8153 matches found
CVE-2025-48558
CVE-2025-48558 affects the Android BatteryService.java component, where multiple functions could enable implicit intent hijacking of a system app. This yields local elevation of privilege without extra privileges or user interaction. The connected documents confirm the vulnerability type and impa...
CVE-2026-0012
CVE-2026-0012 affects Android’s ExpandableNotificationRow.java (setHideSensitive) with a logic error causing a local information disclosure of contact names. Exploitation requires no user interaction and grants no privileges beyond local access; the issue is classified as information disclosure (...
CVE-2026-0034
CVE-2026-0034 affects Android, arising from improper input validation in setPackageOrComponentEnabled within ManagedServices.java, causing a possible notification policy desync and local privilege elevation with no extra execution privileges or user interaction required. The issue is described ac...
CVE-2015-9038
CVE-2015-9038 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel. Description: a NULL pointer may be dereferenced in the front end, caused by NULL pointer usage in the vulnerable path. Root cause: NULL pointer dereference. Impact: potential crash or denial of s...
CVE-2016-11035
CVE-2016-11035 affects Samsung mobile devices with Exynos AP chipsets; a local user can trigger a kernel crash via the fb0(DECON) frame buffer interface. Connected sources reiterate this description, but no further technical details (affected versions, root cause specifics, exploit information, o...
CVE-2016-3807
CVE-2016-3807 describes a privilege-escalation flaw in the serial peripheral interface (SPI) driver on Android devices: specifically affecting Nexus 5X and Nexus 6P, where a crafted application could gain elevated privileges due to a bug in the SPI driver. The issue is categorized as a local elev...
CVE-2016-3818
CVE-2016-3818 affects libc in Android 4.x prior to 4.4.4. A crafted file can trigger a denial of service, causing a device hang or reboot. Root cause: vulnerability in libc used by Android devices. Impact is limited to DoS (no remote code execution indicated in the provided data). Public remediat...
CVE-2016-3837
CVE-2016-3837 affects the Wi‑Fi stack in Android, specifically service/jni/com_android_server_wifi_WifiNative.cpp, allowing information disclosure via a crafted app that provides a MAC address with too few characters. Impacted Android versions include 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6...
CVE-2016-3870
CVE-2016-3870 concerns an elevation of privilege in Android Mediaserver. The flaw lies in omx/SimpleSoftOMXComponent.cpp within libstagefright, where input-port changes are not properly prevented. A crafted application could exploit this to gain privileges. Affected Android platforms include 4.x ...
CVE-2016-3878
Summary: CVE-2016-3878 affects Android 6.x Mediaserver, specifically decoder/ih264d_api.c in mediaserver, where decoding zero MBs is mishandled. This can allow a remote attacker to trigger a denial of service (device hang or reboot) via a crafted media file. Root cause (as stated): mishandling of...
CVE-2016-5862
CVE-2016-5862 affects Qualcomm-based Android for MSM codecs; the vulnerability arises when a codec control issued from userspace is cast to the container structure rather than the codec’s own structure. This type confusion can lead to a kernel crash and a subsequent device restart on affected Qua...
CVE-2016-6679
CVE-2016-6679 affects Qualcomm Wi‑Fi driver in Android on Nexus 5X and Android One devices, targeting CORE/HDD/src/wlan_hdd_hostapd.c. A crafted app calling setwpaie ioctl can disclose sensitive information. Affected OS versions are Android before 2016-10-05. The vulnerability is documented in th...
CVE-2016-6726
Technical details about CVE-2016-6726 are not provided in the supplied documents. The NVD record lists an unspecified vulnerability in Qualcomm components on Nexus 6/Android One. Monitor for updates.
CVE-2018-11909
CVE-2018-11909 describes an improper access-control issue in CAF-based Android builds (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel, where a device node/executable could be run from /cache/. The connected records do not provide concrete technical details about the vuln...
CVE-2018-11911
Affected software : Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built with CAF Linux kernel. Root cause : improper configuration of a script, as described in CNVD-2018-25313. Impact : potential unprivileged access / privilege access control vulnerability. References in con...
CVE-2018-11913
Technical details for CVE-2018-11913 are not publicly provided in the connected documents. The available records reiterate a generic issue related to dev node configuration in CAF/Linux kernel builds. Monitor for updates from official advisories.
CVE-2018-5889
CVE-2018-5889 affects Qualcomm bootloader components. The connected records classify it as a Local Elevation of Privilege (EoP) vulnerability in the bootloader, with a moderate severity. The issue is described as a buffer overflow occurring in Android releases from CAF when processing a compresse...
