Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/07/04 1:44 a.m.41 views

CVE-2023-20772

CVE-2023-20772 affects the vow component, where a missing permission check enables local escalation of privilege without requiring user interaction. The issue can be exploited locally to gain higher privileges, as indicated by the CVSS data (LOCAL vector, high confidentiality/integrity/availabili...

6.7CVSS6.7AI score0.0011EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.41 views

CVE-2023-20773

CVE-2023-20773 affects vow with a missing permission check that enables local privilege escalation. Documented impact is local escalation without extra execution privileges; user interaction is not required. Reported affected hardware in related sources includes MediaTek chips (e.g., MT6580, MT67...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.41 views

CVE-2023-20807

CVE-2023-20807 affects MediaTek’s dpe component, where a missing bounds check enables an out-of-bounds write. This is described as a local escalation of privilege with System execution privileges required, and no user interaction is needed for exploitation. The issue is associated with the dpe mo...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.41 views

CVE-2023-20814

The CVE-2023-20814 issue is described as an out-of-bounds write in the MediaTek WLAN service caused by improper input validation, enabling local escalation to SYSTEM with no user interaction. Affected software is MediaTek WLAN components; root cause is a buffer/bounds check failure. Impact is loc...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.41 views

CVE-2023-30863

CVE-2023-30863 concerns the Connectivity Service and cites a missing permission check as the root cause. The vulnerability enables local escalation of privilege with no additional execution privileges, matching CVSS 3.1 metrics: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 7.8). The connected ...

7.8CVSS7.7AI score0.00086EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.41 views

CVE-2023-30915

CVE-2023-30915 : The issue is a missing permission check in the email service , enabling possible local information disclosure without extra execution privileges. The NVD entry lists a CVSS v3.1 base score of 5.5 (MEDIUM), with LOCAL attack vector, LOW attack complexity and LOW privileges require...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.41 views

CVE-2023-30916

CVE-2023-30916 concerns a missing permission check in DMService that could enable local privilege escalation with no extra privileges required. Public sources reference DMService across several Unisoc (UNISOC) chipsets, including SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616...

7.8CVSS7.7AI score0.00081EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.41 views

CVE-2023-30917

CVE-2023-30917 affects DMService in Unisoc chipsets (e.g., SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, etc.) due to a missing permission check, enabling local privilege escalation with no additional privileges. NVD data shows CVSS v3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base...

7.8CVSS7.7AI score0.00081EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.41 views

CVE-2023-30929

CVE-2023-30929 describes a local privilege escalation in the telephony service due to a missing permission check. Connected sources link this to UNISOC chipset telephony implementations (e.g., SC98xx/SC77xx/T610 and related models) and similar Red Hat/NVD entries reiterate the local-privilege imp...

7.8CVSS7.7AI score0.00081EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.41 views

CVE-2023-32853

CVE-2023-32853 describes a possible out-of-bounds write in the rpmb module that could enable local privilege escalation with System-level privileges; no user interaction is required for exploitation. The description states a missing bounds check as the root cause. Patch ID: ALPS07648764; Issue ID...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.41 views

CVE-2023-32854

CVE-2023-32854 affects MediaTek devices via the ril module, with an out-of-bounds write caused by a missing bounds check. This can enable local escalation of privileges to SYSTEM level without user interaction. Patch: ALPS08240132 (Issue ALPS08240132) is referenced as the remediation. No exploita...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.41 views

CVE-2023-32870

CVE-2023-32870 affects the display drm module (MediaTek context from multiple sources). The vulnerability is caused by a missing bounds check, leading to an out-of-bounds read. Implications are local escalation of privilege with SYSTEM-level execution required; exploitation does not require user ...

6.7CVSS6.6AI score0.00111EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.41 views

CVE-2023-33890

CVE-2023-33890 concerns a missing permission check in the telephony service, enabling local information disclosure without extra privileges. Multiple sources (including UNISOC-related disclosures) consistently attribute the issue to the telephony component, with an attack vector classified as LOC...

