Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/09/13 7:14 p.m.143 views

CVE-2022-20393

CVE-2022-20393 = Integer overflow in extract3GPPGlobalDescriptions (TextDescriptions.cpp) can trigger an out-of-bounds read, leading to local information disclosure from the media server. Affected: Android 11, Android 12, Android 12L. Root cause and impact are stated in multiple trusted sources; ...

5.5CVSS5AI score0.00097EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.143 views

CVE-2022-20445

CVE-2022-20445 affects Google Android (Android 10–13 per sources) and is tied to an out-of-bounds read in process_service_search_rsp within sdp_discovery.cc caused by improper input validation. Impact is information disclosure without additional execution privileges and no user interaction requir...

7.5CVSS7AI score0.00436EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.143 views

CVE-2022-20470

CVE-2022-20470 affects Android where bindRemoteViewsService in AppWidgetServiceImpl.java can bypass background activity launch due to improper input validation, enabling local elevation of privilege without extra privileges. Affected: Android 10–13 (per README). Connected documents corroborate th...

7.8CVSS7.7AI score0.00182EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.143 views

CVE-2022-20476

CVE-2022-20476 describes a vulnerability in Android where, in PackageManager.setEnabledSetting, a path could cause the device to enter an infinite reboot loop due to resource exhaustion. This leads to local denial of service with no additional privileges required. Affected are Android 10, 11, 12,...

5.5CVSS5.3AI score0.00157EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.143 views

CVE-2022-20493

CVE-2022-20493 affects Android 10–13 (Android-10 to Android-13) via Condition.java, where improper input validation could grant notification access and cause local elevation of privilege. Exploitation requires user interaction; no additional execution privileges are needed. Patch references point...

7.8CVSS7.7AI score0.00218EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.143 views

CVE-2023-20953

CVE-2023-20953 affects Android 13, targeting ClipboardListener.java via onPrimaryClipChanged. The issue may bypass factory‑reset protection, enabling local elevation of privilege with no extra execution privileges; exploitation requires user interaction. No public patch/version details are provid...

7.8CVSS7.7AI score0.00122EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.143 views

CVE-2023-21057

CVE-2023-21057 affects the Android kernel component RohcPacketCommon, specifically the function path in ProfSixDecomTcpSACKoption. The issue is an out-of-bounds write caused by a missing bounds check, which could allow remote code execution without any privileges or user interaction. The vulnerab...

9.8CVSS9.2AI score0.00489EPSS
CVE
CVE
added 2023/08/14 8:57 p.m.143 views

CVE-2023-21132

The CVE-2023-21132 issue originates in Android’s ManagePermissionsActivity.java onCreate, enabling local escalation of privilege when an attacker with physical device access can bypass factory reset protections due to a missing permission check. Affected component is the Android OS userland code ...

6.8CVSS6.7AI score0.00125EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.143 views

CVE-2023-21135

CVE-2023-21135 affects Google Android: the issue occurs in the onCreate path of NotificationAccessSettings.java, where improper input validation can cause a failure to persist notification settings. The underlying problem is an input validation defect in the code path that manages notification ac...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.143 views

CVE-2023-35670

Android CVE-2023-35670 arises from a path traversal flaw in FileUtils.java (computeValuesFromData) that can allow inserting files into other apps’ external private directories. This enables local elevation of privilege without additional execution privileges or user interaction, as described in t...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.143 views

CVE-2023-35680

Technical details about CVE-2023-35680 are not publicly disclosed in the provided documents. Monitor for updates from the cited sources (Android security bulletin, NVD/CVE entries) for affected components, versions, and fixes.

5.5CVSS5.1AI score0.00111EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.143 views

CVE-2024-0049

CVE-2024-0049 is an Android framework elevation-of-privilege issue caused by an out-of-bounds heap buffer write. The NVD entry cites local EoP with no extra privileges or user interaction required. Android’s March 2024 security bulletin documents this CVE under the Framework cluster with fixes in...

7.8CVSS7.3AI score0.00222EPSS
CVE
CVE
added 2019/09/05 9:34 p.m.142 views

CVE-2019-2175

CVE-2019-2175 affects Android 9; in SliceManagerService.java, checkAccess has an incorrect argument order that can bypass permissions and enable local privilege escalation with user interaction required. Affected component is the Android Framework (SliceManagerService) on Android 9. The issue is ...

