Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42701

CVE-2023-42701 affects UNISOC firewall service in UNISOC chipsets. The root cause is a missing permission check that can allow an attacker to write permission usage records for an app, resulting in local information disclosure without requiring additional execution privileges. The NVD entry lists...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42711

The CVE-2023-42711 entry concerns a vulnerability in the firewall service where a missing permission check allows an app to write permission usage records, causing local information disclosure with no extra execution privileges required. Affected component: firewall service (general description a...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42719

CVE-2023-42719 affects a component described as a video service, where an incorrect bounds check can cause an out-of-bounds read leading to local denial of service. The primary sources consistently state the issue as a local condition with no explicit remote vector or exploitation details provide...

5.5CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42732

Technical details about CVE-2023-42732 are not publicly available in the provided connected documents; monitor for updates from vendors and security advisories.

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.33 views

CVE-2023-42744

CVE-2023-42744 concerns a missing permission check in a telecom service, enabling local denial of service without additional privileges. From NVD, the CVSSv3.1 base score is 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Exploitation details are not provided in the supplied documents, and no explicit...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.33 views

CVE-2025-0076

Google Android CVE-2025-0076 describes an information-disclosure flaw where a missing permission check could allow viewing icons belonging to another user. Exploitation requires local access with no user interaction, aligning with the CVSS local access and low impact (C:L, I:N, A:N). Connected so...

3.3CVSS4.9AI score0.00078EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.33 views

CVE-2025-32323

CVE-2025-32323: In Shared.java getCallingAppName, input validation allows deceptive permission-popup text to trick users into granting file access. This enables local elevation of privilege, with no additional execution privileges and no user interaction required. Affected: Android framework code...

7.8CVSS6.3AI score0.00088EPSS
CVE
CVE
added 2025/09/04 5:0 a.m.33 views

CVE-2025-36909

CVE-2025-36909 is an information-disclosure vulnerability affecting WLAN in Google Pixel devices as described in the Pixel update bulletin. According to NVD and cross‑references, this issue is classified as Information disclosure with a CVSS 3.1 base score of 5.3 (Medium). The entry indicates an ...

5.3CVSS6.3AI score0.00132EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.33 views

CVE-2025-48526

The CVE-2025-48526 affects ChooserActivity.java in Android’s Chooser component, where createMultiProfilePagerAdapter allows launching into another user profile due to improper input validation. The risk is local elevation of privilege with no required user interaction, and exploitation is local (...

4CVSS6.3AI score0.00086EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.33 views

CVE-2025-48537

CVE-2025-48537 affects Google Android and is described as a locally exploitable DoS due to improper input validation in multiple locations, which can also lead to local information disclosure without additional privileges or user interaction. Android security bulletins associate this and related ...

7.1CVSS5.2AI score0.00086EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.33 views

CVE-2025-48551

CVE-2025-48551 involves an information-disclosure flaw in Android where an image can leak across the User isolation boundary due to a confused deputy. The vulnerability is local (AV:L/AC:L/PR:L/UI:R), requires user interaction, and could expose confidential data (C:H/I:N/A:N) without executing co...

5CVSS5.1AI score0.00074EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.33 views

CVE-2025-48554

CVE-2025-48554 affects Google Android (DevicePolicyManagerService.java). A logic error in handlePackagesChanged can cause a persistent DoS, with local impact and user interaction required for exploitation. No PoC details are provided in the documents. Remediation: apply the Android security patch...

6.1CVSS5.6AI score0.00079EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.33 views

CVE-2025-48630

CVE-2025-48630 describes an information-disclosure vulnerability in Skia’s drawLayersInternal (SkiaRenderEngine.cpp) that could grant a local attacker access to GPU cache data, enabling local escalation of privilege with no extra privileges or user interaction required. Public documents consisten...

7.4CVSS6.1AI score0.00091EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.33 views

CVE-2025-48631

CVE-2025-48631 affects Google Android (LocalImageResolver.java: onHeaderDecoded). The issue is a DoS caused by resource exhaustion, enabling remote denial of service with network access and no user interaction. Connected advisories confirm updates in Android and Samsung devices as fixes; patch le...

6.5CVSS6.3AI score0.00483EPSS
CVE
CVE
added 2026/05/04 6:0 p.m.33 views

CVE-2026-0073

CVE-2026-0073 affects Android devices via adbd_tls_verify_cert in auth.cpp, where a logic error could bypass wireless ADB mutual authentication. This could allow remote code execution as the shell user with no extra privileges, requiring no user interaction. Mitigation is to apply the 2026-05-01 ...

8.8CVSS6.2AI score0.00541EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.33 views

CVE-2026-0079

Technical details about CVE-2026-0079 are not publicly available in the provided documents. Monitor for updates.

5.5CVSS6AI score0.00071EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.33 views

CVE-2026-0080

Technical details are not publicly available in the provided documents; no affected products, versions, vectors, or mitigations are specified. Monitor for updates.

