Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/08/14 9:10 p.m.44 views

CVE-2023-21231

CVE-2023-21231 is a Wear OS/Android framework issue where getIntentForButton in ButtonManager.java fails to perform a necessary permission check, allowing an unprivileged app to start a non-exported or permission-protected activity. This yields local escalation of privilege with no extra executio...

7.8CVSS7.7AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21299

CVE-2023-21299 affects Android’s Package Manager, allowing an attacker to determine whether an app is installed via a side‑channel information disclosure. Impact: local information disclosure without extra privileges or user interaction. The vulnerability is described in multiple sources (includi...

5.5CVSS5.6AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21303

CVE-2023-21303 is an information-disclosure flaw affecting Android where an attacker can infer whether an app is installed via a side channel without query permissions. It enables local information leakage with no user interaction and requires only local access. Android 14 release notes indicate ...

5.5CVSS5.6AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21304

CVE-2023-21304 describes an information-disclosure flaw in Android’s Content Service that can reveal whether an app is installed without query permissions, via a side-channel. The issue allows local information leakage without extra execution privileges and does not require user interaction to ex...

5.5CVSS5.1AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21318

CVE-2023-21318 affects the Android Framework layer in Android 14, where a side-channel information disclosure could allow an attacker to infer whether an arbitrary app is installed. The NVD entry describes a local attack with low complexity, requiring low privileges and no user interaction, leadi...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21338

CVE-2023-21338 affects Android’s Input Method. The issue is a side-channel information disclosure that lets an app determine whether another app is installed without query permissions, enabling local elevation of privilege with no additional execution privileges required. The Android 14 security ...

5.5CVSS5.7AI score0.00097EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21344

CVE-2023-21344 affects Android’s Job Scheduler. The issue enables a local attacker to determine whether an app is installed via a side-channel information disclosure, without query permissions and with no user interaction. Impact is local information disclosure; exploitation requires local access...

5.5CVSS5.6AI score0.00103EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21349

In CVE-2023-21349, the Android Package Manager exposes a side-channel to determine whether an app is installed without query permissions, enabling local information disclosure with no privileges required and no user interaction. Multiple connected sources (NVD entry and Red Hat/CVE pages, CNVD, a...

3.3CVSS4.4AI score0.00084EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.44 views

CVE-2023-30866

CVE-2023-30866 affects the telephony service, with a missing permission check that could lead to local information disclosure without extra privileges. The impact is described as high confidentiality risk but no exploitation details or specific vulnerable versions are provided in the connected do...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.44 views

CVE-2023-30920

CVE-2023-30920 affects a messaging service where a missing permission check allows local information disclosure without extra execution privileges. The NVD entry assigns CVSS 3.1: Local access, Low attack complexity, Privileges Required: Low, with Confidentiality impact High and no integrity/avai...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.44 views

CVE-2023-32862

MediaTek chips (display module) affected by CVE-2023-32862 due to an incorrect bounds check, causing an out-of-bounds read that could enable local privilege escalation to System. Exploitation reportedly requires no user interaction; base CVSS suggests local access with high impact on confidential...

6.7CVSS6.6AI score0.00111EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.44 views

CVE-2023-32882

The CVE-2023-32882 entry relates to memory corruption in the battery module of MediaTek-based devices. The vulnerability arises from a missing bounds check in the battery component, enabling local escalation of privilege with System execution privileges required and no user interaction needed. Af...

6.7CVSS6.8AI score0.0011EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.44 views

CVE-2023-33894

The CVE-2023-33894 entry describes a vulnerability in the fastDial service where a missing permission check allows local information disclosure without additional execution privileges. Affected product scope is centered on fastDial-related implementations (e.g., UNISOC chipsets as referenced in r...

5.5CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.44 views

CVE-2023-33915

CVE-2023-33915 concerns the LTE protocol stack where a missing permission check may enable remote information disclosure without extra execution privileges. The vulnerability is described across multiple sources (e.g., UNISOC-related entries and Red Hat/NVD records) with root cause as a missing p...