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.142 views

CVE-2021-0315

CVE-2021-0315 is an Android elevation-of-privilege issue described as a tapjacking/overlay-based flaw in GrantCredentialsPermissionActivity.java. Affected products/versions include Android 8.0, 8.1, 9, 10, and 11. The root cause is user interaction via a deceptive overlay, enabling local privileg...

7.3CVSS7.2AI score0.00282EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.142 views

CVE-2021-0516

CVE-2021-0516 affects Android (versions 8.1, 9, 10 and 11) and is caused by a use-after-free in p2p_pd.c (p2p_process_prov_disc_req) leading to an out-of-bounds read/write. The vulnerability can enable remote elevation of privilege with no additional execution privileges and without user interact...

9.8CVSS9AI score0.01556EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.142 views

CVE-2021-0519

CVE-2021-0519 is a Android Media Framework vulnerability disclosed in the August 2021 Android bulletin. The issue is described as an Escalation of Privilege and Information Disclosure in the Media Framework (Media Codecs) that could allow a local attacker to bypass OS protections with no user int...

7.8CVSS7.1AI score0.00241EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.142 views

CVE-2021-0640

CVE-2021-0640 affects Android devices; in the StatsdStats.cpp file, the function noteAtomLogged contains a missing bounds check leading to an out-of-bounds write. This could allow local elevation of privilege without user interaction. Affected products/versions: Android 10, Android 11, Android 9....

7.8CVSS7.7AI score0.00217EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.142 views

CVE-2021-0643

CVE-2021-0643 describes an information disclosure vulnerability in Android where getAllSubInfoList in SubscriptionController.java could allow retrieval of a long-term identifier without proper permission checks. Affected products are Android 10–12. The issue is described across multiple sources (...

5.5CVSS5.2AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.142 views

CVE-2021-0931

CVE-2021-0931 – Android BluetoothDevice.getAlias information disclosure . The issue is reported in BluetoothDevice.java: missing data filtering can cause misleading permission dialogs, enabling local information disclosure with user interaction required. Affected products/versions include Android...

5.5CVSS5AI score0.0014EPSS
CVE
CVE
added 2022/07/06 1:4 p.m.142 views

CVE-2022-20082

CVE-2022-20082 : In MediaTek GPU software, a race condition can cause a use-after-free, enabling local elevation of privilege with no extra execution privileges or user interaction required. Multiple connected sources (including NVD and RH Red Hat advisories) confirm the issue as a GPU component ...

7CVSS7AI score0.00083EPSS
CVE
CVE
added 2022/05/03 7:55 p.m.142 views

CVE-2022-20084

The CVE-2022-20084 entry affects MediaTek telephony, where a missing permission check could allow local privilege escalation to disable emergency broadcast reception. The issue is documented with a patch reference (ALPS06498874/ALPS06498874) and is associated with MediaTek’s devices, containing n...

7.8CVSS7.6AI score0.00098EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.142 views

CVE-2022-20351

The CVE-2022-20351 issue affects Android via the CallLogProvider.java queryInternal path, where SQL injection could grant local access to voicemail information and cause information disclosure without extra privileges or user interaction. Multiple connected sources confirm the vulnerability is in...

5.5CVSS5.5AI score0.00118EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.142 views

CVE-2022-20480

The CVE-2022-20480 issue affects Android’s NotificationChannel.java, where a risk of failing to persist permissions settings can occur due to resource exhaustion. This leads to local elevation of privilege without extra execution privileges required, and exploitation is user interaction–independe...

7.8CVSS7.6AI score0.00166EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.142 views

CVE-2022-20502

CVE-2022-20502 affects Android 13 where GetResolvedMethod in entrypoint_utils-inl.h can experience a use-after-free from a stale cache, causing local information disclosure without user interaction. The Android Security Bulletin lists this issue under Android Runtime with local information disclo...

5.5CVSS5.2AI score0.00157EPSS
CVE
CVE
added 2022/07/06 1:5 p.m.142 views

CVE-2022-21767

CVE-2022-21767 affects MediaTek Bluetooth on multiple chips. Root cause: out-of-bounds write due to missing boundary checks in Bluetooth, enabling local escalation of privilege with no user interaction. Patch ALPS06784430/ALPS06784430 issued; Android/Mart evidence references list Bluetooth as aff...

