Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/07/04 1:44 a.m.42 views

CVE-2023-20759

In cmdq, a memory corruption flaw is caused by a missing bounds check, potentially enabling local denial of service with SYSTEM privileges. Exploitation does not require user interaction. A patch is available (Patch ID: ALPS07636133; Issue ID: ALPS07634601).

4.4CVSS4.8AI score0.00103EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.42 views

CVE-2023-20822

CVE-2023-20822 affects netdagent and involves an out-of-bounds write caused by a missing bounds check. The issue can lead to local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. A patch referenced in sources is ALPS07944012 (...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.42 views

CVE-2023-21311

CVE-2023-21311 describes an information-disclosure vulnerability in Android Settings where a permissions bypass could let a secondary user control private DNS settings. Exploitation is local (ATT&CK-like, not remote), requires no user interaction, and could disclose private information without ad...

5.5CVSS5.2AI score0.00084EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.42 views

CVE-2023-21341

CVE-2023-21341 concerns Android’s Permission Manager, where a missing permission check can bypass required permissions, enabling local elevation of privilege. The issue is described as a local, low-privilege escalation with no user interaction required. Affected product/area: Android components r...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.42 views

CVE-2023-30923

CVE-2023-30923 involves a missing permission check in the messaging service, enabling local information disclosure without requiring any additional execution privileges. The available sources describe the vulnerability at the component level (messaging service) and the impact (local information d...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.42 views

CVE-2023-32852

CVE-2023-32852 affects the cameraisp module. The vulnerability is an information disclosure caused by improper input validation, enabling local disclosure with SYSTEM privileges required and no user interaction. The documented attack vector is LOCAL with HIGH privileges required; no exploitation ...

4.4CVSS4.3AI score0.00108EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.42 views

CVE-2023-32866

CVE-2023-32866 affects the MediaTek mmp module. The vulnerability is a memory corruption caused by an incorrect bounds check in mmp, enabling local escalation of privilege with System execution privileges required. Exploitation is reported to require no user interaction. The entry notes a patch/m...

6.7CVSS6.8AI score0.00111EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.42 views

CVE-2023-33914

CVE-2023-33914 concerns UNISOC chipsets where the NIA0 algorithm used in Security Mode Command may accept invalid input due to missing verification, enabling remote information disclosure without extra privileges. The publicly provided sources confirm the issue but do not specify a fixed version ...

7.5CVSS7.2AI score0.0036EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.42 views

CVE-2023-38445

In CVE-2023-38445, the vulnerable component is vowifiservice. The root cause is a missing permission check, which could allow local denial of service without additional privileges. The NVD entry assigns a CVSS‑3.1 base score of 5.5 (Local, Low attack complexity, privileges required: Low, impact: ...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.42 views

CVE-2023-40647

CVE-2023-40647 concerns a missing permission check in the Messaging component that could enable local information disclosure without requiring additional execution privileges. Multiple connected sources (including Red Hat, NVD, CNNVD, and related advisories) consistently describe the issue as a l...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.42 views

CVE-2023-48359

CVE-2023-48359 affects the autotest driver (Unisoc-based platforms) and is caused by improper input validation that can trigger an out-of-bounds write. The documented impact is a local denial of service with SYSTEM privileges required. Affected scope and exact product/version details are not expl...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.42 views

CVE-2024-20109

CVE-2024-20109 affects the component identified as ccu (referenced across Red Hat/NVD entries and related advisories). The root cause is a missing bounds check that allows an out-of-bounds write, resulting in local escalation of privileges with System-level execution privileges required. No user ...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.42 views

CVE-2025-48545

CVE-2025-48545 affects Android’s AccountManagerService.isSystemUid in AccountManagerService.java, enabling a confused deputy to let an app access privileged APIs. This constitutes local privilege escalation with no additional execution privileges and no user interaction required. Public details i...

7.1CVSS6AI score0.00088EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.42 views

CVE-2026-0041

In the connected disclosures, CVE-2026-0041 is tied to an integer overflow in multiple functions of ubsan_throwing_runtime.cpp, causing a UBSan failure that can lead to remote denial of service without extra privileges or user interaction. PT-2026-4712 explicitly flags Chromium as affected, notin...

