8153 matches found
CVE-2025-32350
The CVE-2025-32350 issue affects Google Android Framework: in maybeShowDialog of ControlsSettingsDialogManager.kt there can be an overlay/tapjacking that causes a ControlsSettingsDialog to overlap, enabling local elevation of privilege without extra user interaction. The Android Security Bulletin...
CVE-2026-0164
CVE-2026-0164 affects Modem with an out-of-bounds write due to a missing bounds check, enabling remote code execution without extra privileges or user interaction. The vulnerability is classified as RCE with high impact on confidentiality, integrity, and availability. Public sources (NVD/ENISA/NV...
CVE-2018-5851
CVE-2018-5851 is a Qualcomm WLAN buffer-overflow vulnerability affecting Android devices (Pixel/Nexus) due to HTT_T2H_MSG_TYPE_TX_COMPL_IND processing with an out-of-range num_msdus. The issue can allow arbitrary code execution or a DoS. Public details map this CVE to Qualcomm WLAN in the May 201...
CVE-2018-5888
CVE-2018-5888 affects Qualcomm bootloader components (Bootloader) with Elevation of Privilege (EoP) and Moderate severity. The CVE description references an out-of-bounds access while processing the system path in CAF Android MSM Linux kernel prior to the 2018-06-05 patch level; connected data al...
CVE-2018-5910
CVE-2018-5910: In CAF-built Android (Android for MSM, Firefox OS for MSM, QRD Android) kernels, memory corruption can occur due to an improper check of the callers count parameter in display handler code. The issue affects the Linux kernel components used by CAF in these Android releases. Root ca...
CVE-2019-2158
CVE-2019-2158 affects Android-10 in the libxaac library, with an out-of-bounds read caused by a missing bounds check. This can lead to an information disclosure and requires user interaction to exploit. The vulnerability is documented across multiple sources (NVD, Red Hat, CNVD, PRION, CVE List) ...
CVE-2019-2171
CVE-2019-2171 affects Android 10, specifically the libxaac library, due to uninitialized data leading to information disclosure. The issue allows an attacker to disclose information without extra execution privileges; exploitation requires user interaction. Documents confirm impact on Android-10 ...
CVE-2020-0244
CVE-2020-0244 affects Android 11, describing an out-of-bounds read in SPDIFEncoder.cpp (writeBurstBufferBytes) caused by an incorrect bounds check. This can lead to local information disclosure without a clear exfiltration path; exploitation requires user interaction. The NVD entry lists CVSS det...
CVE-2020-10844
CVE-2020-10844 is documented as an out-of-bounds read vulnerability in Samsung mobile devices’ media.audio_policy, affecting O(8.x), P(9.x), and Q(10.0) software. The Samsung internal ID is SVE-2019-16333. The connected Red Hat, CNVD, CNVD-style entries repeat the same description; no product-spe...
CVE-2021-0659
The CVE-2021-0659 entry concerns the apusys component where an out-of-bounds read can occur due to an incorrect bounds check. This may lead to local information disclosure and requires system privileges for impact; exploitation does not require user interaction. Affected context is supported by c...
CVE-2021-25392
CVE-2021-25392 concerns Samsung DeX backup path configuration. The Red Hat/NVD/CVE entries describe an improper protection of the backup path, enabling a local attacker to access sensitive information by changing the path. Affected component is the Dex-related backup path handling; the root cause...
CVE-2023-20774
CVE-2023-20774 involves an out-of-bounds read in the display path due to a missing bounds check, enabling local privilege escalation with System execution privileges required and no user interaction. Multiple connected sources (MediaTek-related advisories and vendor feeds) confirm the issue affec...
CVE-2023-21232
CVE-2023-21232 corresponds to a permissions-bypass information-disclosure issue affecting Wear OS and related Android components. The vulnerability allows retrieval of sensor data without permission, with local access and no user interaction required. Exploitation details (vector, affected versio...
CVE-2023-21233
CVE-2023-21233 concerns the avrc module in Wear OS. The vulnerability arises from uninitialized data in multiple locations, enabling a heap data leak that could lead to remote information disclosure with no additional execution privileges needed. Exploitation is possible without user interaction ...
CVE-2023-32863
CVE-2023-32863 describes a vulnerability in the display DRM where a missing bounds check can lead to an out-of-bounds read, enabling local escalation of privileges with System execution privileges needed. User interaction is not required. The CVE is mitigated by Patch ID ALPS07326314 (Issue ID AL...