CVE-2018-5908
CVE-2018-5908 affects CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The root cause is a missing buffer length validation in a display function, enabling a potential buffer overflow. CVSS indicates a local, low-complexity attack with HIGH impact acro...
CVE-2018-9347
The CVE-2018-9347 entry affects Android devices and is caused by incorrect input validation in SMF_ParseMetaEvent within eas_smf.c, which can trigger an infinite loop and enable a remote temporary DoS. Affected products/versions listed include Android 7.x (7.0, 7.1.1, 7.1.2), Android 8.x (8.0, 8....
CVE-2018-9533
CVE-2018-9533 affects Android 9 and is described as an out-of-bounds read/write in ixheaacd_dec_data_init (ixheaacd_create.c) that could enable remote code execution with no extra privileges; exploitation reportedly requires user interaction. The issue is documented in the Android 2018-11 securit...
CVE-2019-2146
CVE-2019-2146 affects Android 10, with a vulnerability in libxaac caused by a missing bounds check that leads to an out-of-bounds read. Consequence: information disclosure without execution privileges; exploitation requires user interaction. Affected component: libxaac (Android 10). Vendor/OS con...
CVE-2019-2151
CVE-2019-2151 is an information-disclosure flaw in libxaac on Android 10 caused by an out-of-bounds read due to a missing bounds check. The Red Hat and CNVD references confirm the same description and indicate Android-10 as affected. There is no explicit indication of an available patch/version i...
CVE-2019-2156
CVE-2019-2156 affects Android 10 where the libxaac library has an out-of-bounds read due to a missing bounds check, enabling potential information disclosure. The vulnerability impacts information confidentiality and requires user interaction to exploit; there is no indication of remote code exec...
CVE-2019-9347
CVE-2019-9347 affects Android 10 via the m4v_h263 codec. The vulnerability is an out-of-bounds read caused by a use-after-free, leading to local information disclosure without requiring user interaction. Documentation across sources confirms the issue in the Media framework; exploitation details ...
CVE-2019-9355
CVE-2019-9355 is an Android Bluetooth information-disclosure vulnerability described as an out-of-bounds read caused by a missing bounds check. It could allow remote information disclosure without user interaction, with network attack potential as per CVSS metrics (CVSS v3.1: 7.5, HIGH; CVSS v2: ...
CVE-2020-0316
CVE-2020-0316 affects Android 11, with a missing permission check in Telephony that could allow local disclosure of radio data without extra privileges or user interaction. The issue targets the Telephony component and is described across multiple sources as an information disclosure vulnerabilit...
CVE-2020-0370
CVE-2020-0370 affects the Android 11 platform, with a vulnerability in the libAACdec component where a missing bounds check can cause an out-of-bounds read. This may enable remote information disclosure and, per the CVE description, requires user interaction to exploit. Affected software is Andro...
CVE-2020-0387
CVE-2020-0387 affects the SmartSpace package: in its manifest files there is a tapjacking vector caused by a missing permission check. The issue enables local elevation of privilege and possible account hijacking, with exploitation requiring user interaction. The vulnerability is categorized as a...
CVE-2020-0494
CVE-2020-0494 corresponds to a heap buffer overflow in ih264d_parse_ave (ih264d_sei.c) that can cause an out-of-bounds read and remote information disclosure on Android 11 devices. The vulnerability affects Android 11 Pixel/Android components in the media stack and is described as requiring user ...
CVE-2020-27023
CVE-2020-27023 affects Android 11 where in BluetoothMediaBrowserService.java the setErrorPlaybackState path allows a permission bypass via an unsafe PendingIntent. This could lead to local information disclosure with System-level privileges (no user interaction required per the report). CVSS metr...
CVE-2020-27026
CVE-2020-27026 affects Android 11 devices (as described: Android-11) where the lock screen/unlock interface during boot behaves differently depending on whether a fingerprint is registered. This can lead to local information disclosure without additional execution privileges. The vulnerability is...
CVE-2020-27031
CVE-2020-27031 affects Android 11, where in nfc_data_event of nfc_ncif.cc there is a possible out-of-bounds read due to a missing bounds check. This can lead to local information disclosure and may require system privileges, with no user interaction needed for exploitation. The provided documents...
CVE-2021-0618
CVE-2021-0618 affects MediaTek’s ape extractor. The vulnerability is a heap buffer overflow that can enable a local out-of-bounds read leading to information disclosure, with no user interaction required. Patch ID ALPS05561394 addresses the issue. Exploitation details are not provided in the acce...