6.5CVSS6AI score0.00253EPSS
CVE
CVE
added 2017/06/08 8:0 p.m.41 views

CVE-2014-7919

CVE-2014-7919 affects Android in b/libs/gui/ISurfaceComposer.cpp, where a null pointer dereference can cause denial of service (process crash). Connected CNVD/NVD entries confirm the Android component and impact. No specific patch/version details or exploitation data are provided in the documents...

7.5CVSS7.2AI score0.00803EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.41 views

CVE-2014-9947

Technical details about CVE-2014-9947 are not provided in the connected documents. The initial description indicates a TrustZone information exposure in CAF Android builds, but there are no product, version, impact, or fix specifics to act on. Monitor for updates.

5.5CVSS5.7AI score0.00407EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.41 views

CVE-2014-9956

CVE-2014-9956 technical details are not publicly provided in the supplied documents; no concrete affected component/version/root cause/fix is disclosed here. Monitor for updates.

10CVSS8.7AI score0.0113EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.41 views

CVE-2016-2445

CVE-2016-2445 affects the NVIDIA media driver on Android for Nexus 9 devices prior to 2016-05-01. The vulnerability is an elevation of privilege: a crafted application could gain privileged access, with local attack vector and user interaction required. CVSS‑3 metrics indicate Local access, High ...

7.6CVSS7AI score0.00457EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.41 views

CVE-2016-2472

CVE-2016-2472 affects the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) devices, where a crafted application could escalate privileges due to a driver vulnerability present before 2016-06-01. The Android bulletin confirms mitigation via security updates and patch levels of June 2016 (Nexus O...

9.3CVSS8AI score0.00421EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.41 views

CVE-2016-2478

CVE-2016-2478 affects Android Mediaserver, specifically mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver. The root cause is mishandling of pointers, allowing a crafted app to gain privileges (Signature or SignatureOrSystem). Affected Android versions: 4.x before 4.4.4, 5.0.x before...

9.3CVSS8AI score0.00419EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3752

CVE-2016-3752 affects Android 6.x, where internal/app/ChooserActivity.java in the ChooserTarget service mishandles target security checks, enabling a local attacker with a crafted app to escalate privileges. The issue is categorized as an elevation of privilege in the ChooserTarget service. Affec...

7.8CVSS7.4AI score0.00504EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3756

CVE-2016-3756 : Tremolo/res012.c in mediaserver on Android affects 4.x up to 4.4.3/4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x up to 2016-07-01. The issue arises because Tremolo’s mediaserver component does not validate the number of partitions in crafted media files, allowing a remote a...

7.8CVSS7AI score0.00679EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3767

CVE-2016-3767 is an elevation-of-privilege flaw in the MediaTek Wi‑Fi driver affecting Android One devices prior to the 2016-07-05 patch level. A locally executed, crafted application could gain kernel privileges due to MediaTek internal bug ALPS02689526 (Android internal bug 28169363). The issue...

9.3CVSS7.5AI score0.00412EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3792

CVE-2016-3792 affects the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) before 2016-07-05. The issue arises from mishandling userspace data copying in CORE/HDD/src/wlan_hdd_hostapd.c, enabling local privilege escalation via a crafted app (requires user interaction). References indicate this ...

9.3CVSS7.5AI score0.00439EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3797

The CVE-2016-3797 entry describes an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android devices (Nexus 5X) prior to 2016-07-05. The issue could allow a locally running, crafted application to gain kernel-level privileges. The vulnerability is tied to Qualcomm internal bu...

9.3CVSS7.5AI score0.00502EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3798

CVE-2016-3798 affects the MediaTek hardware sensor driver on Android One devices. A locally exploitable privilege-escalation occurs when a crafted application is processed by the MediaTek sensor driver, tied to Android internal bug 28174490 and MediaTek ALPS02703105. The vulnerability is listed a...

9.3CVSS7.5AI score0.00412EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.41 views

CVE-2016-3801

CVE-2016-3801 affects MediaTek GPS driver on Android One devices prior to 2016-07-05. Root cause: elevation of privilege via a crafted application exploiting MediaTek internal bug ALPS02688853. Impact: local privilege escalation to system could occur; vendor-specific patch not publicly detailed, ...

