Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/07/12 8:32 a.m.38 views

CVE-2023-33892

CVE-2023-33892 concerns the minimal-privilege local information-disclosure flaw in the fastDial service. The root cause, per multiple sources, is a missing permission check in fastDial, enabling an attacker with local access and low privileges to read information without requiring extra execution...

5.5CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.38 views

CVE-2023-33896

CVE-2023-33896 affects the libimpl-ril component. A missing bounds check can cause an out-of-bounds write, leading to local denial of service with System execution privileges required. The issue has a CVSSv3.1 base score of 4.4 (Medium) and is characterized as a local attack with high privileges ...

4.4CVSS4.7AI score0.001EPSS
CVE
CVE
added 2023/08/07 1:54 a.m.38 views

CVE-2023-33913

CVE-2023-33913 describes a vulnerability in the DRM/oemcrypto module where an incorrect calculation of the buffer size allows an out-of-bounds write. This could lead to remote escalation of privilege with system execution privileges required. The initial documents confirm the issue and its impact...

7.2CVSS7.4AI score0.0042EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.38 views

CVE-2023-38436

The CVE-2023-38436 entry concerns vowifiservice and describes a missing permission check that could allow local information disclosure without requiring additional privileges. Across connected sources, the impact is stated as information disclosure with a local attack vector and no explicit remot...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.38 views

CVE-2023-38454

CVE-2023-38454 concerns the vowifi service where a missing permission check could allow local information disclosure with no extra privileges. The vulnerability is described across multiple feeds as affecting vowifi service components, but the connected documents do not provide specific vulnerabl...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.38 views

CVE-2023-38458

In the provided documents, CVE-2023-38458 affects vowifiservice (Unisoc/UNISOC chipsets) with a possible missing permission check that could enable local escalation of privilege. The NVD entry describes the impact as local escalation with no extra execution privileges, and the attack vector is LO...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.38 views

CVE-2023-38461

The CVE-2023-38461 entry concerns vowifiservice with a missing permission check, leading to local denial of service without extra privileges. Affected component: vowifiservice (on UNISOC-derived platforms as reflected in multiple sources). Root cause: insufficient authorization checks in the serv...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.38 views

CVE-2023-38464

CVE-2023-38464 affects the vowifiservice component (in UNISOC chipsets). The security issue is a missing permission check that could allow local escalation of privilege without requiring additional execution privileges. The CVSS 3.1 vector from NVD indicates a Local, Low Complexity exploit with L...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.38 views

CVE-2023-38554

CVE-2023-38554 concerns the wcn bsp driver with an out-of-bounds write caused by a missing bounds check, potentially enabling local denial of service with no extra privileges. Affected component: wcn bsp driver (UnISOC context). Impact: local DoS (availability impact) as stated; no explicit explo...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.38 views

CVE-2023-40641

The vulnerability CVE-2023-40641 affects the Messaging component (notably on UNISOC chipsets per linked sources). The issue is a missing permission check in Messaging which could allow local information disclosure without requiring additional execution privileges. The cited sources collectively d...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.38 views

CVE-2023-42689

CVE-2023-42689 affects the wifi service in UNISOC chipsets. The root cause is a possible missing permission check in the wifi service, which could enable local escalation of privilege with no additional execution privileges required. The CVE is associated with a high impact (base score 7.8) invol...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.38 views

CVE-2023-42692

CVE-2023-42692 concerns the wifi service on UNISOC chipsets, where a missing permission check can allow local escalation of privilege with no extra privileges. The CVSS 3.1 base vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects a high impact to confidentiality, integrity, and availability. Pu...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.38 views

CVE-2023-42747

Consolidated details indicate a vulnerability in Unisoc chipsets where the camera service may lack a required permission check. This can enable local escalation of privilege without additional execution privileges. Affected component appears to be the camera service in Unisoc chipsets; no explici...

