Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0172

CVE-2020-0172 affects Android 10, where in Parse_art of eas_mdls.c a bounds check is missing, leading to potential resource exhaustion and remote denial of service. The issue requires user interaction for exploitation and is categorized as DoS with a network attack vector (per CVSS data: CVSS v3....

6.5CVSS6.8AI score0.00762EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0192

CVE-2020-0192 affects Android 10 in the Media Framework. The issue is an out-of-bounds read in ih264d_decode_slice_thread (ih264d_thread_parse_decode.c) caused by improper input validation, enabling remote information disclosure with user interaction required for exploitation. Public references i...

6.5CVSS6.6AI score0.00732EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0211

CVE-2020-0211 refers to a vulnerability in Android 10 where an out-of-bounds read in SumCompoundHorizontalTaps within convolve_neon.cc can lead to remote information disclosure. Exploitation requires user interaction per the description. The issue is documented across multiple sources (NVD, RH, C...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2020/06/16 1:30 p.m.41 views

CVE-2020-0232

CVE-2020-0232 is reported in the Android kernel (Airbrush component). The issue arises when abc_pcie_issue_dma_xfer_sync creates a transfer object, stores it in a session, and a concurrent thread can fetch that object and delete it via abc_pcie_dma_user_xfer_clean. If this occurs, the original th...

9.8CVSS8.9AI score0.00443EPSS
CVE
CVE
added 2020/09/18 3:22 p.m.41 views

CVE-2020-0291

CVE-2020-0291 affects Android 11 and is described as a Bluetooth out-of-bounds read due to a missing bounds check. It could enable local information disclosure with System execution privileges and does not require user interaction. Exploitation details are not provided in the supplied documents. ...

4.4CVSS5AI score0.00161EPSS
CVE
CVE
added 2020/09/18 3:23 p.m.41 views

CVE-2020-0300

CVE-2020-0300 affects Android 11 NFC handling, where an out-of-bounds read from uninitialized data can lead to remote information disclosure without user interaction. The NVD CVSSv3.1 base score is 7.5 (High) with network attack vector and no privileges required; CVSSv2 base score 5.0 (Medium). A...

7.5CVSS7.3AI score0.00804EPSS
CVE
CVE
added 2020/09/17 8:57 p.m.41 views

CVE-2020-0301

CVE-2020-0301 affects Android 11 and is tied to libstagefright, where improper input validation can cause resource exhaustion and remote denial of service. The vulnerability supports a DoS condition without additional privileges; exploitation requires user interaction. The CVE is documented in NV...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/09/17 8:48 p.m.41 views

CVE-2020-0308

CVE-2020-0308 affects the Android 11 Window Manager. The root cause is an unsafe PendingIntent that enables a permission bypass, allowing local information disclosure without user interaction. Vulnerable component: Window Manager (Android-11). Impact: information disclosure with user privileges; ...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2020/09/17 8:57 p.m.41 views

CVE-2020-0320

CVE-2020-0320 affects the Android library libstagefright and is described as a resource exhaustion vulnerability caused by improper input validation. This can lead to remote denial of service with no additional execution privileges required, with exploitation requiring user interaction. The issue...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/09/18 3:5 p.m.41 views

CVE-2020-0326

CVE-2020-0326 affects Android 11 via an NFC-related out-of-bounds write caused by uninitialized data, enabling local privilege escalation with System-level privileges and no user interaction required. Multiple connected sources confirm the issue in Android 11’s NFC handling; remediation is addres...

6.7CVSS7.2AI score0.00149EPSS
CVE
CVE
added 2020/09/17 8:55 p.m.41 views

CVE-2020-0329

CVE-2020-0329 affects the OMX encoder in Android 11. The root cause is an out-of-bounds read caused by invalid input validation, enabling local information disclosure without user interaction or additional privileges. The issue is documented in the Android 11 security release notes and related ad...

5.5CVSS5.7AI score0.0014EPSS
CVE
CVE
added 2020/09/17 8:55 p.m.41 views

CVE-2020-0340

CVE-2020-0340 affects Android 11 via the libcodec2_soft_mp3dec component, where uninitialized data can cause information disclosure. The issue allows remote information disclosure with no execution privileges and requires user interaction to exploit. The provided connected documents confirm the v...

6.5CVSS6.6AI score0.00732EPSS
CVE
CVE
added 2020/09/17 8:49 p.m.41 views

CVE-2020-0352

CVE-2020-0352 affects Android 11 MediaProvider. The vulnerability is a SQL injection in MediaProvider that can bypass permissions, enabling local information disclosure without extra privileges or user interaction. Impact is limited to partial confidentiality loss on affected devices. Remediation...

