8153 matches found
CVE-2023-21121
CVE-2023-21121 affects Android 11–12 and concerns an input validation issue in the onResume method of AppManagementFragment.java. The underlying problem could allow local elevation of privilege without additional execution privileges or user interaction. Exploitation is described as local (attack...
CVE-2023-21123
CVE-2023-21123 affects multiple Android versions (11–13). The issue is a bypass of the DISALLOW_DEBUGGING_FEATURES restriction in tracing due to a missing permission check in several functions/files, enabling local elevation of privilege without extra execution privileges. Reported impact is elev...
CVE-2023-21251
CVE-2023-21251 affects the Android Framework, specifically the onCreate path in ConfirmDialog.java . The issue describes an improper input validation that could permit a connection to VNP without user consent, yielding a local elevation of privilege (requires user interaction). The impact is cons...
CVE-2019-2103
CVE-2019-2103 affects Android 9 Framework. It describes a permissions bypass that could allow the Google Assistant to screenshot FLAG_SECURE apps, leading to local information disclosure without user interaction. The Android Security Bulletin lists CVE-2019-2103 under Framework with Type ID and H...
CVE-2022-20471
CVE-2022-20471 involves an out-of-bounds read in SendIncDecRestoreCmdPart2 of NxpMfcReader.cc due to a missing bounds check. This can lead to local information disclosure on affected Android versions (Android 11–13). The issue does not require user interaction and does not grant remote code execu...
CVE-2022-20483
CVE-2022-20483 affects Android devices (Android 10–13 per the bulletin). Root cause: out-of-bounds reads caused by integer overflows in avrc_pars_ct.cc when parsing avrc responses. Impact: remote information disclosure without authentication or user interaction. Exploitation details are not provi...
CVE-2023-21113
CVE-2023-21113 is an Android System elevation-of-privilege vulnerability caused by a confused deputy, enabling local escalation with no user interaction. Affected: Android devices; payload in multiple locations. Evidence in Android Security Bulletin shows updated AOSP versions (12, 12L, 13) and p...
CVE-2024-23712
CVE-2024-23712 affects Android’s AppOpsService.java. It describes a potential DoS by saturating /data/system/appops_accesses.xml due to resource exhaustion. Exploitation is local with no privileges and no user interaction required. Android bulletin context indicates fixes in patch levels 2024-04-...
CVE-2017-13151
CVE-2017-13151 is a remote code execution in Android’s Media framework (libmpeg2) affecting Android 6.0–8.0. The Android Security Bulletin (Dec 2017) classifies the Media framework vulnerability as critical (RCE) and links to patches in the 2017-12-01/2017-12-05 update levels. Affected codecs inc...
CVE-2017-13322
CVE-2017-13322 is an Android DoS vulnerability in the system component (PhoneInterfaceManager.java) due to a logic error in endCallForSubscriber that can prevent emergency services access locally, with no user interaction required. Affected: Google Pixel/Nexus devices (Android framework/system). ...
CVE-2020-0079
CVE-2020-0079 affects the Android Media framework (Android 9 and 10). The vulnerability is a local elevation of privilege in CryptoPlugin.cpp, via an out-of-bounds write caused by a stale pointer in the decrypt_1_2 path. Exploitation requires local access (no user interaction) and could allow a p...
CVE-2021-0515
CVE-2021-0515 : In Android, there is an out-of-bounds write due to an incorrect bounds check in Factory::CreateStrictFunctionMap (factory.cc). This can cause remote code execution in an unprivileged process with no additional privileges and without user interaction. Affected: Android versions 8.1...
CVE-2021-0519
CVE-2021-0519 is a Android Media Framework vulnerability disclosed in the August 2021 Android bulletin. The issue is described as an Escalation of Privilege and Information Disclosure in the Media Framework (Media Codecs) that could allow a local attacker to bypass OS protections with no user int...
CVE-2022-20349
CVE-2022-20349 affects Android 10–12(12L) and concerns the WifiScanningPreferenceController and BluetoothScanningPreferenceController. The issue is a possible admin restriction bypass caused by a missing permission check, enabling local elevation of privilege with no additional execution privileg...
CVE-2022-20410
The CVE-2022-20410 entry concerns Android: In avrc_ctrl_pars_vendor_rsp in avrc_pars_ct.cc, an out-of-bounds read caused by an integer overflow could enable remote information disclosure without extra privileges or user interaction. Affected: Android 10–13 (Android-10, -11, -12, -12L, -13). Impac...
CVE-2022-20426
CVE-2022-20426 affects Android 10–13, with a DoS condition caused by resource exhaustion in multiple functions across many files that can block a user from selecting a phone account. The impact is local denial of service with no privileges or user interaction required. The vulnerability is docume...
CVE-2022-20491
CVE-2022-20491 affects Android devices via the NotificationChannel.java component. The issue is a resource exhaustion bug that can cause a failure to persist permission settings, enabling local elevation of privilege without user interaction. Affected: Android 10–13 (Android-10/11/12/12L/13). Imp...