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.38 views

CVE-2023-48356

CVE-2023-48356 concerns the jpg driver in UNISOC chipsets. The root cause is a missing bounds check leading to an out-of-bounds write. This can cause local denial of service with system execution privileges required. The available sources (NVD/Red Hat/linked records) describe the vulnerability an...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.37 views

CVE-2015-9043

CVE-2015-9043 is described in connected sources as a NULL pointer dereference vulnerability affecting Qualcomm components in Android CAF builds using the Linux kernel. The root cause, as stated, is a NULL pointer dereference on timer expiry, with impact described as high/critical in CVSS terms. T...

10CVSS7.8AI score0.00861EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.37 views

CVE-2016-6714

CVE-2016-6714 describes a remote denial-of-service condition in Android’s Mediaserver. The issue affects Mediaserver in Android 6.x (before 2016-11-01) and 7.0 (before 2016-11-01); a attacker could trigger a device hang or reboot by crafting a file processed by Mediaserver. The vulnerability is c...

7.1CVSS5.7AI score0.00521EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.37 views

CVE-2018-11827

CVE-2018-11827 affects CAF/Android builds (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. The issue: improper validation of an array index in the WMA roam synchronization handler can cause an out-of-bounds write. This is tied to Qualcomm WLAN/driver components in the af...

7.8CVSS7.4AI score0.00192EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.37 views

CVE-2018-11869

CVE-2018-11869 affects Android-family releases used on CAF/Linux kernels. The issue is a lack of length validation for a value received from firmware, which can cause a buffer overflow in the WMA handler . The vulnerability is described as local with potential complete impact on confidentiality, ...

7.8CVSS7.6AI score0.00218EPSS
CVE
CVE
added 2018/06/15 8:0 p.m.37 views

CVE-2018-5860

CVE-2018-5860 affects the MDSS (multimedia display) driver in Android builds for MSM, Firefox OS for MSM, and QRD Android, provided by CAF on Linux-based kernels. The root cause is that a data structure may be used without proper initialization, as described in multiple sources. According to the ...

5.5CVSS5.2AI score0.00132EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.37 views

CVE-2018-9534

CVE-2018-9534: A out-of-bounds write in ixheaacd_mps_getstridemap (ixheaacd_mps_parse.c) on Android 9 can lead to remote code execution. Root cause: missing bounds check in ixheaacd_mps_getstridemap. Impact per sources: potential RCE with network vector; user interaction required for exploitation...

8.8CVSS9AI score0.00727EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.37 views

CVE-2019-2064

In Android 10, CVE-2019-2064 is a vulnerability in the libxaac library where a missing bounds check enables an out-of-bounds write, potentially enabling remote code execution. The issue affects Android-10 devices using libxaac and is documented across multiple sources (NVD entry; Red Hat and CNVD...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.37 views

CVE-2019-2147

CVE-2019-2147 affects the Android libxaac library. The issue is an out-of-bounds read caused by a missing bounds check in libxaac, leading to potential information disclosure. Exploitation requires user interaction, and the vulnerability does not grant additional execution privileges. Connected R...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.37 views

CVE-2019-2163

Concerning CVE-2019-2163, multiple connected sources confirm a concrete issue in the Android 10 libxaac library: an out-of-bounds read due to a missing bounds check, leading to information disclosure. Affected component: libxaac within Android-10. Impact per sources: potential information leakage...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:21 p.m.37 views

CVE-2019-2189

CVE-2019-2189 affects the Image driver in the Android kernel (Easel driver). The vulnerability stems from race conditions that can cause memory corruption, enabling local elevation of privilege to SYSTEM with no user interaction required. Impact is described as local EoP with high confidentiality...

6.9CVSS7.2AI score0.00117EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.37 views

CVE-2019-9389

CVE-2019-9389 affects Android 10 Bluetooth stack (Bluetooth component) with a out-of-bounds read due to a missing bounds check. This could lead to remote denial of service without user interaction. CVSSv2 base score 5.0 (NETWORK, LOW attack complexity, no privileges required, Availability impact ...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2020/09/17 8:47 p.m.37 views

CVE-2020-0341

CVE-2020-0341 affects Android 11; a missing permission check in DisplayManager may allow local escalation of privilege without user interaction. The issue is categorized as Elevation of Privilege (EoP). No exploit details are provided in the sources. Remediation: Android 11 security release notes...