6.5CVSS6AI score0.00265EPSS
CVE
CVE
added 2026/06/18 6:29 a.m.33 views

CVE-2026-28573

CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...

10CVSS5.6AI score0.00138EPSS
CVE
CVE
added 2023/08/07 1:54 a.m.32 views

CVE-2022-47350

CVE-2022-47350 concerns a weakness in the UNISOC camera driver (chipsets) where a missing bounds check allows an out-of-bounds read. The effect described across sources is local denial of service with system-level privileges required for exploitation. The vulnerability is tied to the camera drive...

4.4CVSS4.6AI score0.00086EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.32 views

CVE-2023-33879

CVE-2023-33879 concerns a missing permission check in the music service leading to local information disclosure. Connected sources corroborate this as a privilege-check omission rather than remote execution. The CVE is associated with UNISOC chipsets (e.g., SC9863A, SC9832E, SC7731E, and others l...

3.3CVSS3.8AI score0.00088EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.32 views

CVE-2023-33918

The CVE-2023-33918 entry concerns vowifiservice with a missing permission check that can lead to local information disclosure without requiring additional execution privileges. Affected component: vowifiservice; vulnerability type: information disclosure due to inadequate authorization. Impact de...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.32 views

CVE-2023-38441

CVE-2023-38441 affects vowifiservice. The root cause is a missing permission check, which could allow local information disclosure without requiring additional privileges. The issue is characterized by LOCAL attack vector, LOW exploit complexity, and MEDIUM base score (C: HIGH confidentiality imp...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.32 views

CVE-2023-38451

The CVE-2023-38451 entry describes a vulnerability in vowifiservice caused by a missing permission check, enabling local privilege escalation with no additional execution privileges. Reported impact includes high confidentiality/integrity/availability concerns and a CVSS v3.1 base score of 7.8 (L...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42700

CVE-2023-42700 affects the firewall service on Unisoc chipsets, where a missing permission check allows an app to write permission usage records, leading to local information disclosure. The NVD report assigns CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (base score 5.5). Exploitation status is...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42717

CVE-2023-42717 affects the telephony service where a missing permission check could allow remote information disclosure without additional privileges. The CVSS data indicates network attack vector, low complexity, no user interaction, with a high confidentiality impact (C:H, I:N, A:N) and unchang...

7.5CVSS7.2AI score0.00445EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42721

The CVE-2023-42721 entry concerns the flv extractor component, where missing input validation is the reported root cause. This vulnerability could allow local denial of service without requiring user interaction or additional privileges, as described in multiple connected records (notably the Red...

5.5CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42729

CVE-2023-42729 affects the ril service (noted in multiple feeds, including NVD and downstream advisories). The vulnerability is caused by a missing bounds check, leading to an out-of-bounds write. This could enable a local denial of service and may allow system execution privileges to be leverage...

4.4CVSS4.8AI score0.00102EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42738

CVE-2023-42738 involves the telocom service with a missing permission check that could allow local escalation of privilege. The NVD/Red Hat/PT-Security records describe a local-privilege escalation without requiring additional execution privileges. No concrete patch/version details are provided i...

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42743

CVE-2023-42743 involves a missing permission check in a telecom service, enabling local privilege escalation with no additional execution privileges needed. The connected sources indicate UNISOC chipsets are implicated, tying the issue to telecom functionality on those platforms. Documented impac...

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.32 views

CVE-2023-42746

CVE-2023-42746 is described as a local privilege-escalation due to a missing permission check in the power manager. The NVD entry notes local attack vector with low privileges required and no user interaction, and a high impact on confidentiality, integrity, and availability (CVSS 3.1 base score ...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.32 views

CVE-2025-32325

CVE-2025-32325 is a local elevation-of-privilege vulnerability in Android’s Parcel.cpp: in appendFrom, a heap-based out-of-bounds write could occur, enabling local privilege escalation without extra execution privileges or user interaction. Multiple connected sources (NVD/NCSC/CNVD/CVELIST, OSV) ...

7.8CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.32 views

CVE-2025-32349

CVE-2025-32349 is a local elevation-of-privilege issue in Google Android, arising from a tapjacking/overlay scenario. The vulnerability allows local escalation without additional execution privileges and requires no user interaction. Public references indicate it affects Android platform componen...

7.8CVSS6.4AI score0.00089EPSS
CVE
CVE
added 2025/09/04 4:59 a.m.32 views

CVE-2025-36907

CVE-2025-36907 affects the Android Pixel stack: a heap buffer overflow in the draw_surface_image() function of abl/android/lib/draw/draw.c allows an out-of-bounds write. This can lead to local elevation of privilege via USB fastboot after a bootloader unlock, with no additional execution privileg...

7.3CVSS6.7AI score0.0008EPSS
CVE
CVE
added 2025/12/11 7:35 p.m.32 views

CVE-2025-36917

CVE-2025-36917 : DoS due to an incorrect bounds check in SwDcpItg of up_L2commonPdcpSecurity.cpp. Exploitation can be remote (Network) with no user interaction; impact is availability (High). Connected sources (Red Hat, NVD, CVE List, OSV) confirm the same description. No remediation details are ...