7.5CVSS7.2AI score0.00347EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.44 views

CVE-2023-40639

The CVE-2023-40639 issue concerns the SoundRecorder service with a missing permission check that could lead to local information disclosure without requiring additional privileges. Multiple sources (NVD, Red Hat CVE page, CVE lists) confirm the vulnerability description and classify the impact as...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.44 views

CVE-2023-42643

CVE-2023-42643: The vulnerability is in validationtools, where a missing permission check could allow local information disclosure without additional privileges. The affected software component is described as validationtools; the underlying cause is insufficient access control enabling disclosur...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.44 views

CVE-2023-42710

CVE-2023-42710 concerns the UNISOC chipset firewall service. A missing permission check allows writing permission usage records for an app, potentially leaking information locally without requiring extra execution privileges. Affected: firewall service on UNISOC chipsets (devices not explicitly n...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.44 views

CVE-2023-48353

CVE-2023-48353 affects the vsp driver (UNISOC chipsets). A logic error can cause a use-after-free in the driver, leading to local denial of service with SYSTEM execution privileges required. CVSS 3.1/3.1 indicates LOCAL access, HIGH privileges, and an Availability impact. Public details describe ...

4.4CVSS4.8AI score0.00084EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.44 views

CVE-2023-48358

CVE-2023-48358 is an out-of-bounds write in the DRM driver caused by a missing bounds check, leading to local denial of service with SYSTEM privileges. Affected component: DRM driver (noted in Red Hat/NVD records; associated with Unisoc chipsets per CNNVD). CVSS v3.1 metrics indicate a MEDIUM bas...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.44 views

CVE-2024-20096

The CVE-2024-20096 issue concerns the m4u component in MediaTek silicon/chips, where a missing bounds check allows an out-of-bounds read. Impact stated across sources includes local information disclosure with the potential for system-level execution privileges required; exploitation is not depen...

4.4CVSS6.2AI score0.00099EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.44 views

CVE-2024-20122

In vdec, a defect described as an out-of-bounds read due to improper structure design could cause local information disclosure with system-level privileges required. The vulnerability requires no user interaction for exploitation. A remediation is listed as Patch ID ALPS09008925 (Issue MSV-1572)....

4.4CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2026/01/16 6:19 p.m.44 views

CVE-2025-48647

CVE-2025-48647 affects the Google CPM IPC path: cpm_fwtp_msg_handler in cpm/google/lib/tracepoint/cpm_fwtp_ipc.c. The issue is a memory overwrite caused by improper input validation, enabling local elevation of privilege with no additional privileges or user interaction required. Impact is descri...

7.8CVSS6.5AI score0.00089EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2014-9781

CVE-2014-9781 is a buffer overflow in drivers/video/fbcmap.c within the Qualcomm components of Android on Nexus 7 (2013) devices, prior to 2016-07-05. The underlying issue is a buffer overflow in the fbcmap driver that could allow a crafted application to escalate privileges. Affected stack: Andr...

9.3CVSS7.6AI score0.00605EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2014-9782

The CVE-2014-9782 issue concerns Qualcomm MSM camera actuator code (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c) in Android on Nexus 5/7 (2013) devices. The root cause is lack of validation for direction and step parameters, enabling privilege escalation via a crafted app....

9.3CVSS7.5AI score0.00571EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2014-9793

The CVE-2014-9793 issue affects Android on Nexus 7 (2013) devices, where platform/msm_shared/mmc.c in Qualcomm components mishandles the power-on write-protect feature. This can allow a local attacker to escalate privileges via a crafted app. Root cause is a mishandling of write-protect on power-...

9.3CVSS7.5AI score0.00545EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2014-9796

CVE-2014-9796 affects Android on Nexus 5 and Nexus 7 (2013) via the Qualcomm component’s app/aboot/aboot.c, where the kernel header page size is not validated, enabling a crafted boot image to bypass access restrictions. Public details are tied to Android/Qualcomm bug references (28820722, CR6847...