CVE-2023-32868
CVE-2023-32868 concerns MediaTek’s display DRM module, with a missing bounds check causing an out-of-bounds write. The vulnerability is described as allowing local escalation of privileges to System level, with no user interaction required. Reported patch: ALPS07363632 (Issue ALPS07363632). Conne...
CVE-2023-33893
The CVE-2023-33893 entry concerns a privilege-check bypass in the fastDial service that can enable local information disclosure without additional execution privileges. Public sources consistently describe the issue as a missing permission check leading to exposure of data, with an overall CVSSv3...
CVE-2023-33904
CVE-2023-33904 affects the hci_server component. The root cause is a missing bounds check that enables an out-of-bounds read, which can lead to local denial of service with system execution privileges required. Multiple databases corroborate this vulnerability and cite the same description. Affec...
CVE-2023-33917
CVE-2023-33917 : Multiple sources describe a vulnerability in vowifiservice due to a possible missing permission check, leading to local information disclosure with no additional execution privileges. The impact is described as information disclosure, with a local attack vector and low attack com...
CVE-2023-38442
CVE-2023-38442 affects vowifiservice. The issue is a missing permission check that could lead to local information disclosure with no additional execution privileges. CVSS v3.1 base score 5.5 (Medium) with LOCAL attack vector, low attack complexity, low privileges required, and high confidentiali...
CVE-2023-38446
CVE-2023-38446 affects vowifiservice, with the root cause described as a possible missing permission check. This weakness could allow a local attacker to cause denial of service without needing additional privileges. CVSS v3.1 metrics indicate Local access, Low attack complexity, Low privileges r...
CVE-2023-38459
CVE-2023-38459 affects vowifiservice. The connected documents confirm a missing permission check in vowifiservice as the root cause, enabling local privilege escalation with low privileges and no user interaction. Impact is described as local escalation of privilege; no explicit exploitation deta...
CVE-2023-38463
CVE-2023-38463 affects vowifiservice, where a missing permission check could allow local denial of service without requiring additional privileges. The NVD entry maps a local attack vector with low complexity and low privileges needed, resulting in availability impact (DoS) with no confidentialit...
CVE-2023-42691
Technical details about CVE-2023-42691 are not publicly provided in the connected documents. The sources only reiterate a missing permission check in the wifi service. Monitor for updates for affected products, root cause, impact, and fixes.
CVE-2023-42706
CVE-2023-42706 affects the firewall service, where a missing permission check can allow an attacker to write permission usage records for an app, enabling local information disclosure without extra execution privileges. Root cause: inadequate authorization in the firewall service. Impact: confide...
CVE-2023-42723
CVE-2023-42723 concerns a vulnerability in camera services (Unisoc chipsets) caused by a missing bounds check leading to an out-of-bounds read. The NVD entry notes a local attack vector with low privileges required and no user interaction, resulting in local denial of service. Connected sources c...
CVE-2023-42735
CVE-2023-42735 affects the telephony service (noted by NVD/Red Hat/PRION/CVE list). The vulnerability arises from a missing permission check in the telephony service, enabling local information disclosure with System execution privileges needed. CVSS v3.1 indicates a Local attack, Low attack comp...
CVE-2024-40664
CVE-2024-40664 describes a logic error in setupAccessibilityServices within AccessibilityFragment.java that may allow hiding an enabled accessibility service, potentially causing local denial of service without extra privileges or user interaction. The vulnerability is documented across multiple ...
CVE-2025-48522
CVE-2025-48522 is an elevation-of-privilege vulnerability in Android, caused by a logic error in the setDisplayName function of AssociationRequest.java that can allow an app to retain the CDM association. This can lead to local EoP with no additional execution privileges and requires no user inte...
CVE-2025-48540
CVE-2025-48540 describes a local elevation-of-privilege vulnerability in the Android stack caused by a logic error in processTransactInternal of RpcState.cpp, which can trigger a local out-of-memory write. Exploitation requires local access; no user interaction is needed. Public references in And...
CVE-2025-48544
CVE-2025-48544 affects Google Android via a vulnerability in the MediaProvider component that allows reading files belonging to other apps due to SQL injection in multiple locations. The underlying issue enables local elevation of privilege with no additional execution privileges and without user...
CVE-2025-48562
CVE-2025-48562 is an Android information-disclosure flaw caused by a logic error in the writeContent function of RemotePrintDocument.java. The issue can lead to local information disclosure without additional execution privileges, and exploitation requires user interaction. Multiple connected sou...