8.8CVSS8.4AI score0.00335EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.142 views

CVE-2023-20931

In CVE-2023-20931, the issue is an out-of-bounds write caused by a heap buffer overflow in avdt_scb_hdl_write_req (avdt_scb_act.cc) that could enable local privilege escalation on Android 11–13. The description confirms the vulnerability requires no user interaction and can be exploited locally w...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.142 views

CVE-2023-20952

The CVE-2023-20952 issue is in the A2DP_BuildCodecHeaderSbc function of a2dp_sbc.cc, where a missing bounds check allows an out-of-bounds write. This can cause local information disclosure without requiring exploits or user interaction. Affected products/versions are Android 11, 12, 12L, and 13; ...

5.5CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.142 views

CVE-2023-20955

CVE-2023-20955 affects Android 11–13 and is triggered in the app component AppInfoDashboardFragment.java, in onPrepareOptionsMenu, due to a missing permission check. This enables local privilege escalation to uninstall apps for all users without user interaction. Conditions described in the linke...

7.8CVSS7.7AI score0.00196EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.142 views

CVE-2023-20958

CVE-2023-20958 affects the Qt5 QtBase package (qt5-qtbase) used on Android 13. The issue arises in read_paint of ttcolr.c, where a heap buffer overflow can cause an out-of-bounds read, enabling local information disclosure without user interaction. The CVE is referenced in Android’s March 2023 bu...

7.1CVSS6.4AI score0.00144EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.142 views

CVE-2023-21097

CVE-2023-21097 describes a local elevation of privilege in Android caused by a bug in toUriInner within Intent.java, allowing an attacker to launch an arbitrary activity. The vulnerability is classified as high severity (CVSS v3.1: LOCAL, LOW PRIVILEGES, UI:N, C:H/I:H/A:H) and affects Android 11,...

7.8CVSS7.7AI score0.00199EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.142 views

CVE-2023-21136

CVE-2023-21136 affects Android (Android-11 to Android-13) with a vulnerability in JobStore.java. The issue arises from improper input validation in multiple functions, which can cause a crash on startup and lead to local denial of service without requiring additional privileges. The connected Nes...

5.5CVSS5.3AI score0.00107EPSS
CVE
CVE
added 2023/08/14 9:5 p.m.142 views

CVE-2023-21281

Summary (concrete details from connected docs): CVE-2023-21281 affects the Android Framework, specifically the KeyguardViewMediator.java logic, where a flaw can cause a failure to lock after screen timeout. This enables local elevation of privilege across users with no additional execution privil...

7.8CVSS7.7AI score0.00187EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.141 views

CVE-2016-6754

CVE-2016-6754: A remote code execution vulnerability in Android WebView affects WebView on Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-11-05). Exploitation could occur while a user navigates to a website, with the issue exploitable in an unprivileged process. Remediat...

8.8CVSS8.7AI score0.04587EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.141 views

CVE-2021-0642

CVE-2021-0642 affects Android where, in VoicemailSettingsFragment.onResume, an attacker could retrieve a trackable identifier without required permissions due to a missing permission check, leading to local information disclosure. Exploitation requires user interaction; no privileges or remote ac...

5.5CVSS5.1AI score0.00327EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.141 views

CVE-2021-0924

CVE-2021-0924 affects the Android kernel USB stack, specifically the xhci driver. In xhci_vendor_get_ops of xhci.c, a missing bounds check enables an out-of-bounds read. This could allow local escalation of privilege with no additional execution privileges required and without user interaction. P...

7.8CVSS7.5AI score0.00154EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.141 views

CVE-2021-0930

CVE-2021-0930 : An out-of-bounds write in phNxpNciHal_ext.cc (function phNxpNciHal_process_ext_rsp) with a missing bounds check allows remote code execution over NFC on Android, requiring no user interaction and no additional privileges. Affected: Android 9–12 (per the CVE description). The vulne...

8.8CVSS8.7AI score0.00529EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.141 views

CVE-2022-20125

Technical details about CVE-2022-20125 are not publicly available in the provided documents. Monitor for updates.

7.2CVSS6.7AI score0.00129EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.141 views

CVE-2022-20240

CVE-2022-20240 affects Android 12 and Android 12L via the function in AppOpsManager.java, specifically sOpAllowSystemRestrictionBypass. The issue is a leakage of location information caused by a missing permission check, enabling local elevation of privilege with System execution privileges requi...

