8153 matches found
CVE-2022-20393
CVE-2022-20393 = Integer overflow in extract3GPPGlobalDescriptions (TextDescriptions.cpp) can trigger an out-of-bounds read, leading to local information disclosure from the media server. Affected: Android 11, Android 12, Android 12L. Root cause and impact are stated in multiple trusted sources; ...
CVE-2022-20445
CVE-2022-20445 affects Google Android (Android 10–13 per sources) and is tied to an out-of-bounds read in process_service_search_rsp within sdp_discovery.cc caused by improper input validation. Impact is information disclosure without additional execution privileges and no user interaction requir...
CVE-2022-20470
CVE-2022-20470 affects Android where bindRemoteViewsService in AppWidgetServiceImpl.java can bypass background activity launch due to improper input validation, enabling local elevation of privilege without extra privileges. Affected: Android 10–13 (per README). Connected documents corroborate th...
CVE-2022-20476
CVE-2022-20476 describes a vulnerability in Android where, in PackageManager.setEnabledSetting, a path could cause the device to enter an infinite reboot loop due to resource exhaustion. This leads to local denial of service with no additional privileges required. Affected are Android 10, 11, 12,...
CVE-2022-20493
CVE-2022-20493 affects Android 10–13 (Android-10 to Android-13) via Condition.java, where improper input validation could grant notification access and cause local elevation of privilege. Exploitation requires user interaction; no additional execution privileges are needed. Patch references point...
CVE-2023-20953
CVE-2023-20953 affects Android 13, targeting ClipboardListener.java via onPrimaryClipChanged. The issue may bypass factory‑reset protection, enabling local elevation of privilege with no extra execution privileges; exploitation requires user interaction. No public patch/version details are provid...
CVE-2023-21057
CVE-2023-21057 affects the Android kernel component RohcPacketCommon, specifically the function path in ProfSixDecomTcpSACKoption. The issue is an out-of-bounds write caused by a missing bounds check, which could allow remote code execution without any privileges or user interaction. The vulnerab...
CVE-2023-21132
The CVE-2023-21132 issue originates in Android’s ManagePermissionsActivity.java onCreate, enabling local escalation of privilege when an attacker with physical device access can bypass factory reset protections due to a missing permission check. Affected component is the Android OS userland code ...
CVE-2023-21135
CVE-2023-21135 affects Google Android: the issue occurs in the onCreate path of NotificationAccessSettings.java, where improper input validation can cause a failure to persist notification settings. The underlying problem is an input validation defect in the code path that manages notification ac...
CVE-2023-35670
Android CVE-2023-35670 arises from a path traversal flaw in FileUtils.java (computeValuesFromData) that can allow inserting files into other apps’ external private directories. This enables local elevation of privilege without additional execution privileges or user interaction, as described in t...
CVE-2023-35680
Technical details about CVE-2023-35680 are not publicly disclosed in the provided documents. Monitor for updates from the cited sources (Android security bulletin, NVD/CVE entries) for affected components, versions, and fixes.
CVE-2024-0049
CVE-2024-0049 is an Android framework elevation-of-privilege issue caused by an out-of-bounds heap buffer write. The NVD entry cites local EoP with no extra privileges or user interaction required. Android’s March 2024 security bulletin documents this CVE under the Framework cluster with fixes in...
CVE-2019-2175
CVE-2019-2175 affects Android 9; in SliceManagerService.java, checkAccess has an incorrect argument order that can bypass permissions and enable local privilege escalation with user interaction required. Affected component is the Android Framework (SliceManagerService) on Android 9. The issue is ...
CVE-2021-0315
CVE-2021-0315 is an Android elevation-of-privilege issue described as a tapjacking/overlay-based flaw in GrantCredentialsPermissionActivity.java. Affected products/versions include Android 8.0, 8.1, 9, 10, and 11. The root cause is user interaction via a deceptive overlay, enabling local privileg...
CVE-2021-0516
CVE-2021-0516 affects Android (versions 8.1, 9, 10 and 11) and is caused by a use-after-free in p2p_pd.c (p2p_process_prov_disc_req) leading to an out-of-bounds read/write. The vulnerability can enable remote elevation of privilege with no additional execution privileges and without user interact...
