Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/04 6:34 p.m.36 views

CVE-2025-48548

CVE-2025-48548 describes a race condition in AppOpsControllerImpl.java that could allow recording audio without the privacy indicator, enabling local elevation of privilege with user interaction required. The issue is discussed across multiple sources (Android/Red Hat/CNVD views) with the same co...

7.3CVSS6.3AI score0.00097EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.35 views

CVE-2023-42652

CVE-2023-42652 affects the UNISOC/engineermode context. The root cause is a missing permission check in engineermode, enabling local information disclosure with no additional execution privileges. Impact aligns with the CVSS note: local attacker access to confidential data; exploitation status no...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.35 views

CVE-2023-42681

CVE-2023-42681 affects the ion service in Unisoc chipsets, where a missing permission check can allow local escalation of privilege without requiring additional execution privileges. The issue is rooted in the ion service’s access control, enabling a local attacker with low privileges to exploit ...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.35 views

CVE-2023-42686

Technical details about CVE-2023-42686 are not publicly available in the provided connected documents. Monitor for updates for affected products, components, and remediation specifics.

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.35 views

CVE-2023-42702

CVE-2023-42702 describes a missing permission check in the firewall service that allows an attacker with local access to write permission usage records for an app, causing local information disclosure with no additional execution privileges. Affected: firewall service in UNISOC chipsets. Impact: ...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.35 views

CVE-2023-42715

CVE-2023-42715 affects UNISOC chipsets with a vulnerability in the telephony service caused by a missing permission check, enabling local information disclosure without requiring extra execution privileges. The CVSS entry cites local attack vector, low attack complexity, and low privileges requir...

5.5CVSS5.2AI score0.00101EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.35 views

CVE-2023-42730

CVE-2023-42730 describes a vulnerability in the IMS service where a missing permission check allows writing permission usage records, enabling local information disclosure without extra privileges. The NVD entry lists a CVSS 3.1 base score of 5.5 (Medium) with Local attack vector, Low attack comp...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2025/07/08 2:0 a.m.35 views

CVE-2025-20693

The CVE-2025-20693 issue affects the wlan STA driver, with an out-of-bounds read caused by an incorrect bounds check. This vulnerability could allow remote information disclosure from proximal access without extra privileges or user interaction. The impact is described as high confidentiality ris...

6.5CVSS6.2AI score0.00124EPSS
CVE
CVE
added 2026/01/06 1:47 a.m.35 views

CVE-2025-20787

CVE-2025-20787 describes a memory corruption through a use-after-free in the display path, potentially allowing local privilege escalation if an attacker already has System privileges. Exploitation reportedly does not require user interaction. The issue is associated with a patch ID ALPS10149879 ...

6.7CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2025/09/04 4:51 a.m.35 views

CVE-2025-36893

CVE-2025-36893 describes a local information-disclosure vulnerability due to uninitialized data in ReadTachyonCommands within gxp_main_actor.cc. The issue can leak information with no additional execution privileges and no user interaction required. Affected component: the gxp main actor’s ReadTa...

5.5CVSS5.1AI score0.00074EPSS
CVE
CVE
added 2025/09/04 4:55 a.m.35 views

CVE-2025-36897

CVE-2025-36897 involves an out-of-bounds write in cd_CnMsgCodecUserApi.cpp due to a missing bounds check, enabling remote code execution without extra privileges and without user interaction. Public sources (Pixel bulletin) classify the issue as RCE with High severity and note a 2025-09-05 patch ...

9.8CVSS7.3AI score0.00271EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.35 views

CVE-2025-48528

CVE-2025-48528 describes a tapjacking/overlay vulnerability that could allow overlaying biometrics to achieve local privilege escalation with no user interaction. The Android Security Bulletin lists CVE-2025-48528 as a Framework issue with High severity and notes updated AOSP versions 15 and 16, ...

4CVSS6.4AI score0.00086EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.35 views

CVE-2025-48553

CVE-2025-48553 impacts Android’s DevicePolicyManagerService.java, where a logic error in handlePackagesChanged can cause a denial-of-service on a device admin, enabling local privilege escalation without extra execution privileges or user interaction. The issue is documented across multiple sourc...

7.8CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.35 views

CVE-2026-0025

CVE-2026-0025 is a vulnerability in Android’s Notification.java hasImage path where a permissions bypass can leak information across users, enabling local privilege escalation with no extra execution privileges and no user interaction. Exploitation is local and no exploit details are provided in ...

8.4CVSS6.1AI score0.00102EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0048

Technical details for CVE-2026-0048 are not publicly provided in the supplied documents. The description notes a tapjacking/overlay issue with local privilege escalation, but no concrete affected products, versions, or fixes are disclosed. Monitor for updates.

6.8CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2026/06/16 6:51 p.m.35 views

CVE-2026-0162

Technical details for CVE-2026-0162 are not publicly provided in the connected documents. The available descriptions only indicate a memory corruption in AudioSdpParser.cpp potentially enabling remote code execution. Monitor for updates and additional technical disclosures.

