Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/04 6:34 p.m.37 views

CVE-2025-32350

The CVE-2025-32350 issue affects Google Android Framework: in maybeShowDialog of ControlsSettingsDialogManager.kt there can be an overlay/tapjacking that causes a ControlsSettingsDialog to overlap, enabling local elevation of privilege without extra user interaction. The Android Security Bulletin...

7.8CVSS6.3AI score0.00081EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.37 views

CVE-2026-0164

CVE-2026-0164 affects Modem with an out-of-bounds write due to a missing bounds check, enabling remote code execution without extra privileges or user interaction. The vulnerability is classified as RCE with high impact on confidentiality, integrity, and availability. Public sources (NVD/ENISA/NV...

8.8CVSS6.2AI score0.00231EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.36 views

CVE-2018-5851

CVE-2018-5851 is a Qualcomm WLAN buffer-overflow vulnerability affecting Android devices (Pixel/Nexus) due to HTT_T2H_MSG_TYPE_TX_COMPL_IND processing with an out-of-range num_msdus. The issue can allow arbitrary code execution or a DoS. Public details map this CVE to Qualcomm WLAN in the May 201...

7.8CVSS7.2AI score0.00168EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.36 views

CVE-2018-5888

CVE-2018-5888 affects Qualcomm bootloader components (Bootloader) with Elevation of Privilege (EoP) and Moderate severity. The CVE description references an out-of-bounds access while processing the system path in CAF Android MSM Linux kernel prior to the 2018-06-05 patch level; connected data al...

7.8CVSS7.3AI score0.0017EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.36 views

CVE-2018-5910

CVE-2018-5910: In CAF-built Android (Android for MSM, Firefox OS for MSM, QRD Android) kernels, memory corruption can occur due to an improper check of the callers count parameter in display handler code. The issue affects the Linux kernel components used by CAF in these Android releases. Root ca...

7.8CVSS7.4AI score0.0019EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.36 views

CVE-2019-2158

CVE-2019-2158 affects Android-10 in the libxaac library, with an out-of-bounds read caused by a missing bounds check. This can lead to an information disclosure and requires user interaction to exploit. The vulnerability is documented across multiple sources (NVD, Red Hat, CNVD, PRION, CVE List) ...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.36 views

CVE-2019-2171

CVE-2019-2171 affects Android 10, specifically the libxaac library, due to uninitialized data leading to information disclosure. The issue allows an attacker to disclose information without extra execution privileges; exploitation requires user interaction. Documents confirm impact on Android-10 ...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2020/12/15 3:53 p.m.36 views

CVE-2020-0244

CVE-2020-0244 affects Android 11, describing an out-of-bounds read in SPDIFEncoder.cpp (writeBurstBufferBytes) caused by an incorrect bounds check. This can lead to local information disclosure without a clear exfiltration path; exploitation requires user interaction. The NVD entry lists CVSS det...

5.5CVSS5.7AI score0.00393EPSS
CVE
CVE
added 2020/03/24 5:27 p.m.36 views

CVE-2020-10844

CVE-2020-10844 is documented as an out-of-bounds read vulnerability in Samsung mobile devices’ media.audio_policy, affecting O(8.x), P(9.x), and Q(10.0) software. The Samsung internal ID is SVE-2019-16333. The connected Red Hat, CNVD, CNVD-style entries repeat the same description; no product-spe...

6.5CVSS6.5AI score0.0039EPSS
CVE
CVE
added 2021/11/18 2:57 p.m.36 views

CVE-2021-0659

The CVE-2021-0659 entry concerns the apusys component where an out-of-bounds read can occur due to an incorrect bounds check. This may lead to local information disclosure and requires system privileges for impact; exploitation does not require user interaction. Affected context is supported by c...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.36 views

CVE-2021-25392

CVE-2021-25392 concerns Samsung DeX backup path configuration. The Red Hat/NVD/CVE entries describe an improper protection of the backup path, enabling a local attacker to access sensitive information by changing the path. Affected component is the Dex-related backup path handling; the root cause...