CVE-2021-0519
CVE-2021-0519 is a Android Media Framework vulnerability disclosed in the August 2021 Android bulletin. The issue is described as an Escalation of Privilege and Information Disclosure in the Media Framework (Media Codecs) that could allow a local attacker to bypass OS protections with no user int...
CVE-2021-0640
CVE-2021-0640 affects Android devices; in the StatsdStats.cpp file, the function noteAtomLogged contains a missing bounds check leading to an out-of-bounds write. This could allow local elevation of privilege without user interaction. Affected products/versions: Android 10, Android 11, Android 9....
CVE-2021-0643
CVE-2021-0643 describes an information disclosure vulnerability in Android where getAllSubInfoList in SubscriptionController.java could allow retrieval of a long-term identifier without proper permission checks. Affected products are Android 10–12. The issue is described across multiple sources (...
CVE-2021-0931
CVE-2021-0931 – Android BluetoothDevice.getAlias information disclosure . The issue is reported in BluetoothDevice.java: missing data filtering can cause misleading permission dialogs, enabling local information disclosure with user interaction required. Affected products/versions include Android...
CVE-2022-20082
CVE-2022-20082 : In MediaTek GPU software, a race condition can cause a use-after-free, enabling local elevation of privilege with no extra execution privileges or user interaction required. Multiple connected sources (including NVD and RH Red Hat advisories) confirm the issue as a GPU component ...
CVE-2022-20084
The CVE-2022-20084 entry affects MediaTek telephony, where a missing permission check could allow local privilege escalation to disable emergency broadcast reception. The issue is documented with a patch reference (ALPS06498874/ALPS06498874) and is associated with MediaTek’s devices, containing n...
CVE-2022-20351
The CVE-2022-20351 issue affects Android via the CallLogProvider.java queryInternal path, where SQL injection could grant local access to voicemail information and cause information disclosure without extra privileges or user interaction. Multiple connected sources confirm the vulnerability is in...
CVE-2022-20480
The CVE-2022-20480 issue affects Android’s NotificationChannel.java, where a risk of failing to persist permissions settings can occur due to resource exhaustion. This leads to local elevation of privilege without extra execution privileges required, and exploitation is user interaction–independe...
CVE-2022-20502
CVE-2022-20502 affects Android 13 where GetResolvedMethod in entrypoint_utils-inl.h can experience a use-after-free from a stale cache, causing local information disclosure without user interaction. The Android Security Bulletin lists this issue under Android Runtime with local information disclo...
CVE-2022-21767
CVE-2022-21767 affects MediaTek Bluetooth on multiple chips. Root cause: out-of-bounds write due to missing boundary checks in Bluetooth, enabling local escalation of privilege with no user interaction. Patch ALPS06784430/ALPS06784430 issued; Android/Mart evidence references list Bluetooth as aff...
CVE-2023-20931
In CVE-2023-20931, the issue is an out-of-bounds write caused by a heap buffer overflow in avdt_scb_hdl_write_req (avdt_scb_act.cc) that could enable local privilege escalation on Android 11–13. The description confirms the vulnerability requires no user interaction and can be exploited locally w...
CVE-2023-20952
The CVE-2023-20952 issue is in the A2DP_BuildCodecHeaderSbc function of a2dp_sbc.cc, where a missing bounds check allows an out-of-bounds write. This can cause local information disclosure without requiring exploits or user interaction. Affected products/versions are Android 11, 12, 12L, and 13; ...
CVE-2023-20955
CVE-2023-20955 affects Android 11–13 and is triggered in the app component AppInfoDashboardFragment.java, in onPrepareOptionsMenu, due to a missing permission check. This enables local privilege escalation to uninstall apps for all users without user interaction. Conditions described in the linke...
CVE-2023-20958
CVE-2023-20958 affects the Qt5 QtBase package (qt5-qtbase) used on Android 13. The issue arises in read_paint of ttcolr.c, where a heap buffer overflow can cause an out-of-bounds read, enabling local information disclosure without user interaction. The CVE is referenced in Android’s March 2023 bu...
CVE-2023-21097
CVE-2023-21097 describes a local elevation of privilege in Android caused by a bug in toUriInner within Intent.java, allowing an attacker to launch an arbitrary activity. The vulnerability is classified as high severity (CVSS v3.1: LOCAL, LOW PRIVILEGES, UI:N, C:H/I:H/A:H) and affects Android 11,...
