Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/06/15 12:0 a.m.148 views

CVE-2023-21121

CVE-2023-21121 affects Android 11–12 and concerns an input validation issue in the onResume method of AppManagementFragment.java. The underlying problem could allow local elevation of privilege without additional execution privileges or user interaction. Exploitation is described as local (attack...

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.148 views

CVE-2023-21123

CVE-2023-21123 affects multiple Android versions (11–13). The issue is a bypass of the DISALLOW_DEBUGGING_FEATURES restriction in tracing due to a missing permission check in several functions/files, enabling local elevation of privilege without extra execution privileges. Reported impact is elev...

7.8CVSS7.7AI score0.00105EPSS
CVE
CVE
added 2023/07/12 11:32 p.m.148 views

CVE-2023-21251

CVE-2023-21251 affects the Android Framework, specifically the onCreate path in ConfirmDialog.java . The issue describes an improper input validation that could permit a connection to VNP without user consent, yielding a local elevation of privilege (requires user interaction). The impact is cons...

7.3CVSS7.3AI score0.00234EPSS
CVE
CVE
added 2019/09/05 9:35 p.m.147 views

CVE-2019-2103

CVE-2019-2103 affects Android 9 Framework. It describes a permissions bypass that could allow the Google Assistant to screenshot FLAG_SECURE apps, leading to local information disclosure without user interaction. The Android Security Bulletin lists CVE-2019-2103 under Framework with Type ID and H...

5.5CVSS5.1AI score0.00161EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.147 views

CVE-2022-20471

CVE-2022-20471 involves an out-of-bounds read in SendIncDecRestoreCmdPart2 of NxpMfcReader.cc due to a missing bounds check. This can lead to local information disclosure on affected Android versions (Android 11–13). The issue does not require user interaction and does not grant remote code execu...

5.5CVSS5AI score0.0013EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.147 views

CVE-2022-20483

CVE-2022-20483 affects Android devices (Android 10–13 per the bulletin). Root cause: out-of-bounds reads caused by integer overflows in avrc_pars_ct.cc when parsing avrc responses. Impact: remote information disclosure without authentication or user interaction. Exploitation details are not provi...

7.5CVSS7.1AI score0.00609EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.147 views

CVE-2023-21113

CVE-2023-21113 is an Android System elevation-of-privilege vulnerability caused by a confused deputy, enabling local escalation with no user interaction. Affected: Android devices; payload in multiple locations. Evidence in Android Security Bulletin shows updated AOSP versions (12, 12L, 13) and p...

7.8CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.147 views

CVE-2024-23712

CVE-2024-23712 affects Android’s AppOpsService.java. It describes a potential DoS by saturating /data/system/appops_accesses.xml due to resource exhaustion. Exploitation is local with no privileges and no user interaction required. Android bulletin context indicates fixes in patch levels 2024-04-...

5.5CVSS6.5AI score0.00085EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.146 views

CVE-2017-13151

CVE-2017-13151 is a remote code execution in Android’s Media framework (libmpeg2) affecting Android 6.0–8.0. The Android Security Bulletin (Dec 2017) classifies the Media framework vulnerability as critical (RCE) and links to patches in the 2017-12-01/2017-12-05 update levels. Affected codecs inc...

9.3CVSS8.4AI score0.01437EPSS
CVE
CVE
added 2025/01/17 11:6 p.m.146 views

CVE-2017-13322

CVE-2017-13322 is an Android DoS vulnerability in the system component (PhoneInterfaceManager.java) due to a logic error in endCallForSubscriber that can prevent emergency services access locally, with no user interaction required. Affected: Google Pixel/Nexus devices (Android framework/system). ...

10CVSS6.3AI score0.00155EPSS
CVE
CVE
added 2020/04/17 6:19 p.m.146 views

CVE-2020-0079

CVE-2020-0079 affects the Android Media framework (Android 9 and 10). The vulnerability is a local elevation of privilege in CryptoPlugin.cpp, via an out-of-bounds write caused by a stale pointer in the decrypt_1_2 path. Exploitation requires local access (no user interaction) and could allow a p...

7.8CVSS7.7AI score0.0015EPSS
CVE
CVE
added 2021/07/14 1:43 p.m.146 views

CVE-2021-0515

CVE-2021-0515 : In Android, there is an out-of-bounds write due to an incorrect bounds check in Factory::CreateStrictFunctionMap (factory.cc). This can cause remote code execution in an unprivileged process with no additional privileges and without user interaction. Affected: Android versions 8.1...