2.3CVSS3.8AI score0.0011EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.141 views

CVE-2022-20447

CVE-2022-20447 affects Android 13 and is tied to the PAN_WriteBuf function in pan_api.cc, where a use-after-free can cause an out-of-bounds read. This leads to remote information disclosure over Bluetooth without user interaction. Public details in the provided documents identify the vulnerable c...

6.5CVSS6.1AI score0.00279EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.141 views

CVE-2023-20913

CVE-2023-20913 affects Android 10–13; a tapjacking/overlay issue in PhoneAccountSettingsActivity could enable local elevation of privilege by tricking the user into enabling a malicious phone account. The Android Security Bulletin lists this issue under the 2023-01-01 and 2023-01-05 patch levels;...

7.8CVSS7.6AI score0.00125EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.141 views

CVE-2023-20945

CVE-2023-20945 affects Android 10 and is due to an out-of-bounds write in phNciNfc_MfCreateXchgDataHdr within phNxpExtns_MifareStd.cpp, caused by a missing bounds check. This leads to local elevation of privilege with no extra execution privileges required and no user interaction. Remediation is ...

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2023/08/14 8:57 p.m.141 views

CVE-2023-21133

CVE-2023-21133 affects Android’s ManagePermissionsActivity.java. The onCreate path contains a missing permission check, which could bypass factory reset protections and enable local elevation of privilege with physical access and no extra execution privileges required. Exploitation details are no...

6.8CVSS6.7AI score0.00125EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.141 views

CVE-2023-21143

CVE-2023-21143 is a local DoS in Android 11–13 due to improper input validation across multiple functions/files. The issue can render a device unusable without extra privileges or user interaction. The Android Security Bulletin lists this CVE under the System/DoS category for Android 11–13 and no...

5.5CVSS5.3AI score0.00085EPSS
CVE
CVE
added 2020/04/17 6:21 p.m.140 views

CVE-2020-0075

CVE-2020-0075 affects the FPC Iris TZ App within Android (FPC component). Description: out-of-bounds read due to a missing bounds check in set_shared_key, enabling local information disclosure with System privileges required; no user interaction needed. Mode: Normal (concrete details provided). C...

4.4CVSS4.3AI score0.00145EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.140 views

CVE-2021-0311

CVE-2021-0311 is a real Android vulnerability describing an out-of-bounds write in ElementaryStreamQueue::dequeueAccessUnitH264() (ESQueue.cpp) that could lead to remote information disclosure. Affects Android 8.0–11; exploitation requires user interaction. The issue is categorized as ID in the A...

7.1CVSS6.2AI score0.01098EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.140 views

CVE-2021-0475

CVE-2021-0475 is documented across multiple sources as a remote code execution (RCE) vulnerability in the Android System component, impacting Android 10 and 11 with fixes delivered for patch levels 10 and 11. The NVD entry describes a use-after-free memory corruption in Bluetooth (btif_sock_l2cap...

8.8CVSS8.9AI score0.00976EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.140 views

CVE-2021-0593

Technical details about CVE-2021-0593 are not publicly provided in the connected documents. Available references confirm the issue and affected Android versions, but no specific exploit vectors, affected builds, or mitigations are included here. Monitor for updates.

7.8CVSS7.6AI score0.00118EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.140 views

CVE-2021-39631

CVE-2021-39631 affects Android (Android-10 to Android-12). The issue lies in clear_data_dlg_text in strings.xml, where the messaging around the lear storageunctionality can mislead about security/privacy, enabling local information disclosure. Exploitation is local, requires no user interaction...

5.5CVSS5.1AI score0.00111EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.140 views

CVE-2022-20081

CVE-2022-20081 affects the A-GPS component and is caused by improper certificate validation, enabling a remote attacker to perform a man-in-the-middle attack that could disclose information without user interaction. Multiple connected sources (RH, CNVD, NVD/NVD list, and related security bulletin...

5.9CVSS5.5AI score0.00529EPSS
CVE
CVE
added 2022/07/13 6:22 p.m.140 views

CVE-2022-20221

CVE-2022-20221 affects Android devices with a vulnerability in avrc_ctrl_pars_vendor_cmd (avrc_pars_ct.cc) where improper input validation can cause an out-of-bounds read, enabling remote information disclosure over Bluetooth without extra privileges. The issue resides in the Bluetooth AVRCP pars...

6.5CVSS6.1AI score0.00244EPSS
Total number of security vulnerabilities8153