9.3CVSS7.5AI score0.00412EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.41 views

CVE-2016-3825

CVE-2016-3825 affects Android Mediaserver (mm-video-v4l2/vidc/venc/src/omx_video_base.cpp) where a faulty memory allocation in mediaserver could allow a privilege escalation via a crafted app. Affected are Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01. The issue is des...

7.8CVSS7.5AI score0.002EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.41 views

CVE-2016-3833

The CVE-2016-3833 entry describes a privilege-elevation issue in the Android Shell. The Shell component in Android versions 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, allowing a crafted application to b...

9.3CVSS7.2AI score0.00476EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.41 views

CVE-2016-3843

CVE-2016-3843 describes a local privilege-escalation on Android before 2016-08-05, allowing a crafted application to gain kernel-level privileges via the kernel performance subsystem and Qualcomm performance component (Android internal bugs 28086229/29119870; CR1011071). The vulnerability affects...

9.3CVSS7.7AI score0.0079EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.41 views

CVE-2016-3853

CVE-2016-3853 involves Google Play services on Nexus devices. The issue allows a local attacker to bypass Factory Reset Protection and delete data via unspecified vectors (internal bug 26803208). The description in the CVE notes this is an elevation of privilege within Google Play services, not a...

5.5CVSS5.7AI score0.00142EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.41 views

CVE-2016-3855

CVE-2016-3855 affects Qualcomm components in Android; the issue is in drivers/thermal/supply_lm_core.c where a count parameter is not validated, enabling out-of-bounds memory access and potentially a denial of service or other impact via a crafted application. The documents reference Qualcomm int...

7.8CVSS7.8AI score0.00385EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.41 views

CVE-2016-3882

CVE-2016-3882 describes an off-by-one error in server/wifi/anqp/VenueNameElement.java within Android’s Wi‑Fi stack. Affected products are Android 6.x before 2016-10-01 and Android 7.0 before 2016-10-01. By connecting to a crafted access point that supplies a targeted (Venue Group or Venue Type) v...

6.5CVSS6.7AI score0.00442EPSS
CVE
CVE
added 2018/01/23 1:0 a.m.41 views

CVE-2016-5345

CVE-2016-5345: Buffer overflow in the Qualcomm radio driver on Android One devices allows a local unprivileged user to gain privileges via a crafted app (Android internal bug 32639452; Qualcomm internal bug CR1079713). Affected software is Android with Qualcomm radio driver; vulnerability details...

7CVSS7.6AI score0.00445EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.41 views

CVE-2016-6673

CVE-2016-6673 is an elevation-of-privilege flaw in the NVIDIA camera driver on Android devices (Nexus 9) prior to 2016-10-05. A specially crafted app could exploit this to gain kernel/privileged access. CNVD-2016-09382 explicitly describes a privilege- acquisition vulnerability and an attacker us...

9.3CVSS8AI score0.00389EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.41 views

CVE-2016-6685

Technical details for CVE-2016-6685 are not publicly provided in the supplied connected documents. Monitor for updates. The entry notes a kernel information disclosure on Nexus 6P but lacks specifics on root cause, affected components, remediation, or exploit status.

5.5CVSS5.7AI score0.00392EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.41 views

CVE-2016-6718

CVE-2016-6718 is an elevation-of-privilege issue in the Android 7.0 Account Manager Service. A local malicious app could bypass user interaction requirements and retrieve sensitive information without user consent. The root cause is a local bypass of interaction prompts within the Account Manager...

5.5CVSS5.6AI score0.00402EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.41 views

CVE-2016-7988

The CVE describes an issue on Samsung Galaxy devices (S4–S7) where the BroadcastReceiver for com.[Samsung].android.intent.action.SET_WIFI lacks required permissions. This permits unsolicited configuration messages to be processed by wifi-service.jar within the Android Framework, as part of the vu...