5.5CVSS6.1AI score0.00228EPSS
CVE
CVE
added 2020/09/17 8:55 p.m.41 views

CVE-2020-0355

CVE-2020-0355 affects libFraunhoferAAC in Android 11. It is an out-of-bounds read due to a missing bounds check, enabling remote information disclosure with no execution privileges. Exploitation requires user interaction. The issue is documented across multiple sources (NVD, RH, NCSC) and is list...

6.5CVSS6.5AI score0.00842EPSS
CVE
CVE
added 2020/09/17 8:56 p.m.41 views

CVE-2020-0359

CVE-2020-0359 affects the Android GLESRenderEngine on Android 11, where an out-of-bounds read caused by a buffer overflow could enable local information disclosure without user interaction. The issue is described as a local vulnerability with no execution privileges required and no interaction ne...

5.5CVSS5.9AI score0.00158EPSS
CVE
CVE
added 2020/09/17 8:49 p.m.41 views

CVE-2020-0372

CVE-2020-0372 affects Android 11. In ActivityManager, a missing permission check enables local information disclosure of protected data without extra execution privileges. Impact is confined to information disclosure (confidentiality), with no user interaction required. The issue is addressed in ...

5.5CVSS5.7AI score0.00132EPSS
CVE
CVE
added 2020/09/17 6:28 p.m.41 views

CVE-2020-0403

CVE-2020-0403 affects the FPC TrustZone fingerprint app and can enable local elevation of privilege in the TEE via an exposed test feature, requiring System-level privileges with no user interaction (per the NVD/Red Hat/PRION entries). The issue is categorized as Elevation of Privilege (EoP) affe...

7.2CVSS7.2AI score0.00154EPSS
CVE
CVE
added 2020/09/18 3:6 p.m.41 views

CVE-2020-0405

CVE-2020-0405 affects Android 11. In the NetworkStackNotifier, an unsafe implicit PendingIntent can bypass permissions, enabling local elevation of privilege with User execution privileges required but no user interaction. Documentation across multiple sources (NVD/Red Hat/CNVD) confirms this vul...

7.8CVSS8.2AI score0.00139EPSS
CVE
CVE
added 2020/09/17 6:46 p.m.41 views

CVE-2020-0434

CVE-2020-0434 relates to Pixel’s use of the Catpipe library, where a use-after-free leads to memory corruption in the Android kernel and enables local privilege escalation without user interaction. The impact is Local Privilege Escalation with high severity (per CVSS), affecting Pixel devices via...

7.8CVSS8.3AI score0.00157EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.41 views

CVE-2020-0479

The CVE-2020-0479 issue affects Android 11 and is described as a permissions bypass in DocumentsProvider.java (callUnchecked), enabling a malicious app to access files managed by a DocumentProvider without user permission. Exploitation requires user interaction, and the vulnerability allows local...

7.8CVSS8.1AI score0.00393EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.41 views

CVE-2020-0484

CVE-2020-0484 describes a memory corruption vulnerability caused by a use-after-free in the Android component’s ComposerClient.h destroyResources. The issue could allow local elevation of privilege , requiring no user interaction for exploitation and potentially enabling execution with system-lev...

6.7CVSS7.3AI score0.0014EPSS
CVE
CVE
added 2020/03/24 5:30 p.m.41 views

CVE-2020-10847

CVE-2020-10847 affects Samsung mobile devices running P(9.0) on Galaxy S8 and Note8, where the facial recognition system can be spoofed. The core issue is a vulnerability in biometric authentication allowing an attacker to bypass security controls. The connected Red Hat and NVD entries confirm th...

6.8CVSS6.7AI score0.00135EPSS
CVE
CVE
added 2020/04/08 3:14 p.m.41 views

CVE-2020-11601

CVE-2020-11601 affects Samsung mobile devices running P (9.0) and Q (10.0). The issue enables unauthorized access to applications in the Secure Folder via floating icons. Connected sources corroborate the Secure Folder access problem (Samsung ID SVE-2019-16195). No concrete root cause, affected c...

5.5CVSS5.5AI score0.00148EPSS
CVE
CVE
added 2020/12/15 4:3 p.m.41 views

CVE-2020-27039

CVE-2020-27039 : A flaw in Android 11 related to postNotification in ServiceRecord.java enables a local permission bypass via an unsafe PendingIntent. This could lead to local information disclosure with low to medium risk (CVSSv3.1 base score 5.5; LOCAL, NONE user interaction). Exploitation is d...