7.8CVSS8.2AI score0.00139EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.37 views

CVE-2020-0492

CVE-2020-0492 affects Android 11 Media framework (BitstreamFillCache in bitstream.cpp). Root cause: out-of-bounds read caused by a heap buffer overflow leading to potential remote information disclosure. Impact: requires no privileges but may require user interaction for exploitation; exposed dat...

6.5CVSS6.7AI score0.00837EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.37 views

CVE-2020-0493

CVE-2020-0493 is an Android Pixel vulnerability tied to CPDF_SampledFunc::v_Call, where an out-of-bounds read due to input validation issues could disclose local information without user interaction. The issue is listed in the Pixel update bulletin for December 2020 as CVE-2020-0493 (Android bug ...

5.5CVSS5.7AI score0.00134EPSS
CVE
CVE
added 2020/03/24 5:35 p.m.37 views

CVE-2020-10852

CVE-2020-10852 involves a stack overflow in the display driver affecting Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) software (Samsung ID SVE-2019-15877). The Red Hat/EUVD/CNVD entries corroborate the same issue. According to the NVD metrics, CVSS v3.1 base score is 7.8 (HIGH) with...

7.8CVSS7.8AI score0.00135EPSS
CVE
CVE
added 2020/12/15 4:0 p.m.37 views

CVE-2020-27025

CVE-2020-27025 affects Android 11 and is caused by an unsafe PendingIntent in EapFailureNotifier.java and SimRequiredNotifier.java, enabling a permission bypass that can lead to local information disclosure. The issue requires no user interaction and could be triggered with local access; the root...

5.5CVSS5.8AI score0.00135EPSS
CVE
CVE
added 2020/12/15 4:6 p.m.37 views

CVE-2020-27054

CVE-2020-27054 affects Android 11, where onFactoryReset in BluetoothManagerService.java lacks a permission check, enabling local escalation of privilege with no additional execution privileges and no user interaction required. The NVD entry lists CVSS v3.1 base score 7.8 (HIGH) and local attack, ...

7.8CVSS8.1AI score0.00139EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.37 views

CVE-2021-25384

CVE-2021-25384 describes an improper input validation in the Samsung libsdffextractor library, specifically in the function handling the Sample Rate Chunk (sdfffd_parse_chunk_PROP). The vulnerability, affecting versions prior to SMR MAY-2021 Release 1, can allow an attacker to trigger arbitrary c...

9.8CVSS9.6AI score0.00546EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.37 views

CVE-2022-47352

The CVE-2022-47352 entry concerns the camera driver in Unisoc chipsets, where a missing bounds check allows an out-of-bounds read. This is described across Red Hat/NVD/CVE records as enabling possible local denial of service with SYSTEM-level execution required. Affected component is the camera d...

4.4CVSS4.6AI score0.00088EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2022-48462

CVE-2022-48462 : In the wifi service, there is a possible out-of-bounds write caused by a missing bounds check, which could lead to local denial of service with no additional execution privileges required. The issue is documented across NVD/Red Hat/CVE lists and related feeds; the available sourc...

5.5CVSS5.5AI score0.00099EPSS
CVE
CVE
added 2023/08/14 9:10 p.m.37 views

CVE-2023-21233

CVE-2023-21233 concerns the avrc module in Wear OS. The vulnerability arises from uninitialized data in multiple locations, enabling a heap data leak that could lead to remote information disclosure with no additional execution privileges needed. Exploitation is possible without user interaction ...