8.8CVSS6.4AI score0.00231EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.34 views

CVE-2018-9574

CVE-2018-9574 affects Android 9 via an out-of-bounds write in impd_parse_split_drc_characteristic (impd_drc_static_payload.c), caused by missing bounds checks. This could lead to remote code execution with user interaction required; no exploitation details are provided in the connected documents ...

9.3CVSS8.5AI score0.00863EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.34 views

CVE-2023-38437

CVE-2023-38437 affects the vowifiservice component. The connected documents describe a missing permission check in vowifiservice that could cause local information disclosure without requiring additional execution privileges. The impact is stated as local information disclosure and the attack vec...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.34 views

CVE-2023-38439

CVE-2023-38439 concerns a vulnerability in vowifiservice characterized by a possible missing permission check, which could enable local information disclosure without requiring additional execution privileges. The connected documents consistently reference vowifiservice as the affected component ...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.34 views

CVE-2023-38440

CVE-2023-38440 concerns a missing permission check in vowifiservice, enabling local information disclosure with no extra privileges. The observed impact is local disclosure; CVSS indicates local attack vector, low privileges required, low attack complexity, with high confidentiality impact. Publi...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.34 views

CVE-2023-38453

Technical details about CVE-2023-38453 are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.34 views

CVE-2023-38457

CVE-2023-38457 affects vowifiservice. The vulnerability is caused by a missing permission check in vowifiservice, allowing local denial of service with no extra execution privileges. CVSS metrics indicate local attack vector, low attack complexity, and low privileges required, with availability i...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42673

CVE-2023-42673 concerns the imsservice component, where a missing permission check enables an app to potentially write permission usage records, causing local information disclosure with no extra execution privileges. The vulnerability is described across multiple feeds (NVD/Red Hat/CVE records) ...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42687

CVE-2023-42687 : The wifi service contains a missing permission check that could enable local escalation of privilege with no additional execution privileges required. The available data from the CVE entry indicates a local exploit path with a high impact (Confidentiality/Integrity/Availability H...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42696

CVE-2023-42696 involves a missing permission check in the telecom service, enabling local escalation of privilege with no extra execution privileges required. The vulnerability is reported with a LOCAL attack vector and LOW privileges required, yielding a high impact on confidentiality, integrity...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42704

CVE-2023-42704 affects imsservice in certain UNISOC-based environments. The root cause is a missing permission check that can allow an app to write permission usage records, enabling local information disclosure without requiring additional execution privileges. Reported impact aligns with NVD CV...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42708

CVE-2023-42708 affects the firewall service, where a missing permission check could allow writing an app’s permission usage records, leading to local information disclosure without extra execution privileges. The issue is documented across multiple sources (NVD/Red Hat/PRion/CVE lists) and is ass...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42712

Consolidated data for CVE-2023-42712 from multiple sources confirms a vulnerability in the firewall service of UNISOC chipsets. The root cause is a missing permission check that could allow an app to write permission usage records, enabling local information disclosure without requiring additiona...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42713

CVE-2023-42713 affects UNISOC chipsets’ firewall service, where a missing permission check enables an app to write permission usage records. Root cause: inadequate authorization on the firewall service, allowing local information disclosure without extra execution privileges. Impact: local inform...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42714

CVE-2023-42714 affects the firewall service and is discussed across multiple sources (NVD, Red Hat, CVE List, CNNVD). The root issue is a missing permission check that enables writing permission usage records for an app, leading to potential local information disclosure with no extra execution pr...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42725

CVE-2023-42725 concerns the GPU driver with a missing bounds check that enables an out-of-bounds read and local denial of service with System execution privileges. This aligns across multiple sources (NVD, Red Hat, CVE lists) describing the same issue in the GPU driver; exploitation status is not...

4.4CVSS4.6AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42728

CVE-2023-42728 affects the phasecheckserver component, where a missing bounds check can lead to an out-of-bounds read and local denial of service. Multiple sources (NVD, Red Hat, PRION, CVE lists, and vendor pages) corroborate the issue and the local-privilege aspect, with no public exploitation ...

5.5CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.34 views

CVE-2023-42748

CVE-2023-42748 refers to a missing permission check in the telecom service that can enable local privilege escalation without additional execution privileges. The vulnerability is characterized by local access (attack vector LOCAL), low privilege required, and no user interaction, with high confi...

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.34 views

CVE-2023-48346

CVE-2023-48346 affects the video decoder component in UNISOC chipsets. The root cause is improper input validation, which could allow local denial of service without additional execution privileges. The available documents describe the impact as local and do not specify exploit details or a fixed...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2026/01/06 1:47 a.m.34 views

CVE-2025-20803

CVE-2025-20803 affects the dpe component. The issue is a memory corruption caused by an integer overflow that could allow local escalation of privilege when the attacker already has System privileges; exploitation requires user interaction. A patch is identified as ALPS10199779 (MSV-4504). Public...