10CVSS9.3AI score0.01436EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.146 views

CVE-2021-0519

CVE-2021-0519 is a Android Media Framework vulnerability disclosed in the August 2021 Android bulletin. The issue is described as an Escalation of Privilege and Information Disclosure in the Media Framework (Media Codecs) that could allow a local attacker to bypass OS protections with no user int...

7.8CVSS7.1AI score0.00241EPSS
CVE
CVE
added 2022/08/09 8:22 p.m.146 views

CVE-2022-20349

CVE-2022-20349 affects Android 10–12(12L) and concerns the WifiScanningPreferenceController and BluetoothScanningPreferenceController. The issue is a possible admin restriction bypass caused by a missing permission check, enabling local elevation of privilege with no additional execution privileg...

7.8CVSS7.7AI score0.00092EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.146 views

CVE-2022-20410

The CVE-2022-20410 entry concerns Android: In avrc_ctrl_pars_vendor_rsp in avrc_pars_ct.cc, an out-of-bounds read caused by an integer overflow could enable remote information disclosure without extra privileges or user interaction. Affected: Android 10–13 (Android-10, -11, -12, -12L, -13). Impac...

7.5CVSS7AI score0.00609EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.146 views

CVE-2022-20426

CVE-2022-20426 affects Android 10–13, with a DoS condition caused by resource exhaustion in multiple functions across many files that can block a user from selecting a phone account. The impact is local denial of service with no privileges or user interaction required. The vulnerability is docume...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.146 views

CVE-2022-20491

CVE-2022-20491 affects Android devices via the NotificationChannel.java component. The issue is a resource exhaustion bug that can cause a failure to persist permission settings, enabling local elevation of privilege without user interaction. Affected: Android 10–13 (Android-10/11/12/12L/13). Imp...

7.8CVSS7.7AI score0.00168EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.146 views

CVE-2022-20495

CVE-2022-20495 affects Android 10–13 in Android’s AccessibilityManager.getEnabledAccessibilityServiceList due to a logic error that can hide an accessibility service, enabling local privilege escalation without extra privileges or user interaction. PT-Security documentation (PT-2022-14708) provid...

7.8CVSS7.6AI score0.00167EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.146 views

CVE-2022-20501

CVE-2022-20501 affects Android by described tapjacking/overlay in EnableAccountPreferenceActivity.onCreate, enabling a malicious phone account and potential local elevation of privilege. Affected: Android 10–13 (Android-10, -11, -12, -12L, -13). No exploit details provided in the supplied documen...

7.3CVSS7.2AI score0.00133EPSS
CVE
CVE
added 2022/07/06 1:5 p.m.146 views

CVE-2022-21768

The CVE-2022-21768 entry corresponds to a Bluetooth buffer overflow (out-of-bounds write) caused by a missing bounds check, enabling local elevation of privilege with no user interaction. Public documents reference a patch ID ALPS06784351/ALPS06784351 and indicate this affects MediaTek Bluetooth ...

8.8CVSS8.4AI score0.00335EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.146 views

CVE-2023-20696

CVE-2023-20696 affects MediaTek MT6880/MT6890 preloader. The flaw is an out-of-bounds write caused by a missing bounds check in the preloader, enabling local elevation of privilege with System privileges and no user interaction required. Reported impact is high for confidentiality, integrity, and...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.146 views

CVE-2023-20935

CVE-2023-20935 affects Android 11–13. It describes an out-of-bounds read caused by a missing bounds check during deserialization of multiple files, leading to local information disclosure without needing user interaction. Root cause: bounds-check omission in the deserialize path of the multiple f...

5.5CVSS5AI score0.00087EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.146 views

CVE-2023-21139

CVE-2023-21139 is tied to Android 13 in the SysUI component, where the unsafe Intent in the MediaControlPanel.java function bindPlayer can launch a privileged activity. This creates a local elevation-of-privilege risk with no extra execution privileges and no user interaction required for exploit...

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2023/08/14 9:6 p.m.146 views

CVE-2023-21286

CVE-2023-21286 affects Android’s RemoteViews.java, specifically the visitUris path. The issue is described as a missing permission check that could allow a local attacker to reveal images across users, resulting in local escalation of privilege without requiring extra execution privileges. The ex...

7.8CVSS7.7AI score0.00178EPSS
CVE
CVE
added 2020/04/17 6:19 p.m.145 views

CVE-2020-0080

CVE-2020-0080: In Android 10 Framework, a flaw in AppOpsControllerImpl.java (onOpActiveChanged and related methods) could allow an app to display an overlay over other apps without the overlay notification icon, enabling local elevation of privilege with user interaction required. Affected compon...