9.3CVSS7.2AI score0.00551EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2014-9800

CVE-2014-9800 is an integer overflow in lib/heap/heap.c within the Qualcomm component of Android on Nexus 5 and Nexus 7 (2013) devices prior to 2016-07-05. The vulnerability could be triggered by a crafted application to gain privileges, as described in multiple sources (Android/Qualcomm internal...

9.3CVSS7.6AI score0.00545EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2014-9974

CVE-2014-9974 is described in connected records as a Qualcomm component vulnerability affecting Android CAF builds using the Linux kernel, arising from missing validation of buffer lengths in Keymaster. The CNVD-2017-26641 entry explicitly documents a buffer length validation failure in the Qualc...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2014-9977

CVE-2014-9977 describes a buffer overflow in the PlayReady DRM within Qualcomm closed‑source components used by Android CAF on Linux, enabling potential arbitrary code execution or denial of service as described in linked CNVD/NVD entries. Affected: Qualcomm PlayReady DRM in Android CAF/Linux ker...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2014-9979

CVE-2014-9979 affects Qualcomm products with CAF Android builds using the Linux kernel. The vulnerability is a TrustZone system call issue caused by an uninitialized variable in the kernel, potentially leading to compromise of secure memory. The available documents explicitly describe the root ca...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2015-8888

CVE-2015-8888 affects the Qualcomm component in Android on Nexus 5. An integer overflow in the file app/aboot/aboot.c can be triggered by crafted block count and block size in a sparse header, allowing bypass of access restrictions. This is tied to Android prior to 2016-07-05 (Android bug 2882246...

9.3CVSS7.5AI score0.00543EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2015-9035

CVE-2015-9035 describes a memory-management defect in Qualcomm components used in Android CAF builds on Linux kernels, where a memory buffer is not freed after use, potentially leading to memory exhaustion. Public sources in the connected set (NVD entry, CNVD-2017-26829, CNVD/CVEs and EUVD-2015-8...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2015-9047

CVE-2015-9047 affects Qualcomm components in Android CAF builds using the Linux kernel, describing a GNSS vulnerability that occurs when a scan is performed after bootup. The CVE entry notes affected software as Qualcomm products with CAF Android releases and the GNSS subsystem, with a CVSSv3 bas...

10CVSS7.8AI score0.00805EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2015-9055

Technical details for CVE-2015-9055 are not publicly provided in the connected documents. Please monitor for updates; current documents do not specify affected products, versions, root cause, or fixes beyond the high‑level description.

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/04/21 2:0 p.m.43 views

CVE-2016-0833

Technical details about CVE-2016-0833 are not publicly available in the supplied documents. Monitor for updates from official advisories.

7.8CVSS7.2AI score0.00585EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.43 views

CVE-2016-0850

The CVE-2016-0850 issue concerns the PORCHE_PAIRING_CONFLICT in Android’s Bluetooth stack, which allows a remote attacker to bypass pairing restrictions by presenting a crafted device. Affected Android versions include 4.x (before 4.4.4), 5.x (before 5.0.2 for 5.0, before 5.1.1 for 5.1), and 6.x ...

8.8CVSS7.5AI score0.00583EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.43 views

CVE-2016-10337

Technical details for CVE-2016-10337 are not publicly available in the provided connected documents. The materials confirm a generic Android/Linux kernel validation issue but do not specify affected products, versions, exploitability, impact, or fixes. Monitor for updates.

