxaac in Androi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2020/04/17 1:36 p.m.44 views

CVE-2019-20773

CVE-2019-20773 affects LG mobile devices running Android OS 7.x–9.0; the issue allows unprivileged applications to execute shell commands via the connectivity service. Root cause is not detailed in the provided documents; no exploit specifics or remediation are described in the connected sources....

7.8CVSS7.8AI score0.00146EPSS
CVE
CVE
added 2020/03/15 9:13 p.m.44 views

CVE-2019-2088

CVE-2019-2088 affects Android 10, specifically the StatsService component. The flaw is an out-of-bounds read in StatsService that could lead to local information disclosure without user interaction, with UBSAN being a factor. The public documents consistently reference Android-10 as affected; no ...

5.5CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9242

CVE-2019-9242 affects Android 10 NFC, where a missing bounds check can cause an out-of-bounds read and local information disclosure. Exploitation requires user interaction and local access; no public exploit details are provided in the documents. The issue is listed among Android 10 security fixe...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9320

CVE-2019-9320 relates to the Android media stack (libavc) with a missing variable initialization. The issue affects Android 10 and can lead to remote information disclosure without extra privileges; exploitation requires user interaction. The published details describe Information Disclosure as t...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9331

CVE-2019-9331 affects Android 10 Bluetooth: a missing bounds check enables an out-of-bounds read and remote information disclosure without privileges or user interaction. Documented in Android 10 security release notes; mitigated by Android patch level 2019-09-01 or later. Exploitation status and...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9387

CVE-2019-9387 describes an out-of-bounds read in the Android Bluetooth stack caused by a missing bounds check. The vulnerability could enable remote information disclosure without requiring privileges or user interaction. Affected product is Android 10 (Android Bluetooth stack); the description d...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9397

CVE-2019-9397 affects the Bluetooth component in Android 10. The issue is a missing bounds check that can cause a controlled termination, yielding a remote DoS without needing privileges or user interaction. The vulnerability is documented with Android 10 as affected, and remediation is noted in ...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9403

CVE-2019-9403: In cn-cbor, an out-of-bounds read due to improper casting could lead to remote information disclosure on Android 10. Impact is information disclosure with no privileges gained; exploitation requires user interaction. CVSS2 base 4.3 (PARTIAL confidentiality impact) and CVSS3.1 base ...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9404

CVE-2019-9404 affects Android 10 devices via the Bluetooth stack, where a missing bounds check can cause a remote denial-of-service without user interaction. The issue is documented across multiple sources (NVD and Red Hat) with a consistent description: uncontrolled termination due to an out-of-...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.44 views

CVE-2019-9409

CVE-2019-9409 affects the Android 10 media processing stack (libhevc). The issue is an information-disclosure vulnerability caused by uninitialized data, enabling remote information disclosure with no execution privileges required. Exploitation requires user interaction. The connected documents r...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2021/06/11 4:36 p.m.44 views

CVE-2019-9475

CVE-2019-9475 corresponds to a local information disclosure in Android 10 via a permissions bypass in /proc/net of the kernel filesystem. The root cause is a privileged bypass that allows reading information without execution privileges, with exploitation requiring local access and no user intera...

5.5CVSS5.6AI score0.00121EPSS
CVE
CVE
added 2020/03/10 7:56 p.m.44 views

CVE-2020-0037

CVE-2020-0037 affects Android, focusing on rw_i93_sm_set_read_only in rw_i93.cc. The vulnerability is an out-of-bounds read caused by a missing bounds check in this function, enabling remote information disclosure over NFC without additional execution privileges. Affected Android versions include...

7.8CVSS7AI score0.01155EPSS
CVE
CVE
added 2020/03/10 8:0 p.m.44 views

CVE-2020-0058

The CVE-2020-0058 issue is a real Android vulnerability affecting the Bluetooth stack code path: in l2c_rcv_acl_data of l2c_main.cc there is an out-of-bounds read due to an incorrect bounds check, potentially enabling local information disclosure with system privileges. Exploitation context is no...

4.4CVSS5AI score0.0016EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0129

CVE-2020-0129 affects Android 10, due to an out-of-bounds write in SetData of btm_ble_multi_adv.cc caused by an incorrect bounds check. This can lead to local elevation of privilege without user interaction, as documented in multiple sources (NVD entry and Red Hat/Samsung references). Affected co...

7.8CVSS8.2AI score0.0015EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0133

CVE-2020-0133 affects Android 10. The issue arises in MockLocationAppPreferenceController.java where a permissions bypass allows spoofing GPS location, enabling local privilege escalation. Exploitation details are not publicly provided in the connected documents; the NVD entry lists local attack ...

7.3CVSS7.6AI score0.00202EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0146

CVE-2020-0146 affects Android 10 in the btu_hcif hardware path (btu_hcif.cc). The issue is a missing bounds check that enables an out-of-bounds read, potentially allowing local information disclosure with system privileges. No user interaction is required. The Red Hat and NVD entries corroborate ...

4.4CVSS4.9AI score0.00143EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0154

CVE-2020-0154 affects Android 10 with the vulnerability located in the nci_proc_core_rsp function of nci_hrcv.cc. The root cause is an out-of-bounds read due to an incorrect bounds check, which could enable local information disclosure on devices with System privileges and requires no user intera...

4.4CVSS4.9AI score0.00143EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0178

CVE-2020-0178 affects Android 10, specifically the SettingsProvider.cpp getAllConfigFlags function. The root cause is a missing permission check that enables a possible illegal read, leading to local information disclosure of configuration flags without extra execution privileges. Exploitation de...