9.3CVSS7.7AI score0.00489EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.145 views

CVE-2021-0322

CVE-2021-0322 affects Android, specifically SlicePermissionActivity.java. In onCreate, an input-validation issue could cause a misleading string to be displayed, potentially enabling local information disclosure. The vulnerability requires user interaction for exploitation and affects Android 9–1...

5CVSS4.7AI score0.00161EPSS
CVE
CVE
added 2022/05/03 7:56 p.m.145 views

CVE-2022-20110

CVE-2022-20110 affects the MediaTek ion component, where a race-condition triggers a use-after-free, enabling local elevation of privilege with no user interaction. Patch ALPS06399915/ALPS06399901 is referenced; Android bulletin materials indicate related SPL updates. Exploit code/details are not...

7CVSS7AI score0.00078EPSS
CVE
CVE
added 2022/09/13 7:15 p.m.145 views

CVE-2022-20398

CVE-2022-20398 affects Android 13 via addOrUpdateNetwork in WifiServiceImpl.java. A permissions bypass could let a guest user configure Wi‑Fi, enabling local escalation of privilege with User execution privileges needed and no user interaction required. CVSS: LOCAL, HIGH impact (C/H/I/A). Exploit...

7.8CVSS7.6AI score0.00092EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.145 views

CVE-2022-20470

CVE-2022-20470 affects Android where bindRemoteViewsService in AppWidgetServiceImpl.java can bypass background activity launch due to improper input validation, enabling local elevation of privilege without extra privileges. Affected: Android 10–13 (per README). Connected documents corroborate th...

7.8CVSS7.7AI score0.00182EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.145 views

CVE-2022-20478

CVE-2022-20478 affects the Android NotificationChannel implementation (NotificationChannel.java) with a likely resource-exhaustion related failure to persist permissions, enabling local elevation of privilege without extra execution privileges. Affected products/versions include Android-10 throug...

7.8CVSS7.6AI score0.00169EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.145 views

CVE-2023-20910

CVE-2023-20910 is an Android vulnerability in the WifiNetworkSuggestionsManager (Wifi) that allows a local DoS via resource exhaustion. Exploitation requires local access; no user interaction is needed. The issue is documented across multiple sources (NVD, OSV, Nessus/NCSC) with CVSSv3.1 metrics ...

5.5CVSS5.3AI score0.00132EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.145 views

CVE-2023-21092

Summary: CVE-2023-21092 affects Android 11–13. The issue arises in retrieveServiceLocked in ActiveServices.java, where input validation allows dynamically registering a BroadcastReceiver with system-app privileges. This enables local elevation of privilege with no extra execution privileges and n...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.145 views

CVE-2024-0051

CVE-2024-0051 : The vulnerability is in onQueueFilled of SoftMPEG4.cpp, causing a possible out-of-bounds write due to a heap buffer overflow. The issue could lead to local elevation of privilege without requiring user interaction, as described across multiple sources (e.g., NVD/Red Hat CNVD/CVE l...

7.8CVSS7.2AI score0.00133EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.145 views

CVE-2024-43771

CVE-2024-43771 affects Android’s Bluetooth stack: in gatts_process_read_req() of gatt_sr.cc there is a missing bounds check, causing an out-of-bounds write that could enable remote (proximal/adjacent) code execution without extra privileges or user interaction. CVSSv3.1 vector: Adjacent access, L...

8.8CVSS7.2AI score0.00199EPSS
CVE
CVE
added 2019/06/07 7:34 p.m.144 views

CVE-2019-2094

CVE-2019-2094 affects Android media framework (NuPlayerCCDecoder.cpp). The issue is a possible out-of-bounds write in parseMPEGCCData due to missing bounds checks, enabling remote code execution with no extra privileges and requiring user interaction to exploit. Impact is high (RCE, high confiden...

9.3CVSS8.4AI score0.01092EPSS
CVE
CVE
added 2020/04/17 6:4 p.m.144 views

CVE-2020-0068

CVE-2020-0068 affects the Android kernel audio driver (msm-cirrus-playback.c) via crus_afe_get_param, causing an out-of-bounds read due to an integer overflow. This can lead to local information disclosure with System privileges required; exploitation does not require user interaction. Documented...

4.4CVSS5AI score0.00148EPSS
CVE
CVE
added 2020/09/17 3:22 p.m.144 views

CVE-2020-0380

CVE-2020-0380 affects Android: a flaw in allocExcessBits (bitalloc.c) allows a remote out-of-bounds write due to an incorrect bounds check, enabling potential remote code execution without user interaction. Impacted Android versions include 8.0, 8.1, 9, 10, and 11. The issue is categorized under ...