CVE-2022-20495
CVE-2022-20495 affects Android 10–13 in Android’s AccessibilityManager.getEnabledAccessibilityServiceList due to a logic error that can hide an accessibility service, enabling local privilege escalation without extra privileges or user interaction. PT-Security documentation (PT-2022-14708) provid...
CVE-2022-20501
CVE-2022-20501 affects Android by described tapjacking/overlay in EnableAccountPreferenceActivity.onCreate, enabling a malicious phone account and potential local elevation of privilege. Affected: Android 10–13 (Android-10, -11, -12, -12L, -13). No exploit details provided in the supplied documen...
CVE-2022-21768
The CVE-2022-21768 entry corresponds to a Bluetooth buffer overflow (out-of-bounds write) caused by a missing bounds check, enabling local elevation of privilege with no user interaction. Public documents reference a patch ID ALPS06784351/ALPS06784351 and indicate this affects MediaTek Bluetooth ...
CVE-2023-20696
CVE-2023-20696 affects MediaTek MT6880/MT6890 preloader. The flaw is an out-of-bounds write caused by a missing bounds check in the preloader, enabling local elevation of privilege with System privileges and no user interaction required. Reported impact is high for confidentiality, integrity, and...
CVE-2023-20935
CVE-2023-20935 affects Android 11–13. It describes an out-of-bounds read caused by a missing bounds check during deserialization of multiple files, leading to local information disclosure without needing user interaction. Root cause: bounds-check omission in the deserialize path of the multiple f...
CVE-2023-21139
CVE-2023-21139 is tied to Android 13 in the SysUI component, where the unsafe Intent in the MediaControlPanel.java function bindPlayer can launch a privileged activity. This creates a local elevation-of-privilege risk with no extra execution privileges and no user interaction required for exploit...
CVE-2023-21286
CVE-2023-21286 affects Android’s RemoteViews.java, specifically the visitUris path. The issue is described as a missing permission check that could allow a local attacker to reveal images across users, resulting in local escalation of privilege without requiring extra execution privileges. The ex...
CVE-2020-0080
CVE-2020-0080: In Android 10 Framework, a flaw in AppOpsControllerImpl.java (onOpActiveChanged and related methods) could allow an app to display an overlay over other apps without the overlay notification icon, enabling local elevation of privilege with user interaction required. Affected compon...
CVE-2021-0322
CVE-2021-0322 affects Android, specifically SlicePermissionActivity.java. In onCreate, an input-validation issue could cause a misleading string to be displayed, potentially enabling local information disclosure. The vulnerability requires user interaction for exploitation and affects Android 9–1...
CVE-2022-20110
CVE-2022-20110 affects the MediaTek ion component, where a race-condition triggers a use-after-free, enabling local elevation of privilege with no user interaction. Patch ALPS06399915/ALPS06399901 is referenced; Android bulletin materials indicate related SPL updates. Exploit code/details are not...
CVE-2022-20398
CVE-2022-20398 affects Android 13 via addOrUpdateNetwork in WifiServiceImpl.java. A permissions bypass could let a guest user configure Wi‑Fi, enabling local escalation of privilege with User execution privileges needed and no user interaction required. CVSS: LOCAL, HIGH impact (C/H/I/A). Exploit...
CVE-2022-20470
CVE-2022-20470 affects Android where bindRemoteViewsService in AppWidgetServiceImpl.java can bypass background activity launch due to improper input validation, enabling local elevation of privilege without extra privileges. Affected: Android 10–13 (per README). Connected documents corroborate th...
CVE-2022-20478
CVE-2022-20478 affects the Android NotificationChannel implementation (NotificationChannel.java) with a likely resource-exhaustion related failure to persist permissions, enabling local elevation of privilege without extra execution privileges. Affected products/versions include Android-10 throug...
CVE-2023-20910
CVE-2023-20910 is an Android vulnerability in the WifiNetworkSuggestionsManager (Wifi) that allows a local DoS via resource exhaustion. Exploitation requires local access; no user interaction is needed. The issue is documented across multiple sources (NVD, OSV, Nessus/NCSC) with CVSSv3.1 metrics ...
CVE-2023-21092
Summary: CVE-2023-21092 affects Android 11–13. The issue arises in retrieveServiceLocked in ActiveServices.java, where input validation allows dynamically registering a BroadcastReceiver with system-app privileges. This enables local elevation of privilege with no extra execution privileges and n...
CVE-2024-0051
CVE-2024-0051 : The vulnerability is in onQueueFilled of SoftMPEG4.cpp, causing a possible out-of-bounds write due to a heap buffer overflow. The issue could lead to local elevation of privilege without requiring user interaction, as described across multiple sources (e.g., NVD/Red Hat CNVD/CVE l...