6.5CVSS6.3AI score0.00275EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.32 views

CVE-2025-48552

CVE-2025-48552 affects DevicePolicyManagerService.java, specifically the saveGlobalProxyLocked function. A logic error can cause desync from persistence, enabling local privilege escalation without extra execution privileges or user interaction. The vulnerability is described consistently across ...

7.8CVSS6.3AI score0.00096EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.32 views

CVE-2025-48563

CVE-2025-48563 covers an elevation-of-privilege flaw in Android caused by an insecure default value in onNullBinding of RemoteFillService.java. The issue can trigger a background activity launch without extra privileges or user interaction, enabling local privilege escalation. Public references c...

7.8CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.32 views

CVE-2025-48567

CVE-2025-48567 involves a bypass of a file path filter intended to restrict access to sensitive directories, caused by incorrect Unicode normalization. This can enable local escalation of privilege; exploitation requires user interaction. The CVE is referenced across multiple sources (NVD, Red Ha...

7.8CVSS6.1AI score0.0011EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.32 views

CVE-2026-0052

Technical details (affected product/component/version, root cause, exploit status) are not provided in the connected documents. Monitor for updates from sources linked to CVE-2026-0052.

6.5CVSS6AI score0.00253EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.32 views

CVE-2026-0086

CVE-2026-0086 affects the Android component DisableSupervisionActivity.kt, where in onCreate a missing null check can permit deletion of supervision data. This enables local escalation of privilege without extra execution privileges and without user interaction. CVSSv3.1 vector (L, L, N, U) yield...

6.8CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.32 views

CVE-2026-28577

CVE-2026-28577 corresponds to a tapjacking/overlay flaw in Android’s WindowManagerService.addWindow. The issue could permit local elevation of privilege with no extra execution privileges and without user action. CVSS 3.1 base metrics indicate Local, Low attack complexity and Low privileges requi...

7.8CVSS5.9AI score0.00067EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.31 views

CVE-2022-48464

CVE-2022-48464 concerns UNISOC chipsets with a vulnerability in the wifi service: an out-of-bounds write caused by a missing bounds check, enabling local denial of service with no extra privileges. Exploitation details, affected versions, and concrete fixes are not specified in the provided docum...

5.5CVSS5.5AI score0.00099EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.31 views

CVE-2023-30930

CVE-2023-30930 concerns a missing permission check in the telephony service, enabling local information disclosure without extra privileges. Multiple sources (NVD description and Red Hat/CVE pages) describe the impact as local information disclosure with no execution privileges required. Connecte...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.31 views

CVE-2023-42707

Summary of CVE-2023-42707 : A vulnerability in the firewall service of UNISOC chipsets (as described in multiple sources) arises from a missing permission check that can allow a local attacker to write records of an app’s permission usage, causing local information disclosure without extra execut...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.31 views

CVE-2023-42718

CVE-2023-42718 concerns the dialer module, where a missing permission check can allow an app to write permission usage records. The exposed root cause is inadequate access control in the dialer’s permission handling, enabling local information disclosure without additional execution privileges. T...

5.5CVSS5.2AI score0.00101EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.31 views

CVE-2023-42742

CVE-2023-42742 affects the sysui component (UNISOC chipsets). The root cause is a missing permission check, enabling a local denial‑of‑service with no additional execution privileges required. The documented impact is local DoS with high availability impact; exploitation status is not provided in...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.31 views

CVE-2023-42745

Technical details (affected product/component/versions/root cause) are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.31 views

CVE-2025-26434

CVE-2025-26434 involves libxml2 with a vulnerability described as an out-of-bounds read caused by a buffer overflow. The impact is local information disclosure without requiring privileges or user interaction, as stated in the public descriptions. Connected documents corroborate the root cause as...

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2025/09/04 6:33 p.m.31 views

CVE-2025-32331

CVE-2025-32331 involves a logic error in showDismissibleKeyguard within KeyguardService.java that could allow bypassing app pinning, enabling local escalation of privilege without user interaction. The connected sources consistently describe a local-privilege-elevation scenario tied to KeyguardSe...

7.8CVSS6.3AI score0.00093EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.31 views

CVE-2025-32346

CVE-2025-32346 pertains to VoicemailSettingsActivity.java in Android, where a confused deputy allows disclosure of work profile contact numbers, enabling local escalation of privilege with no additional privileges and no user interaction required. The connected documents reiterate the same root c...

7.8CVSS6.3AI score0.00077EPSS
CVE
CVE
added 2025/09/04 4:58 a.m.31 views

CVE-2025-36905

CVE-2025-36905 describes a vulnerability in gxp_mapping_create within gxp_mapping.c, caused by a logic error that enables local privilege escalation with no additional privileges or user interaction required. Exploitation details are not provided in the connected documents. The Pixel bulletin ent...

7.8CVSS6.3AI score0.00082EPSS
Total number of security vulnerabilities8153