7.5CVSS7.2AI score0.00338EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.37 views

CVE-2023-30927

Summary : CVE-2023-30927 is a local information disclosure vulnerability due to a missing permission check in the telephony service. The NVD entry reports a CVSSv3.1 base score of 5.5 (LOW privileges required, LOCAL exploit, HIGH confidentiality impact). Connected sources corroborate the issue an...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.37 views

CVE-2023-30933

CVE-2023-30933 involves a missing permission check in the telephony service that enables local information disclosure without additional execution privileges. The core issue is the telephony component failing to enforce access controls, per the CVE description. Connected documents expand on affec...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.37 views

CVE-2023-30941

CVE-2023-30941 concerns a missing permission check in the telephony service that can lead to local information disclosure without requiring additional execution privileges. The available documents describe the vulnerability as a local information disclosure flaw (CONFIDENTIALITY impact) with priv...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.37 views

CVE-2023-32789

CVE-2023-32789 concerns a missing permission check in the telephony service that enables local information disclosure without additional execution privileges. The core issue is a privilege check gap in the telephony component, with CVSS 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N indicating local acc...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.37 views

CVE-2023-32861

CVE-2023-32861 affects MediaTek devices with a flaw in the display module due to an incorrect bounds check, causing an out-of-bounds read that could enable local escalation of privileges with System execution privileges required. No user interaction is needed. Patch: ALPS08059081 (Issue ID: ALPS0...

6.7CVSS6.6AI score0.00111EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.37 views

CVE-2023-33886

CVE-2023-33886 affects the telephony service where a missing permission check can cause local information disclosure without additional execution privileges. The CVE's base metrics show Local attack vector, Low attack complexity, Low privileges required, no user interaction, and Confidentiality i...

5.5CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.37 views

CVE-2023-33902

CVE-2023-33902 affects UNISOC Bluetooth service across multiple chipsets (e.g., SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T770/T820/S8000). The root cause is a missing permission check in the Bluetooth service, enabling local information disclosure without additional execution pr...

5.5CVSS5.2AI score0.00153EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42682

CVE-2023-42682 affects the gsp driver and stems from a missing bounds check, allowing an out-of-bounds write that could cause local denial of service with system-level privileges required. The provided documents specify the impact (local DoS) and privilege requirements but do not include exploit ...

4.4CVSS4.8AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42684

CVE-2023-42684 concerns the gsp driver within UNISOC chipsets, where a missing bounds check can cause an out-of-bounds read. The issue is described as leading to local denial of service with System execution privileges required. Documents consistently cite the gsp driver as the vulnerable compone...

4.4CVSS4.6AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42699

CVE-2023-42699 concerns the omacp service. A missing permission check could allow writing permission usage records for an app, enabling local information disclosure without additional execution privileges. Public sources summarize the issue and impact (local information disclosure) but do not pro...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42709

CVE-2023-42709 affects UNISOC/chipset Firewall service where a missing permission check enables writing of an app’s permission usage records, leading to local information disclosure without extra privileges. Exploitation details are not provided in the connected documents; no concrete exploit vec...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42724

CVE-2023-42724 concerns an out-of-bounds read in the GPU driver that could enable local denial of service with system execution privileges. Public details consistently describe the flaw as a bounds-check failure in the GPU driver, with patched mitigations referenced by Apple for iOS/iPadOS. Explo...

4.4CVSS4.6AI score0.00134EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42731

CVE-2023-42731 affects the Gnss service in UNISOC chipsets. The vulnerability is an out-of-bounds read caused by a missing bounds check, leading to local denial of service with System execution privileges required. The CVSSv3.1 base score is 4.4 (Medium) with LOCAL attack vector, low attack compl...

4.4CVSS4.7AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42736

CVE-2023-42736 concerns a missing permission check in the telecom service, leading to local privilege escalation with no extra privileges required. The connected documents (Red Hat, NVD, PRION/PRIO listing, and related vendor entries) consistently describe the issue as a telecom-service permissio...

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.37 views

CVE-2023-42740

CVE-2023-42740 - A missing permission check in the telecom service allows writing permission usage records, enabling local escalation of privilege without extra execution privileges. The issue is documented across multiple sources (NVD, Red Hat, PRION, CNNVD, etc.) and is associated with UNISOC t...

7.8CVSS7.8AI score0.00096EPSS
Total number of security vulnerabilities8153