CVE-2026-0055
CVE-2026-0055 describes a path traversal in PackageInstallerService.java (createSessionInternal) that could let an attacker place or move a Device Policy Controller (DPC) into an invalid directory, enabling local privilege escalation without extra execution privileges or user interaction. The det...
CVE-2026-0077
CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...
CVE-2018-11956
Technical details about CVE-2018-11956 are not provided in the connected documents. The sources present only the general issue without specifics (affected components, root cause, impact, or fixes). Monitor for updates.
CVE-2018-5847
CVE-2018-5847 describes a use-after-free condition arising from early/late retirement of rotation requests in CAF Android kernels (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. Affected software is Android CAF kernel components; the underlying issue is a memory-managem...
CVE-2019-9390
CVE-2019-9390 affects Android 10 Bluetooth stack. The defect is an out-of-bounds read due to a missing bounds check, enabling remote denial of service without privileges or user interaction. Impact is supported by NVD metrics (CVSSv3.1 base score 7.5, HIGH; network attacker with no auth, no UI). ...
CVE-2020-25047
CVE-2020-25047 affects Samsung mobile devices on Android P/Q where the S Secure app does not enforce the intended password requirement for a locked application. Root cause: insufficient password enforcement in S Secure. Impact is partial confidentiality and potential access to a locked app; CVE s...
CVE-2021-0408
In CVE-2021-0408, the issue is a possible out-of-bounds read in the asf extractor caused by an incorrect bounds check. This could lead to local information disclosure without additional privileges or user interaction. The vulnerability is documented across multiple sources (NVD/Red Hat/NVD_PAIR/e...
CVE-2021-0421
The CVE-2021-0421 entry concerns Mediatek’s memory management driver, where a missing bounds check can cause local information disclosure without extra execution privileges. Exploitation reportedly does not require user interaction, and the impact is described as disclosure of local information (...
CVE-2021-0423
CVE-2021-0423 concerns an information disclosure in the Mediatek memory management driver due to uninitialized data. This can enable local information disclosure with no additional execution privileges and without user interaction. The vulnerability is documented across multiple sources including...
CVE-2023-20761
CVE-2023-20761 concerns the ril component with an out-of-bounds write due to a missing bounds check, enabling local privilege escalation to System level. Exploitation is described as locally achievable without user interaction. Reported impact tiers include confidentiality, integrity, and availab...
CVE-2023-30931
CVE-2023-30931 involves a missing permission check in the telephony service that could allow local information disclosure without additional execution privileges. The issue is described across multiple sources as affecting UNISOC chipsets (telephony component), with attack vector LOCAL, attack co...
CVE-2023-32788
The CVE-2023-32788 entry concerns a missing permission check in the telephony service that could lead to local information disclosure without additional execution privileges. Affected scope is described across multiple sources (NVD/Red Hat/CVE record), with the CVSS v3.1 vector indicating Local a...
CVE-2023-33880
CVE-2023-33880 describes a missing permission check in the music service that can lead to local information disclosure without additional execution privileges. Public-environment details indicate affected UNISOC-based devices (e.g., SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T770/...
CVE-2023-33900
CVE-2023-33900 : In the telephony service, a missing permission check allows local information disclosure without extra privileges (CVSS 3.1: Local access, High confidentiality impact, Medium overall). Affected scope is described as the telephony component; some connected sources reference UNISOC...
CVE-2023-38448
CVE-2023-38448 involves the vowifiservice component. The connected documents describe a possible missing permission check in vowifiservice, leading to a local denial of service with no additional execution privileges. The public details specify a local attack vector with low attack complexity and...
CVE-2023-38455
The CVE-2023-38455 entry concerns a vulnerability in vowifiservice where a missing permission check could permit local privilege escalation (attack vector: LOCAL; privileges required: LOW; user interaction: NONE). The published NVD entry shows a CVSS v3.1 base score of 7.8 (HIGH) with impacts to ...
CVE-2023-38456
CVE-2023-38456 affects vowifiservice with a missing permission check that can lead to local privilege escalation (no extra execution privileges required). This is described across multiple sources as a local escalation vulnerability with a base CVSS v3.1 score of 7.8 (HIGH) and LOCAL attack vecto...
CVE-2023-38460
Summary of CVE-2023-38460 : Multiple connected sources identify a vulnerability in vowifiservice (linked to Unisoc chipsets) caused by a possible missing permission check. The underlying issue enables local privilege escalation with no additional execution privileges, with CVSS/metrics indicating...