10CVSS9.3AI score0.02821EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.144 views

CVE-2021-0310

CVE-2021-0310 affects Android 11 in the LazyServiceRegistrar component. The connected documents describe a memory corruption issue caused by a use-after-free in LazyServiceRegistrar.cpp, enabling local escalation of privilege with no additional execution privileges required and no user interactio...

7.8CVSS7.8AI score0.00163EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.144 views

CVE-2021-0336

CVE-2021-0336 (Android) affects Android 8.1–11. Root cause: a vulnerability in onReceive of BluetoothPermissionRequest.java allows a permissions bypass via a mutable PendingIntent, enabling local escalation of privilege by bypassing a permission check. Exploitation is described as requiring only ...

7.8CVSS7.7AI score0.00259EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.144 views

CVE-2022-20393

CVE-2022-20393 = Integer overflow in extract3GPPGlobalDescriptions (TextDescriptions.cpp) can trigger an out-of-bounds read, leading to local information disclosure from the media server. Affected: Android 11, Android 12, Android 12L. Root cause and impact are stated in multiple trusted sources; ...

5.5CVSS5AI score0.00097EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.144 views

CVE-2022-20449

CVE-2022-20449 affects Android 10–13, in the writeApplicationRestrictionsLAr path, where a path traversal flaw could overwrite system files, enabling local DoS with system privileges and no user interaction. Exploitation specifics are not detailed in the provided documents. Android bulletins note...

4.4CVSS4.6AI score0.00146EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.144 views

CVE-2022-20476

CVE-2022-20476 describes a vulnerability in Android where, in PackageManager.setEnabledSetting, a path could cause the device to enter an infinite reboot loop due to resource exhaustion. This leads to local denial of service with no additional privileges required. Affected are Android 10, 11, 12,...

5.5CVSS5.3AI score0.00157EPSS
CVE
CVE
added 2022/06/07 5:53 p.m.144 views

CVE-2022-30711

The CVE-2022-30711 entry describes an improper validation vulnerability in Samsung Mobile FeedsInfo prior to SMR Jun-2022 Release 1. The issue, caused by insufficient input validation in FeedsInfo, can allow an attacker to launch certain activities. Affected product/component: Samsung Mobile Feed...

9.4CVSS9AI score0.00264EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.144 views

CVE-2023-20955

CVE-2023-20955 affects Android 11–13 and is triggered in the app component AppInfoDashboardFragment.java, in onPrepareOptionsMenu, due to a missing permission check. This enables local privilege escalation to uninstall apps for all users without user interaction. Conditions described in the linke...

7.8CVSS7.7AI score0.00196EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.144 views

CVE-2023-21093

CVE-2023-21093 concerns a path traversal in Android’s FileUtils.extractRelativePath that can let an attacker access files in directories belonging to other apps, enabling local elevation of privilege with no extra execution privileges and no user interaction. The vulnerability affects Android 11–...

7.8CVSS7.7AI score0.00101EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.144 views

CVE-2023-21112

CVE-2023-21112 relates to a missing bounds check in AnalyzeMfcResp of NxpMfcReader.cc, causing a possible out-of-bounds read that could disclose local information. Affected software includes Android 11–13 (Android devices relying on this component). The vulnerability enables information disclosur...

5.5CVSS5AI score0.00087EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.144 views

CVE-2023-21135

CVE-2023-21135 affects Google Android: the issue occurs in the onCreate path of NotificationAccessSettings.java, where improper input validation can cause a failure to persist notification settings. The underlying problem is an input validation defect in the code path that manages notification ac...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/10/06 6:48 p.m.144 views

CVE-2023-21266

CVE-2023-21266 affects Android’s ActivityManagerService.java, describing a permissions bypass that could enable local escalation of privilege with no additional execution privileges required. Exploitation is stated to require no user interaction. The connected documents consistently frame this as...

7.8CVSS7.8AI score0.00113EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.144 views

CVE-2024-0047

CVE-2024-0047 corresponds to a DoS in Android (Android Open Source Project) caused by a logic error in UserManagerService.java: writeUserLP serializes a device policy with an incorrect tag, enabling local denial of service when policies are deserialized on reboot. Exploitation requires local acce...

5.5CVSS6.5AI score0.00147EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.144 views

CVE-2024-0049

CVE-2024-0049 is an Android framework elevation-of-privilege issue caused by an out-of-bounds heap buffer write. The NVD entry cites local EoP with no extra privileges or user interaction required. Android’s March 2024 security bulletin documents this CVE under the Framework cluster with fixes in...

7.8CVSS7.3AI score0.00222EPSS
Total number of security vulnerabilities8153