CVE-2024-43771
CVE-2024-43771 affects Android’s Bluetooth stack: in gatts_process_read_req() of gatt_sr.cc there is a missing bounds check, causing an out-of-bounds write that could enable remote (proximal/adjacent) code execution without extra privileges or user interaction. CVSSv3.1 vector: Adjacent access, L...
CVE-2019-2094
CVE-2019-2094 affects Android media framework (NuPlayerCCDecoder.cpp). The issue is a possible out-of-bounds write in parseMPEGCCData due to missing bounds checks, enabling remote code execution with no extra privileges and requiring user interaction to exploit. Impact is high (RCE, high confiden...
CVE-2020-0068
CVE-2020-0068 affects the Android kernel audio driver (msm-cirrus-playback.c) via crus_afe_get_param, causing an out-of-bounds read due to an integer overflow. This can lead to local information disclosure with System privileges required; exploitation does not require user interaction. Documented...
CVE-2020-0380
CVE-2020-0380 affects Android: a flaw in allocExcessBits (bitalloc.c) allows a remote out-of-bounds write due to an incorrect bounds check, enabling potential remote code execution without user interaction. Impacted Android versions include 8.0, 8.1, 9, 10, and 11. The issue is categorized under ...
CVE-2021-0310
CVE-2021-0310 affects Android 11 in the LazyServiceRegistrar component. The connected documents describe a memory corruption issue caused by a use-after-free in LazyServiceRegistrar.cpp, enabling local escalation of privilege with no additional execution privileges required and no user interactio...
CVE-2021-0336
CVE-2021-0336 (Android) affects Android 8.1–11. Root cause: a vulnerability in onReceive of BluetoothPermissionRequest.java allows a permissions bypass via a mutable PendingIntent, enabling local escalation of privilege by bypassing a permission check. Exploitation is described as requiring only ...
CVE-2022-20393
CVE-2022-20393 = Integer overflow in extract3GPPGlobalDescriptions (TextDescriptions.cpp) can trigger an out-of-bounds read, leading to local information disclosure from the media server. Affected: Android 11, Android 12, Android 12L. Root cause and impact are stated in multiple trusted sources; ...
CVE-2022-20449
CVE-2022-20449 affects Android 10–13, in the writeApplicationRestrictionsLAr path, where a path traversal flaw could overwrite system files, enabling local DoS with system privileges and no user interaction. Exploitation specifics are not detailed in the provided documents. Android bulletins note...
CVE-2022-20476
CVE-2022-20476 describes a vulnerability in Android where, in PackageManager.setEnabledSetting, a path could cause the device to enter an infinite reboot loop due to resource exhaustion. This leads to local denial of service with no additional privileges required. Affected are Android 10, 11, 12,...
CVE-2022-30711
The CVE-2022-30711 entry describes an improper validation vulnerability in Samsung Mobile FeedsInfo prior to SMR Jun-2022 Release 1. The issue, caused by insufficient input validation in FeedsInfo, can allow an attacker to launch certain activities. Affected product/component: Samsung Mobile Feed...
CVE-2023-20955
CVE-2023-20955 affects Android 11–13 and is triggered in the app component AppInfoDashboardFragment.java, in onPrepareOptionsMenu, due to a missing permission check. This enables local privilege escalation to uninstall apps for all users without user interaction. Conditions described in the linke...
CVE-2023-21093
CVE-2023-21093 concerns a path traversal in Android’s FileUtils.extractRelativePath that can let an attacker access files in directories belonging to other apps, enabling local elevation of privilege with no extra execution privileges and no user interaction. The vulnerability affects Android 11–...
CVE-2023-21112
CVE-2023-21112 relates to a missing bounds check in AnalyzeMfcResp of NxpMfcReader.cc, causing a possible out-of-bounds read that could disclose local information. Affected software includes Android 11–13 (Android devices relying on this component). The vulnerability enables information disclosur...
CVE-2023-21135
CVE-2023-21135 affects Google Android: the issue occurs in the onCreate path of NotificationAccessSettings.java, where improper input validation can cause a failure to persist notification settings. The underlying problem is an input validation defect in the code path that manages notification ac...
CVE-2023-21266
CVE-2023-21266 affects Android’s ActivityManagerService.java, describing a permissions bypass that could enable local escalation of privilege with no additional execution privileges required. Exploitation is stated to require no user interaction. The connected documents consistently frame this as...
CVE-2024-0047
CVE-2024-0047 corresponds to a DoS in Android (Android Open Source Project) caused by a logic error in UserManagerService.java: writeUserLP serializes a device policy with an incorrect tag, enabling local denial of service when policies are deserialized on reboot. Exploitation requires local acce...
CVE-2024-0049
CVE-2024-0049 is an Android framework elevation-of-privilege issue caused by an out-of-bounds heap buffer write. The NVD entry cites local EoP with no extra privileges or user interaction required. Android’s March 2024 security bulletin documents this CVE under the Framework cluster with fixes in...