7.8CVSS7.2AI score0.00604EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.41 views

CVE-2017-11074

CVE-2017-11074 affects Qualcomm WLAN in Android on MSM platforms (CAF-based kernels) via an obsolete set/reset ssid hotlist API in the WLAN stack. Root cause: legacy API left in kernel/UI interfaces enabling privilege escalation. Impact: as per CVSS, high confidentiality, integrity, and availabil...

7.8CVSS7.2AI score0.0016EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.41 views

CVE-2017-14869

CVE-2017-14869 affects Android for MSM, Firefox OS for MSM, QRD Android with CAF Linux kernel in the FOTA update path. The issue is that during FOTA partition updates, uninitialized data can be pushed to storage, potentially leaking information. The provided sources confirm affected platforms and...

7.5CVSS7AI score0.00521EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.41 views

CVE-2017-14889

CVE-2017-14889 affects Android for MSM, Firefox OS for MSM, and QRD Android builds derived from CAF Linux kernels. The root cause is a missing range check on the array index into the WMI descriptor pool, which could allow arbitrary address execution in the process mgmt completion handler. Reporte...

7.8CVSS7.2AI score0.00199EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.41 views

CVE-2017-15830

CVE-2017-15830 affects the Qualcomm SME driver in Android on MSM (CAF Linux kernel lineage). The root cause is improper initialization of the ch_list array index in function sme_set_plm_request(), which can lead to a buffer overflow. The vulnerability is categorized as EoP (elevation of privilege...

7.8CVSS7.3AI score0.00186EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.41 views

CVE-2017-15861

CVE-2017-15861 describes an elevation-risk issue in Qualcomm WLAN on Android CAF with Linux kernel where wma_roam_synch_event_handler uses a firmware-provided vdev_id to index an array without validation. This could potentially lead to out-of-bounds access affecting confidentiality, integrity, an...

7.8CVSS7.2AI score0.0015EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.41 views

CVE-2017-18154

CVE-2017-18154 describes a local elevation-of-privilege issue in Android’s media stack: a crafted binder request can trigger an arbitrary unmap in MediaServer on CAF-based Android (Android for MSM, Firefox OS for MSM, QRD Android) via the Linux kernel. Public details in NVD/Android bulletins indi...

7.8CVSS5.4AI score0.0017EPSS
CVE
CVE
added 2020/04/07 1:58 p.m.41 views

CVE-2017-18693

CVE-2017-18693 affects Samsung mobile devices running KK (4.4), L (5.0/5.1), M (6.0), and N (7.0). A buffer overflow is reported in the fps sysfs entry , with Samsung ID SVE-2016-7510 . Connected sources (Red Hat, CVE listings) corroborate the same description. The documents do not specify affect...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2017/12/06 6:0 p.m.41 views

CVE-2017-6262

The CVE-2017-6262 entry concerns an Elevation of Privilege in the NVIDIA driver within Android, caused by a race condition leading to a use-after-free, which could allow unauthorized code execution at the local attacker level and escalate privileges. The vulnerability is classified as EoP/High im...

7CVSS7.1AI score0.00156EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.41 views

CVE-2017-9712

CVE-2017-9712 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel. A too-large IE length provided by userspace to wlan_hdd_cfg80211_set_ie triggers a buffer over-read. Documented impact is a buffer over-read; exploitation details are not provided in the supp...

7.5CVSS7AI score0.00556EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.41 views

CVE-2018-11261

Technical details about CVE-2018-11261 are not publicly provided in the supplied connected documents. Monitor for updates; no concrete affected products, versions, or fixes are confirmed in these sources.

7.8CVSS7.4AI score0.00193EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.41 views

CVE-2018-11270

CVE-2018-11270 affects CAF builds for Android on MSM where a kernel path using devm_kzalloc can fail during probe, leading to automatic memory release by the kernel and potential data corruption. The description documents the root cause (memory management in the kernel) and the potential impact (...

7.8CVSS7.3AI score0.00192EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.41 views

CVE-2018-11275

CVE-2018-11275 affects Qualcomm/CAF Android boot components (Bootloader) across Android for MSM variants. The issue arises during image flashing via FastbootLib when the payload size is not divisible by the block size, causing an information disclosure. The vulnerability is characterized as a loc...

5.5CVSS5.3AI score0.00191EPSS
Total number of security vulnerabilities8153