5.5CVSS5.8AI score0.00143EPSS
CVE
CVE
added 2020/12/15 4:5 p.m.41 views

CVE-2020-27041

In CVE-2020-27041, the issue is in Android 11’s ConnectivityService.java showProvisioningNotification where an unsafe PendingIntent could allow local information disclosure of notification data without extra privileges or user interaction. The vulnerability is a local disclosure due to PendingInt...

5.5CVSS5.8AI score0.00134EPSS
CVE
CVE
added 2020/12/15 4:6 p.m.41 views

CVE-2020-27052

CVE-2020-27052 concerns Android 11 where in ActivityRecord.java, the getLockTaskLaunchMode path allows any app to start in Lock Task Mode via a permissions bypass. The documented impact is local elevation of privilege without additional execution privileges or user interaction. Connected sources ...

7.8CVSS8.1AI score0.00134EPSS
CVE
CVE
added 2020/12/15 4:17 p.m.41 views

CVE-2020-27056

CVE-2020-27056 affects Android 11 with a missing permission check in SELinux MLS policies that can disclose local package-metadata information without extra privileges. The issue is confirmed as a local information-disclosure vulnerability; no exploitation details are provided in the documents. R...

3.3CVSS4.5AI score0.00132EPSS
CVE
CVE
added 2020/12/18 8:44 a.m.41 views

CVE-2020-35552

CVE-2020-35552 involves the GPS daemon on Samsung mobile devices with non-Qualcomm chipsets (O 8.x, P 9.0, Q 10.0). The vulnerability arises from an incorrect configuration file in the GPS service, allowing an attacker to obtain sensitive location information. Connected records confirm the affect...

5.3CVSS5.2AI score0.00336EPSS
CVE
CVE
added 2021/03/10 4:11 p.m.41 views

CVE-2021-0385

CVE-2021-0385 affects Android 11, specifically the ConnectToNetworkNotificationBuilder.java path (createConnectToAvailableNetworkNotification). The issue allows a local elevation of privilege via connection to untrusted Wi‑Fi networks triggered by notification interaction above the lockscreen, wi...

7.8CVSS7.7AI score0.00114EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.41 views

CVE-2021-0411

CVE-2021-0411 affects the MediaTek flv extractor. The vulnerability is an out-of-bounds read caused by an integer overflow in the component, enabling local information disclosure without additional execution privileges or user interaction. Mitigation/patch reference: ALPS05561362 (Issue ID ALPS05...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/09/27 11:20 a.m.41 views

CVE-2021-0422

CVE-2021-0422 concerns the memory management driver in MediaTek-based systems. The issue is a missing bounds check that can cause a system crash, enabling local denial of service without requiring user interaction. Multiple documents confirm the root cause and the potential impact (local DoS, hig...

5.5CVSS5.4AI score0.00106EPSS
CVE
CVE
added 2021/09/27 11:20 a.m.41 views

CVE-2021-0424

The CVE-2021-0424 entry concerns a Mediatek device where the in memory management driver has a missing bounds check, enabling a local denial-of-service due to a system crash. Exploitation requires local access with no user interaction. The patch reference is ALPS05403499 (Issue ALPS05393787). Con...

5.5CVSS5.4AI score0.00106EPSS
CVE
CVE
added 2021/04/15 12:53 p.m.41 views

CVE-2021-0488

CVE-2021-0488 affects Android with an out-of-bounds write in the nanopb-related code path (pb_write in pb_encode.c) due to a missing bounds check. The impact is local elevation of privilege, requiring local access and yielding System privileges; user interaction is not needed. Several connected s...

7.2CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.41 views

CVE-2021-0498

The CVE-2021-0498 entry concerns Android’s memory management driver, where a double free can cause memory corruption leading to local escalation of privilege with no required user interaction. The issue is described consistently across multiple connected sources (including NVD, Red Hat, CNVD, PRI...

7.8CVSS7.8AI score0.00129EPSS
CVE
CVE
added 2021/11/18 2:55 p.m.41 views

CVE-2021-0621

In the asf extractor component, CVE-2021-0621 describes a possible out-of-bounds read caused by an integer overflow. This could lead to local information disclosure without requiring user interaction or additional execution privileges. A patch is available (ALPS05489178; ALPS05561383). The issue ...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/11/18 2:55 p.m.41 views

CVE-2021-0622

CVE-2021-0622 pertains to the asf extractor and involves a heap-based out-of-bounds read that can disclose local information without extra privileges or user interaction. Exploitation is described as local. Patch ID: ALPS05489178; Issue ID: ALPS05561388. Connected sources describe the vulnerabili...