5.5CVSS5.9AI score0.00102EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.36 views

CVE-2023-20774

CVE-2023-20774 involves an out-of-bounds read in the display path due to a missing bounds check, enabling local privilege escalation with System execution privileges required and no user interaction. Multiple connected sources (MediaTek-related advisories and vendor feeds) confirm the issue affec...

6.7CVSS6.6AI score0.00114EPSS
CVE
CVE
added 2023/08/14 9:10 p.m.36 views

CVE-2023-21232

CVE-2023-21232 corresponds to a permissions-bypass information-disclosure issue affecting Wear OS and related Android components. The vulnerability allows retrieval of sensor data without permission, with local access and no user interaction required. Exploitation details (vector, affected versio...

3.3CVSS3.8AI score0.00082EPSS
CVE
CVE
added 2023/08/14 9:10 p.m.36 views

CVE-2023-21233

CVE-2023-21233 concerns the avrc module in Wear OS. The vulnerability arises from uninitialized data in multiple locations, enabling a heap data leak that could lead to remote information disclosure with no additional execution privileges needed. Exploitation is possible without user interaction ...

7.5CVSS7.2AI score0.00338EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.36 views

CVE-2023-32863

CVE-2023-32863 describes a vulnerability in the display DRM where a missing bounds check can lead to an out-of-bounds read, enabling local escalation of privileges with System execution privileges needed. User interaction is not required. The CVE is mitigated by Patch ID ALPS07326314 (Issue ID AL...

6.7CVSS6.6AI score0.00111EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.36 views

CVE-2023-32868

CVE-2023-32868 concerns MediaTek’s display DRM module, with a missing bounds check causing an out-of-bounds write. The vulnerability is described as allowing local escalation of privileges to System level, with no user interaction required. Reported patch: ALPS07363632 (Issue ALPS07363632). Conne...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.36 views

CVE-2023-33893

The CVE-2023-33893 entry concerns a privilege-check bypass in the fastDial service that can enable local information disclosure without additional execution privileges. Public sources consistently describe the issue as a missing permission check leading to exposure of data, with an overall CVSSv3...

5.5CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.36 views

CVE-2023-33904

CVE-2023-33904 affects the hci_server component. The root cause is a missing bounds check that enables an out-of-bounds read, which can lead to local denial of service with system execution privileges required. Multiple databases corroborate this vulnerability and cite the same description. Affec...

4.4CVSS4.6AI score0.00105EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.36 views

CVE-2023-33917

CVE-2023-33917 : Multiple sources describe a vulnerability in vowifiservice due to a possible missing permission check, leading to local information disclosure with no additional execution privileges. The impact is described as information disclosure, with a local attack vector and low attack com...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.36 views

CVE-2023-38442

CVE-2023-38442 affects vowifiservice. The issue is a missing permission check that could lead to local information disclosure with no additional execution privileges. CVSS v3.1 base score 5.5 (Medium) with LOCAL attack vector, low attack complexity, low privileges required, and high confidentiali...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.36 views

CVE-2023-38446

CVE-2023-38446 affects vowifiservice, with the root cause described as a possible missing permission check. This weakness could allow a local attacker to cause denial of service without needing additional privileges. CVSS v3.1 metrics indicate Local access, Low attack complexity, Low privileges r...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.36 views

CVE-2023-38459

CVE-2023-38459 affects vowifiservice. The connected documents confirm a missing permission check in vowifiservice as the root cause, enabling local privilege escalation with low privileges and no user interaction. Impact is described as local escalation of privilege; no explicit exploitation deta...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.36 views

CVE-2023-38463

CVE-2023-38463 affects vowifiservice, where a missing permission check could allow local denial of service without requiring additional privileges. The NVD entry maps a local attack vector with low complexity and low privileges needed, resulting in availability impact (DoS) with no confidentialit...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.36 views

CVE-2023-42691

Technical details about CVE-2023-42691 are not publicly provided in the connected documents. The sources only reiterate a missing permission check in the wifi service. Monitor for updates for affected products, root cause, impact, and fixes.