5.5CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.41 views

CVE-2023-38444

CVE-2023-38444 concerns the vowifiservice component, where a missing permission check is the root cause. This enables local privilege escalation with no additional execution privileges, with an attack vector localized to the host. The connected documents confirm the issue and its impact but do no...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.41 views

CVE-2023-40646

CVE-2023-40646 affects UNISOC chipsets’ Messaging component where a missing permission check could allow local information disclosure without requiring additional execution privileges. The NVD entry reports a CVSS v3.1 base score of 5.5 (Impact: Confidentiality High; Privileges Required Low; Atta...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.41 views

CVE-2023-42671

The CVE-2023-42671 issue affects imsservice and stems from a missing permission check, allowing an app to write permission usage records and potentially disclose information locally. This is a local information disclosure vulnerability with no additional execution privileges required. Affected co...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.41 views

CVE-2023-42690

CVE-2023-42690 concerns a missing permission check in the wifi service of UNISOC chipsets, enabling local escalation of privilege with no additional execution privileges required. The NVD entry rates this as CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (base score 7.8, HIGH). Connected documents...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.41 views

CVE-2023-42693

CVE-2023-42693 : The issue is a missing permission check in the wifi service of UNISOC chipsets, enabling local escalation of privilege with no extra execution privileges required. Connected sources confirm the affected component as the wifi service and describe the impact as local privilege elev...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.41 views

CVE-2023-42716

CVE-2023-42716 involves a missing permission check in the telephony service, enabling potential remote information disclosure over the network without privileges or user interaction. Connected documents reference UNISOC chipsets and the telephony service as affected, with the core issue being ins...

7.5CVSS7.2AI score0.00445EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.41 views

CVE-2023-42741

Summary (supported by provided documents): CVE-2023-42741 concerns a telecom service vulnerability, arising from a missing permission check that enables writing an app’s permission usage records. This can cause local information disclosure without additional execution privileges. Documents consis...

5.5CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2023/09/27 2:10 p.m.41 views

CVE-2023-44129

Summary: CVE-2023-44129 affects LG-patched Android Messaging (com.android.mms) via the exported activity com.android.mms.ui.QClipIntentReceiverActivity. An attacker can trigger the activity, broadcast the action com.lge.message.action.QCLIP, and send their own data with Intent.FLAG_GRANT_*; the p...

3.6CVSS4AI score0.00094EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.41 views

CVE-2023-48354

CVE-2023-48354 concerns UNISOC chipsets with a weakness in the telephone service caused by improper input validation. The underlying issue allows local information disclosure without requiring additional execution privileges. The Red Hat/NVD entries describe the same problem but do not specify af...

5.5CVSS5.2AI score0.00082EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.41 views

CVE-2023-48357

CVE-2023-48357 affects the Unisoc vsp driver. The root cause is a missing bounds check that enables an out-of-bounds write, leading to local denial of service with system execution privileges required. Based on connected docs, affected component is the vsp driver; exploitation status is not detai...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.41 views

CVE-2024-20113

The CVE-2024-20113 entry concerns the MediaTek chipset component “ccu,” where a missing bounds check can cause an out-of-bounds write. This leads to local privilege escalation with SYSTEM execution privileges required, and no user interaction is needed for exploitation. Multiple connected sources...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/10/08 6:30 a.m.41 views

CVE-2024-34663

CVE-2024-34663 concerns an integer overflow in libSEF.quram.so present on Samsung Mobile devices prior to SMR Oct-2024 Release 1. The issue enables local attackers to perform out-of-bounds memory writes, with a local attack vector and no user interaction required. Publicly documented impact indic...

5.5CVSS7.1AI score0.0008EPSS
CVE
CVE
added 2025/09/04 7:39 p.m.41 views

CVE-2025-32322

CVE-2025-32322 concerns a vulnerability in the Wear OS/Android platform involving onCreate in a media projection flow (MediaProjectionPermissionActivity.java). The issue arises from improper input validation that could allow a malicious app to obtain a token enabling unauthorized screen recording...