5.5CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2021/10/25 1:17 p.m.41 views

CVE-2021-0634

CVE-2021-0634 affects MediaTek’s display driver; vulnerability arises from memory corruption due to uninitialized data, enabling local privilege escalation to SYSTEM with no user interaction. Connected sources (Red Hat, NVD, CVE records) confirm the issue and reference patch ALPS05594994 (Issue A...

7.2CVSS6.8AI score0.0012EPSS
CVE
CVE
added 2021/06/11 2:33 p.m.41 views

CVE-2021-25412

The CVE-2021-25412 entry concerns an improper access control flaw in genericssoservice before Samsung SMR JUN-2021 Release 1. The vulnerability enables local attackers to perform protected activities with system privileges via untrusted applications, due to insufficient access restrictions on sen...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2021/09/09 6:5 p.m.41 views

CVE-2021-25462

CVE-2021-25462 describes a NULL pointer dereference in Samsung NPU driver prior to SMR Sep-2021 Release 1, leading to memory corruption. The vulnerability is local (attack vector: LOCAL) with low attack complexity per CVSS v3.1, and impacts memory integrity/availability as specified. Affected com...

5.5CVSS5.4AI score0.00118EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.41 views

CVE-2022-38685

CVE-2022-38685 affects UNISOC chipsets’ Bluetooth service module, where a missing privilege check in the Bluetooth service could allow local denial of service without extra execution privileges. The issue is documented across multiple sources (NVD/NVD mirror and related catalogs) with this root c...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.41 views

CVE-2022-39113

The CVE-2022-39113 entry involves a missing permission check in the Music service that could allow local denial of service without extra privileges. Connected documents corroborate a local impact but do not provide concrete product/version details for the Music service itself. Some sources refere...

5.5CVSS5.4AI score0.00097EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.41 views

CVE-2022-47491

CVE-2022-47491 concerns the UNISOC-soter service, where a missing bounds check enables an out-of-bounds write. This could yield local denial of service with execution privileges required. The NVD notes a CVSS v3.1 base score of 4.4 (MEDIUM); attack vector LOCAL, privilege requirement HIGH, and av...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.41 views

CVE-2022-47499

CVE-2022-47499 affects the soter service in UNISOC chipsets, with the root cause being a missing bounds check that enables an out-of-bounds write. This can lead to local denial of service with SYSTEM privileges required. The issue is documented across multiple sources (NVD/Red Hat PRION/CVE lists...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.41 views

CVE-2022-48389

CVE-2022-48389 affects the modem control device in Unisoc chipsets. Root cause: a missing bounds check enables an out-of-bounds write. Impact: local denial of service with SYSTEM privileges (high-impact write, per CVSS 3.1 vector). Exploitation details are not provided in the connected documents;...

4.4CVSS4.7AI score0.00121EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.41 views

CVE-2022-48439

The CVE-2022-48439 entry concerns the cp_dump driver, where a missing bounds check enables an out-of-bounds write. This can lead to a local denial of service with SYSTEM-level execution privileges required. Public sources confirm the impact includes availability risk, with confidentiality/integri...

4.4CVSS4.7AI score0.00092EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.41 views

CVE-2022-48446

The CVE-2022-48446 entry describes a vulnerability in the telephony service where a missing permission check can lead to local denial of service without requiring extra privileges. Reports from multiple sources (NVD, Red Hat, PRION, CVE lists, and vulnerability enrichments) consistently state the...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.41 views

CVE-2023-20641

The CVE-2023-20641 vulnerability affects the ril module in MediaTek chips, caused by a missing bounds check that enables an out-of-bounds write. It can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed. A patch is available (ALPS076...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.41 views

CVE-2023-20768

CVE-2023-20768 affects ion, with an out-of-bounds read caused by type confusion that can lead to local privilege escalation (System execution privileges required). Exploitation details are not provided in the available documents. A patch is identified (Patch ID ALPS07560720; Issue ALPS07559800).

6.7CVSS6.6AI score0.00114EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.41 views

CVE-2023-20772

CVE-2023-20772 affects the vow component, where a missing permission check enables local escalation of privilege without requiring user interaction. The issue can be exploited locally to gain higher privileges, as indicated by the CVSS data (LOCAL vector, high confidentiality/integrity/availabili...

6.7CVSS6.7AI score0.0011EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.41 views

CVE-2023-20773

CVE-2023-20773 affects vow with a missing permission check that enables local privilege escalation. Documented impact is local escalation without extra execution privileges; user interaction is not required. Reported affected hardware in related sources includes MediaTek chips (e.g., MT6580, MT67...

7.8CVSS7.6AI score0.00104EPSS
Total number of security vulnerabilities8153