6.7CVSS6.5AI score0.00079EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.34 views

CVE-2025-32326

CVE-2025-32326 describes a local elevation of privilege in Android via a confused deputy in AppRestrictionsFragment.java, enabling bypass of the intent security check. Impact is local with user interaction required; no additional execution privileges needed. Root cause: insecure bypass in multipl...

7.8CVSS6.4AI score0.00082EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.34 views

CVE-2025-32330

CVE-2025-32330 : The issue is in generateRandomPassword of LocalBluetoothLeBroadcast.java, where an insecure default value can allow a nearby attacker to intercept the Auracast audio stream, causing remote information disclosure without extra privileges or user interaction. The connected document...

5.7CVSS5.6AI score0.0012EPSS
CVE
CVE
added 2025/09/04 4:51 a.m.34 views

CVE-2025-36895

CVE-2025-36895 is an information-disclosure vulnerability documented in the Pixel security bulletin, affecting the WLAN subcomponent. The Android bulletin lists it under Pixel with type ID, High severity, and affected as WLAN. The CVSSv3.1 vector indicates a Network attack vector, with Low attack...

7.5CVSS6.3AI score0.00166EPSS
CVE
CVE
added 2025/09/04 4:56 a.m.34 views

CVE-2025-36899

CVE-2025-36899 affects Google Pixel devices, with a local elevation-of-privilege (EoP) flaw in the Secure Element component. It stems from test/debugging code left in a production build, allowing privilege escalation without additional execution privileges or user interaction (per the CVE entry a...

8.4CVSS6.8AI score0.00086EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.34 views

CVE-2025-48529

The CVE-2025-48529 issue affects VoicemailNotificationSettingsUtil.java, specifically the setRingtoneUri function, causing a cross-user data leak (confused deputy) that can disclose local information without extra privileges. Exploitation requires no user interaction and is local. The connected d...

5.5CVSS5AI score0.0008EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.34 views

CVE-2025-48546

CVE-2025-48546 affects SafeActivityOptions.java. The issue arises during checkPermissions, enabling a possible background activity launch due to a logic error. This can lead to local escalation of privilege with no additional execution privileges required, and no user interaction needed for explo...

7.8CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.34 views

CVE-2025-48550

CVE-2025-48550 is a path traversal vulnerability in testGrantSlicePermission of SliceManagerTest.java that could cause a permanent Denial of Service locally, without user interaction. Exploitation is local and requires no additional privileges. The connected documents confirm the issue but do not...

5.5CVSS5.6AI score0.00094EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.34 views

CVE-2025-48559

CVE-2025-48559 affects Google Android’s AppOpsService.java. The vulnerability arises from improper input validation in multiple internal functions, enabling an attacker to add a large number of app ops. This can cause a local denial of service with no extra privileges and without user interaction...

5.5CVSS5.6AI score0.00085EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.34 views

CVE-2026-0098

Technical details (affected products, versions, exploit specifics, or mitigations) are not publicly available in the provided documents. Monitor for updates and rely on official advisories when they are published.

7.8CVSS5.9AI score0.00068EPSS
CVE
CVE
added 2026/02/05 8:19 p.m.34 views

CVE-2026-0106

The CVE-2026-0106 issue affects the VPU driver, specifically the vpu_mmap function in vpu_ioctl, where a missing bounds check can allow arbitrary address mappings. This enables local privilege escalation with no extra execution privileges and does not require user interaction. Multiple sources (N...

9.3CVSS5.7AI score0.00112EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.33 views

CVE-2023-33918

The CVE-2023-33918 entry concerns vowifiservice with a missing permission check that can lead to local information disclosure without requiring additional execution privileges. Affected component: vowifiservice; vulnerability type: information disclosure due to inadequate authorization. Impact de...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.33 views

CVE-2023-38466

The CVE-2023-38466 entry describes a vulnerability in the ims service of UNISOC chipsets where a missing permission check could allow local information disclosure without requiring additional privileges. The issue is documented across multiple feeds (NVD/Red Hat/CVE/CNNVD) with the same core desc...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42676

CVE-2023-42676 affects the imsservice in UNISOC chipsets, where a missing permission check enables local information disclosure by writing permission usage records. The vulnerability is described with LOCAL attack vector, low privileges required, and high confidentiality impact (CVSS v3.1: 5.5, M...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42683

CVE-2023-42683 affects the gsp driver in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds read. The consequence stated in sources is local denial of service with SYSTEM-level privileges required. Connected documents corroborate the issue in the gsp driver across mul...

4.4CVSS4.6AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42694

CVE-2023-42694 concerns the wifi service on UNISOC chipsets, with a reported missing permission check in the wifi service. The cited impact is local escalation of privilege requiring no additional execution privileges, and the CVSSv3.1 base metrics indicate a HIGH severity (AV:L/AC:L/PR:L/UI:N/S:...

7.8CVSS7.8AI score0.00097EPSS
Total number of security vulnerabilities8153