7.8CVSS6.3AI score0.00078EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.41 views

CVE-2026-0087

CVE-2026-0087 : The connected sources identify a logic error in Android’s DomainVerificationService.java (approvalLevelForDomainInternal) that could allow hijacking an arbitrary app link, enabling local privilege escalation without user interaction. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:...

7.8CVSS6AI score0.00082EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.40 views

CVE-2014-9891

CVE-2014-9891 affects the Qualcomm qseecom driver (drivers/misc/qseecom.c) in Android on Nexus 5 devices prior to 2016-08-05. The issue arises from not validating certain buffer addresses, allowing a local attacker to escalate privileges via a crafted application that invokes an ioctl call. Impac...

9.3CVSS7.6AI score0.0053EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.40 views

CVE-2015-9049

CVE-2015-9049 is corroborated by connected sources describing an input-validation vulnerability in Qualcomm’s closed‑source components (USIM handling) within Android CAF Linux environments. CNVD-2017-26834 outlines an unauthorized-operations flaw in the Qualcomm Android component causing remote e...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.40 views

CVE-2016-10236

CVE-2016-10236 describes an information-disclosure vulnerability in the Qualcomm USB driver affecting Android devices with affected Android kernel components. The NVD entry characterizes the issue as a local information exposure in the Qualcomm USB driver, with Pixel and Pixel XL listed among aff...

4.3CVSS4.6AI score0.00421EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.40 views

CVE-2016-2440

CVE-2016-2440 affects Android’s Binder component, specifically the code path in libs/binder/IPCThreadState.cpp within Binder. The description indicates that object references are mishandled, allowing a crafted application to gain privileges (elevation of privilege) on affected Android versions. A...

9.3CVSS7.4AI score0.00464EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.40 views

CVE-2016-2490

CVE-2016-2490 is an elevation-of-privilege flaw in the NVIDIA camera driver on Android for Nexus 9, allowing a crafted app to run with kernel context privileges. The Android June 2016 bulletin indicates patches were issued for Nexus devices; specific remediation for Nexus 9 is part of that update...

9.3CVSS8AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.40 views

CVE-2016-3745

CVE-2016-3745 describes multiple buffer overflows in Android’s Mediaserver that enable privilege escalation via a crafted application passing an AudioEffect reply, allowing access to Signature or SignatureOrSystem. The issue affects Android 4.x up to 4.4.3 and versions 5.0.x up to 5.0.1, as well ...

9.8CVSS8.1AI score0.00579EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.40 views

CVE-2016-3749

The CVE affects Android 6.x (LockSettingsService) where server/LockSettingsService.java could be manipulated by a crafted application to change the screen-lock password or pattern. The root cause is an internal bug (28163930) in LockSettingsService that allows a local attacker to bypass user inte...

8.4CVSS7.6AI score0.00269EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.40 views

CVE-2016-3757

CVE-2016-3757 affects Android: the print_maps function in toolbox/lsof.c on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x before 2016-07-01 allows a user-assisted attacker to gain privileges by a crafted app that lists a long memory-mapped file name (internal bug 28175237...

7CVSS7AI score0.00217EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.40 views

CVE-2016-3769

CVE-2016-3769 refers to an elevation-of-privilege in the NVIDIA video driver on Android, specifically affecting Nexus 9 devices running versions prior to 2016-07-05. A crafted application can elevate privileges to compromise the kernel context. The Android security bulletin for 2016-07-01 / 2016-...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.40 views

CVE-2016-3804

CVE-2016-3804 describes a privilege-escalation in the MediaTek power management driver on Android One devices, prior to 2016-07-05. The root cause is a vulnerability in the MediaTek power management driver that could be exploited by a crafted app to gain higher privileges within the kernel. Affec...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.40 views

CVE-2016-3816

CVE-2016-3816 : Information disclosure in the MediaTek display driver on Android One devices, prior to 2016-07-05. A crafted application can access sensitive data via Mediaserver/display driver interaction. No exploitation details are provided beyond the Android bug reference. Mitigation: apply t...