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.36 views

CVE-2023-42706

CVE-2023-42706 affects the firewall service, where a missing permission check can allow an attacker to write permission usage records for an app, enabling local information disclosure without extra execution privileges. Root cause: inadequate authorization in the firewall service. Impact: confide...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.36 views

CVE-2023-42723

CVE-2023-42723 concerns a vulnerability in camera services (Unisoc chipsets) caused by a missing bounds check leading to an out-of-bounds read. The NVD entry notes a local attack vector with low privileges required and no user interaction, resulting in local denial of service. Connected sources c...

5.5CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.36 views

CVE-2023-42735

CVE-2023-42735 affects the telephony service (noted by NVD/Red Hat/PRION/CVE list). The vulnerability arises from a missing permission check in the telephony service, enabling local information disclosure with System execution privileges needed. CVSS v3.1 indicates a Local attack, Low attack comp...

4.4CVSS4.4AI score0.001EPSS
CVE
CVE
added 2025/09/04 7:28 p.m.36 views

CVE-2024-40664

CVE-2024-40664 describes a logic error in setupAccessibilityServices within AccessibilityFragment.java that may allow hiding an enabled accessibility service, potentially causing local denial of service without extra privileges or user interaction. The vulnerability is documented across multiple ...

6.2CVSS5.6AI score0.00078EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48522

CVE-2025-48522 is an elevation-of-privilege vulnerability in Android, caused by a logic error in the setDisplayName function of AssociationRequest.java that can allow an app to retain the CDM association. This can lead to local EoP with no additional execution privileges and requires no user inte...

7.8CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48540

CVE-2025-48540 describes a local elevation-of-privilege vulnerability in the Android stack caused by a logic error in processTransactInternal of RpcState.cpp, which can trigger a local out-of-memory write. Exploitation requires local access; no user interaction is needed. Public references in And...

7.8CVSS6.4AI score0.00091EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48544

CVE-2025-48544 affects Google Android via a vulnerability in the MediaProvider component that allows reading files belonging to other apps due to SQL injection in multiple locations. The underlying issue enables local elevation of privilege with no additional execution privileges and without user...

7.8CVSS6.9AI score0.00095EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48562

CVE-2025-48562 is an Android information-disclosure flaw caused by a logic error in the writeContent function of RemotePrintDocument.java. The issue can lead to local information disclosure without additional execution privileges, and exploitation requires user interaction. Multiple connected sou...

5CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.36 views

CVE-2026-0055

CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...

6.2CVSS6AI score0.00084EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.36 views

CVE-2026-0077

CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...

7.8CVSS5.9AI score0.00082EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.35 views

CVE-2018-11956

Technical details about CVE-2018-11956 are not provided in the connected documents. The sources present only the general issue without specifics (affected components, root cause, impact, or fixes). Monitor for updates.

7.8CVSS7.4AI score0.00177EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.35 views

CVE-2018-5847

CVE-2018-5847 describes a use-after-free condition arising from early/late retirement of rotation requests in CAF Android kernels (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. Affected software is Android CAF kernel components; the underlying issue is a memory-managem...

7.8CVSS7.3AI score0.00165EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.35 views

CVE-2019-9390

CVE-2019-9390 affects Android 10 Bluetooth stack. The defect is an out-of-bounds read due to a missing bounds check, enabling remote denial of service without privileges or user interaction. Impact is supported by NVD metrics (CVSSv3.1 base score 7.5, HIGH; network attacker with no auth, no UI). ...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2020/08/31 8:26 p.m.35 views

CVE-2020-25047

CVE-2020-25047 affects Samsung mobile devices on Android P/Q where the S Secure app does not enforce the intended password requirement for a locked application. Root cause: insufficient password enforcement in S Secure. Impact is partial confidentiality and potential access to a locked app; CVE s...