5.5CVSS5.9AI score0.00485EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2016-10347

CVE-2016-10347 affects Qualcomm components in Android CAF builds using the Linux kernel; the issue is that an argument to a hypervisor function is not properly validated, enabling potential remote exploitation. The vulnerability is serious (CVSS v3 base score 9.8, CRITICAL) with network access an...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2016-10384

CVE-2016-10384 affects Qualcomm products with Android CAF builds that use the Linux kernel and involve the WLAN driver ioctl. The underlying issue is a potentially reachable assertion in the WLAN driver ioctl, as described in the CVE entry. The Android Security Bulletin (April 2018) notes securit...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.43 views

CVE-2016-2423

CVE-2016-2423 concerns the Telephony component in Android, specifically server/telecom/CallsManager.java, where provisioning status is not properly checked. This allows physically proximate attackers to bypass Factory Reset Protection (FRP) and delete data via unspecified vectors. Affected versio...

6.6CVSS6.2AI score0.0018EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.43 views

CVE-2016-2497

The CVE affects Android framework APIs, specifically PackageManagerService.java, and concerns an elevation of privilege where a pre-installed, updated, or updated app can increase its intent-filter priority via a crafted application. Affected versions include Android 4.x up to 4.4.3, Android 5.0....

7.5CVSS6.9AI score0.00595EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.43 views

CVE-2016-2498

CVE-2016-2498 affects the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) devices, prior to 2016-06-01, enabling a crafted application to bypass data access restrictions and potentially disclose data. The vulnerability is documented as an information-disclosure issue tied to the Wi‑Fi driver. ...

5.5CVSS6.1AI score0.00356EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2016-3747

CVE-2016-3747 is a use-after-free vulnerability in the mm-video-v4l2 venc component of Android’s Mediaserver. The flaw affects Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01. Exploitation could allow a crafted application to escalate privileges, demons...

10CVSS7.4AI score0.00424EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2016-3750

CVE-2016-3750 affects Android’s Parcels Framework APIs, specifically libs/binder/Parcel.cpp, where the return value of dup() is not validated. This could allow a local attacker to bypass the OS isolation protections via a crafted application, as described for Android 4.x before 4.4.4, 5.0.x befor...

7.8CVSS7.3AI score0.00361EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2016-3759

The CVE-2016-3759 entry documents a vulnerability in Android Framework APIs where an attacker with a crafted priv-app can insert a backup transport to read backup data (internal bug 28406080). Affected are Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01. The impact is in...

5CVSS4.5AI score0.00313EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2016-3770

CVE-2016-3770 concerns MediaTek driver privilege-escalation on Android One devices. The issue arises from MediaTek drivers in Android prior to 2016-07-05 that allow a locally crafted application to gain elevated privileges (Android internal bug 28346752; MediaTek ALPS02703102). The vulnerability ...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.43 views

CVE-2016-3814

CVE-2016-3814 : NVIDIA kernel driver’s camera component has a heap-buffer overwrite vulnerability that can cause denial of service. Connected docs confirm the heap-overwrite and DoS potential; no explicit remediation details are provided in the supplied materials.

5.5CVSS5.4AI score0.00367EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.43 views

CVE-2016-3830

CVE-2016-3830 affects Android Mediaserver’s Mediaserver component, specifically codecs/aacdec/SoftAAC2.cpp in libstagefright. The underlying flaw allows a crafted ADTS data packet to trigger a denial of service, causing device hang or reboot. Affected Android branch versions are 4.x before 4.4.4,...

7.1CVSS5.8AI score0.00574EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.43 views

CVE-2016-3845

CVE-2016-3845 refers to an elevation of privilege in the kernel video driver on Nexus 5 devices running Android prior to 2016-08-05. The vulnerability could allow a local attacker with a crafted application to gain higher privileges within the kernel context. The issue is tied to the kernel video...

9.3CVSS7.3AI score0.00411EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.43 views

CVE-2016-3883

CVE-2016-3883 affects Android Telephony’s SMSDispatcher.java in the Telephony stack. The flaw is that premium-SMS warnings are not properly constructed, allowing a crafted app to spoof the premium-payment confirmation dialog. Affected Android versions include 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5...

5.5CVSS5.6AI score0.0044EPSS
Total number of security vulnerabilities8153