CVE-2021-0660
The CVE-2021-0660 issue concerns the ccu component with an out-of-bounds read caused by incorrect error handling, enabling information disclosure potentially with System privileges. No user interaction is required. A patch is identified as ALPS05827145 (Issue ALPS05827145). RH and NVD entries cor...
CVE-2021-23243
Technical details are not publicly available in the provided documents. Information on affected products, versions, impact or remediation is not specified. Monitor for updates.
CVE-2021-25413
CVE-2021-25413 affects Samsung Contacts prior to SMR June-2021 Release 1. The root cause is improper sanitization of incoming intents, enabling a local attacker to access arbitrary data within the Samsung Contacts privilege. Impact is partial confidentiality exposure of data via a local vector. T...
CVE-2021-25416
The CVE-2021-25416 issue concerns Samsung SMR (system patch package). An improper address validation in RKP before SMR JUN-2021 Release 1 can let a local attacker, with EL1 assumed compromised, create kernel pages outside the code area. This is a local-exploit scenario with potential high impact ...
CVE-2021-25467
CVE-2021-25467 describes a potential buffer overflow in the Vision DSP kernel driver (Samsung devices) before SMR Oct-2021 Release 1, enabling privilege escalation to root via hijacking a loaded library. The incident is tied to local exploit scenarios, with impact described as high for confidenti...
CVE-2022-30757
CVE-2022-30757 concerns the Samsung isemtelephony component. The available disclosures state an improper authorization flaw that lets an attacker obtain the device CID without the ACCESS_FINE_LOCATION permission, affecting versions before the Samsung SMR Jul-2022 Release 1. Public sources consist...
CVE-2022-39090
CVE-2022-39090 involves a missing permission check in the system’s power management service. The root cause is a lack of authorization in setting up the power management service, potentially allowing initial setup with no additional execution privileges. The CVSS vector from NVD indicates a Local...
CVE-2023-20748
CVE-2023-20748 affects Mediatek-related chips with a vulnerability in the display path causing an out-of-bounds read due to a missing bounds check. Impact cited as local information disclosure with system-level privileges needed; exploitation reportedly does not require user interaction. Patch ID...
CVE-2023-21323
CVE-2023-21323 is an information-disclosure vulnerability in Android's Activity Manager that could let a local attacker determine whether an app is installed without query permissions. The issue stems from a side-channel disclosure, requiring no user interaction and no additional execution privil...
CVE-2023-30918
CVE-2023-30918 : The issue is a missing permission check in the telephony service, enabling local information disclosure without additional privileges. Connected sources identify affected UNISOC chipsets/telephony implementations (e.g., SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T60...
CVE-2023-30932
CVE-2023-30932 affects the telephony service with a missing permission check that enables local information disclosure without extra execution privileges. Public coverage in connected documents references UNISOC chipsets (e.g., SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T820/S8000...
CVE-2023-30934
The CVE-2023-30934 entry describes a local information disclosure in the telephony service due to a missing permission check. Affected scope is supported by connected records noting UNISOC chipset impacts (e.g., various SC-series and T-series devices) with exploitation possible without additional...
CVE-2023-30935
CVE-2023-30935 affects the telephony service and is tied to a missing permission check that enables local information disclosure without additional execution privileges. Root cause: permission check gap in the telephony component. Impact: local confidentiality disclosure (C/H) with no privilege o...
CVE-2023-32805
CVE-2023-32805 concerns an out-of-bounds write in MediaTek power-related components due to an insecure default value, enabling local privilege escalation with System execution privileges. Exploitation is described as requiring user interaction; affected details include the need for a patch (ALPS0...
CVE-2023-32856
CVE-2023-32856 concerns MediaTek chipsets where the display module has an out-of-bounds read caused by an incorrect status check. The vulnerability can lead to local information disclosure with System execution privileges required, and exploitation does not require user interaction. The available...
CVE-2023-32860
Affected product: MediaTek chips (display module). Vulnerability: classic buffer overflow due to a missing bounds check in display handling. Root cause: out-of-bounds write leading to local privilege escalation with SYSTEM-level privileges required. Exploit: no user interaction required (local ex...
CVE-2023-33888
CVE-2023-33888 affects the telephony service with a missing permission check that can lead to local information disclosure. Connected documents identify these as UNISOC-chipset telephony services, listing affected devices such as SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T820/S80...