5.5CVSS5.6AI score0.00148EPSS
CVE
CVE
added 2021/08/18 2:43 p.m.35 views

CVE-2021-0408

In CVE-2021-0408, the issue is a possible out-of-bounds read in the asf extractor caused by an incorrect bounds check. This could lead to local information disclosure without additional privileges or user interaction. The vulnerability is documented across multiple sources (NVD/Red Hat/NVD_PAIR/e...

5.5CVSS5AI score0.00116EPSS
CVE
CVE
added 2021/09/27 11:20 a.m.35 views

CVE-2021-0421

The CVE-2021-0421 entry concerns Mediatek’s memory management driver, where a missing bounds check can cause local information disclosure without extra execution privileges. Exploitation reportedly does not require user interaction, and the impact is described as disclosure of local information (...

5.5CVSS5.1AI score0.00112EPSS
CVE
CVE
added 2021/09/27 11:20 a.m.35 views

CVE-2021-0423

CVE-2021-0423 concerns an information disclosure in the Mediatek memory management driver due to uninitialized data. This can enable local information disclosure with no additional execution privileges and without user interaction. The vulnerability is documented across multiple sources including...

5.5CVSS5.1AI score0.00112EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.35 views

CVE-2023-20761

CVE-2023-20761 concerns the ril component with an out-of-bounds write due to a missing bounds check, enabling local privilege escalation to System level. Exploitation is described as locally achievable without user interaction. Reported impact tiers include confidentiality, integrity, and availab...

6.7CVSS6.7AI score0.00114EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.35 views

CVE-2023-30931

CVE-2023-30931 involves a missing permission check in the telephony service that could allow local information disclosure without additional execution privileges. The issue is described across multiple sources as affecting UNISOC chipsets (telephony component), with attack vector LOCAL, attack co...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.35 views

CVE-2023-32788

The CVE-2023-32788 entry concerns a missing permission check in the telephony service that could lead to local information disclosure without additional execution privileges. Affected scope is described across multiple sources (NVD/Red Hat/CVE record), with the CVSS v3.1 vector indicating Local a...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.35 views

CVE-2023-33880

CVE-2023-33880 describes a missing permission check in the music service that can lead to local information disclosure without additional execution privileges. Public-environment details indicate affected UNISOC-based devices (e.g., SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T770/...

3.3CVSS3.8AI score0.00088EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.35 views

CVE-2023-33900

CVE-2023-33900 : In the telephony service, a missing permission check allows local information disclosure without extra privileges (CVSS 3.1: Local access, High confidentiality impact, Medium overall). Affected scope is described as the telephony component; some connected sources reference UNISOC...

5.5CVSS5.2AI score0.00093EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.35 views

CVE-2023-38448

CVE-2023-38448 involves the vowifiservice component. The connected documents describe a possible missing permission check in vowifiservice, leading to a local denial of service with no additional execution privileges. The public details specify a local attack vector with low attack complexity and...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.35 views

CVE-2023-38455

The CVE-2023-38455 entry concerns a vulnerability in vowifiservice where a missing permission check could permit local privilege escalation (attack vector: LOCAL; privileges required: LOW; user interaction: NONE). The published NVD entry shows a CVSS v3.1 base score of 7.8 (HIGH) with impacts to ...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.35 views

CVE-2023-38456

CVE-2023-38456 affects vowifiservice with a missing permission check that can lead to local privilege escalation (no extra execution privileges required). This is described across multiple sources as a local escalation vulnerability with a base CVSS v3.1 score of 7.8 (HIGH) and LOCAL attack vecto...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.35 views

CVE-2023-38460

Summary of CVE-2023-38460 : Multiple connected sources identify a vulnerability in vowifiservice (linked to Unisoc chipsets) caused by a possible missing permission check. The underlying issue enables local privilege escalation with no additional execution privileges, with CVSS/metrics indicating...

7.8CVSS7.7AI score0.00079EPSS
Total number of security vulnerabilities8153