5.5CVSS5.6AI score0.00151EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0199

CVE-2020-0199 affects Android 10 with a race-condition in TimeCheck.cpp TimeCheckThread::threadLoop that can cause use-after-free and local information disclosure, potentially gaining system privileges. The description specifies no user interaction required. Connected sources repeat the same deta...

4.1CVSS4.8AI score0.00101EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0200

CVE-2020-0200 is an Android 10 issue affecting the Media Framework: a missing bounds check in ReadLittleEndian within raw_bit_reader.cc can trigger an out-of-bounds read and information disclosure. The NVD entry notes network access as the attack vector with no execution privileges, while the CVS...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.44 views

CVE-2020-0216

Technical details about CVE-2020-0216 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS8.2AI score0.00196EPSS
CVE
CVE
added 2020/09/18 3:8 p.m.44 views

CVE-2020-0281

CVE-2020-0281 describes an NFC-related out-of-bounds read in Android 11 that could enable remote information disclosure due to a missing bounds check. The issue affects NFC handling and is listed with a root cause of insufficient bounds checking, leading to a potential information leak. Reported ...

4.5CVSS5.2AI score0.00618EPSS
CVE
CVE
added 2020/09/18 3:3 p.m.44 views

CVE-2020-0298

CVE-2020-0298: A local elevation-of-privilege in Android 11 Bluetooth due to a missing permission check that allows an attacker to enable/disable Bluetooth without user interaction. Affects Bluetooth subsystem; root cause is lack of permission validation in Bluetooth flow, enabling local privileg...

7.8CVSS8.1AI score0.00145EPSS
CVE
CVE
added 2020/09/18 3:24 p.m.44 views

CVE-2020-0304

CVE-2020-0304 affects Android 11; a flaw in Settings allows an unsafe PendingIntent to bypass permission, leading to local information disclosure with no user interaction. The root cause is inadequate validation of PendingIntent handlers, enabling a local attacker with physical or remote access t...

5.5CVSS5.8AI score0.00141EPSS
CVE
CVE
added 2020/09/17 8:49 p.m.44 views

CVE-2020-0317

CVE-2020-0317 affects Android 11, where UsageStatsManager may access protected data due to a missing permission check. The described issue is a local information disclosure with no required user interaction. Documents confirm that Android 11 includes security fixes and release notes listing mitig...

5.5CVSS5.7AI score0.00132EPSS
CVE
CVE
added 2020/09/18 2:51 p.m.44 views

CVE-2020-0318

The CVE-2020-0318 entry affects Android 11 System UI, where an uncaught exception can crash the system, causing a local Denial of Service without requiring user interaction. The impact is a local, permanent DoS on affected devices, with no confidentiality/integrity concerns stated. Exploitation i...

5.5CVSS6AI score0.00139EPSS
CVE
CVE
added 2020/09/17 8:55 p.m.44 views

CVE-2020-0328

CVE-2020-0328 affects Android 11, with a vulnerability in the camera component where an integer overflow can trigger an out-of-bounds read. This may lead to local information disclosure and system-level execution privileges, without user interaction. The issue is documented across multiple source...

4.4CVSS5AI score0.00143EPSS
CVE
CVE
added 2020/09/18 3:26 p.m.44 views

CVE-2020-0331

CVE-2020-0331 affects Android 11, describing a permissions bypass in Settings that can lead to local disclosure of the device IMEI. Exploitation is local, with low attack complexity, requiring LOW privileges and no user interaction. The issue is documented across multiple sources (NVD, Red Hat, P...

5.5CVSS5.7AI score0.00141EPSS
CVE
CVE
added 2020/09/17 8:57 p.m.44 views

CVE-2020-0353

CVE-2020-0353 affects Android 11 and is tied to the libmp4extractor component. The issue is a missing bounds check that can cause resource exhaustion, leading to a remote Denial of Service without requiring additional privileges. Exploitation requires user interaction. The vulnerability is docume...

6.5CVSS6.9AI score0.00724EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.44 views

CVE-2020-0476

CVE-2020-0476 describes a vulnerability in Android 11 where, in onNotificationRemoved of Assistant.java, sensitive information could leak to logs, enabling local information disclosure without user interaction (privilege: System execution required). Affects Android-11 devices per the initial desc...

4.4CVSS4.9AI score0.00145EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.44 views

CVE-2020-0485

CVE-2020-0485 affects Android 11. In UsbBackend.java’s areFunctionsSupported, a missing permission check can allow tethering access from a guest account, enabling local elevation of privilege with no user interaction. According to NVD, the CVSSv3.1 vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I...

7.8CVSS8.1AI score0.00133EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.44 views

CVE-2020-0488

CVE-2020-0488 affects Android 11 on Pixel devices, with a vulnerability in the media processing path: in ihevc_inter_pred_chroma_copy_ssse3 (file ihevc_inter_pred_filters_ssse3_intr.c), uninitialized data can cause information disclosure. Impact is partial confidentiality loss, remote information...

6.5CVSS6.6AI score0.00702EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.44 views

CVE-2020-0489

CVE-2020-0489 involves a suspected out-of-bounds write in the Android media framework (Parse_data in eas_mdls.c) which could lead to remote code execution in the media extractor. Affected software is Android 11, notably Pixel devices. The root cause is a missing bounds check in Parse_data, enabli...

8.8CVSS9AI score0.00685EPSS
CVE
CVE
added 2020/03/24 5:18 p.m.44 views

CVE-2020-10836

CVE-2020-10836 affects Samsung mobile devices with Exynos (O(8.x), P(9.0), Q(10.0)). The Widevine Trustlet permits read/write access to arbitrary memory, indicating a memory-safety/Trustlet isolation flaw. CVSSv3.1 base score 9.8 (CRITICAL); access is network-based with no authentication required...

9.8CVSS9.3AI score0.00449EPSS
Total number of security vulnerabilities8153