5.5CVSS5.5AI score0.00352EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.40 views

CVE-2016-3905

CVE-2016-3905 affects the Qualcomm Wi‑Fi driver (CORE/HDD/wlan_hdd_main.c) in Android, before the 2016-10-05 patch, on Nexus 5X. A crafted application sending SENDACTIONFRAME can elevate privileges locally. The issue is documented with a High impact (CVE-2016-3905) and a CVSS3 base score of 7.8, ...

9.3CVSS8AI score0.00513EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.40 views

CVE-2016-3908

CVE-2016-3908 — Android Lock Settings Service bypass The vulnerability affects the Lock Settings Service in Android 6.x (before 2016-10-01) and Android 7.0 (before 2016-10-01). A local attacker could clear the device PIN/password via a crafted application, thereby gaining privileges. The issue is...

5.5CVSS6.2AI score0.00369EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.40 views

CVE-2016-6696

CVE-2016-6696 affects sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in the Qualcomm QDSP6v2 driver used by Android. The issue allows denial of service (and potentially unspecified impact) when a large negative value is used for the data length, described as Qualcomm internal bug CR 1041130. Connecte...

9.8CVSS9.5AI score0.00949EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.40 views

CVE-2016-8472

CVE-2016-8472 describes an information-disclosure vulnerability in the MediaTek driver on Android. The issue could allow a local malicious application to access data outside its permission levels by exploiting the MediaTek driver after compromising a privileged process. Affected product class is ...

4.7CVSS4.4AI score0.00317EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.40 views

CVE-2017-6424

CVE-2017-6424 is an elevation of privilege in the Qualcomm Wi‑Fi driver affecting Android kernel. Connected sources confirm a local exploit path in the Qualcomm Wi‑Fi stack and list affected devices as Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player with updates released for the 2017-04-01 pat...

7CVSS7.3AI score0.00183EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.40 views

CVE-2017-9708

The CVE-2017-9708 issue affects Android for MSM (and related CAF builds) in the camera driver. The race condition stems from msm_ois_power_down being invoked without a mutex, causing a race in the *reg_ptr variable within msm_camera_config_single_vreg. Impact is described as a race condition with...

7CVSS6.5AI score0.00098EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.40 views

CVE-2018-11826

CVE-2018-11826 causes a buffer overflow in the WLAN ext scan handler due to a missing check for integer overflow during memory size calculations in CAF Android/Linux kernel components. Affected: Qualcomm WLAN HOST (Android CAF stack). The issue is documented across multiple sources (NVD entry and...

7.8CVSS7.5AI score0.00208EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.40 views

CVE-2018-11988

CVE-2018-11988 affects CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android) via a Linux kernel issue described as an untrusted pointer dereference when accessing a variable that has already been freed. The vulnerability is classed as a Local attack with medium to high impact, dep...

7.8CVSS7.4AI score0.00141EPSS
CVE
CVE
added 2020/04/08 2:47 p.m.40 views

CVE-2018-21083

CVE-2018-21083 affects Samsung mobile devices running M/N/O (6.0/7.x/8.0) on Exynos or Qualcomm chipsets. The issue is an information disclosure of a kernel address via trustonic_tee. Evidence across multiple sources (NVD entry, Red Hat advisory, CVE listing) confirms the vulnerability descriptio...

7.5CVSS7.2AI score0.00413EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.40 views

CVE-2018-3564

CVE-2018-3564 affects the FastRPC driver in CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue is a Use-After-Free when mapping on the remote processor fails, potentially impacting components such as DSP_Services. The description notes that thi...

7.8CVSS7.3AI score0.00186EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.40 views

CVE-2018-3598

In CVE-2018-3598, the affected components are Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels prior to the 2018-04-05 patch level. The root cause is insufficient validation of parameters from userspace in the camera_v2 driver, leading to an information...

7.5CVSS7AI score0.00439EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.40 views

CVE-2018-5823

CVE-2018-5823 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android on CAF Android kernels prior to the 2018-04-05 patch level. The vulnerability is due to improper buffer length validation in the extscan hotlist event, leading to a potential buffer overflow. The NVD/NVD-affiliate...

7.8CVSS7.2AI score0.0016EPSS
Total number of security vulnerabilities8153