CVE-2023-21136
CVE-2023-21136 affects Android (Android-11 to Android-13) with a vulnerability in JobStore.java. The issue arises from improper input validation in multiple functions, which can cause a crash on startup and lead to local denial of service without requiring additional privileges. The connected Nes...
CVE-2023-21281
Summary (concrete details from connected docs): CVE-2023-21281 affects the Android Framework, specifically the KeyguardViewMediator.java logic, where a flaw can cause a failure to lock after screen timeout. This enables local elevation of privilege across users with no additional execution privil...
CVE-2016-6754
CVE-2016-6754: A remote code execution vulnerability in Android WebView affects WebView on Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-11-05). Exploitation could occur while a user navigates to a website, with the issue exploitable in an unprivileged process. Remediat...
CVE-2021-0642
CVE-2021-0642 affects Android where, in VoicemailSettingsFragment.onResume, an attacker could retrieve a trackable identifier without required permissions due to a missing permission check, leading to local information disclosure. Exploitation requires user interaction; no privileges or remote ac...
CVE-2021-0924
CVE-2021-0924 affects the Android kernel USB stack, specifically the xhci driver. In xhci_vendor_get_ops of xhci.c, a missing bounds check enables an out-of-bounds read. This could allow local escalation of privilege with no additional execution privileges required and without user interaction. P...
CVE-2021-0930
CVE-2021-0930 : An out-of-bounds write in phNxpNciHal_ext.cc (function phNxpNciHal_process_ext_rsp) with a missing bounds check allows remote code execution over NFC on Android, requiring no user interaction and no additional privileges. Affected: Android 9–12 (per the CVE description). The vulne...
CVE-2022-20125
Technical details about CVE-2022-20125 are not publicly available in the provided documents. Monitor for updates.
CVE-2022-20240
CVE-2022-20240 affects Android 12 and Android 12L via the function in AppOpsManager.java, specifically sOpAllowSystemRestrictionBypass. The issue is a leakage of location information caused by a missing permission check, enabling local elevation of privilege with System execution privileges requi...
CVE-2022-20447
CVE-2022-20447 affects Android 13 and is tied to the PAN_WriteBuf function in pan_api.cc, where a use-after-free can cause an out-of-bounds read. This leads to remote information disclosure over Bluetooth without user interaction. Public details in the provided documents identify the vulnerable c...
CVE-2023-20913
CVE-2023-20913 affects Android 10–13; a tapjacking/overlay issue in PhoneAccountSettingsActivity could enable local elevation of privilege by tricking the user into enabling a malicious phone account. The Android Security Bulletin lists this issue under the 2023-01-01 and 2023-01-05 patch levels;...
CVE-2023-20945
CVE-2023-20945 affects Android 10 and is due to an out-of-bounds write in phNciNfc_MfCreateXchgDataHdr within phNxpExtns_MifareStd.cpp, caused by a missing bounds check. This leads to local elevation of privilege with no extra execution privileges required and no user interaction. Remediation is ...
CVE-2023-21133
CVE-2023-21133 affects Android’s ManagePermissionsActivity.java. The onCreate path contains a missing permission check, which could bypass factory reset protections and enable local elevation of privilege with physical access and no extra execution privileges required. Exploitation details are no...
CVE-2023-21143
CVE-2023-21143 is a local DoS in Android 11–13 due to improper input validation across multiple functions/files. The issue can render a device unusable without extra privileges or user interaction. The Android Security Bulletin lists this CVE under the System/DoS category for Android 11–13 and no...
CVE-2020-0075
CVE-2020-0075 affects the FPC Iris TZ App within Android (FPC component). Description: out-of-bounds read due to a missing bounds check in set_shared_key, enabling local information disclosure with System privileges required; no user interaction needed. Mode: Normal (concrete details provided). C...
CVE-2021-0311
CVE-2021-0311 is a real Android vulnerability describing an out-of-bounds write in ElementaryStreamQueue::dequeueAccessUnitH264() (ESQueue.cpp) that could lead to remote information disclosure. Affects Android 8.0–11; exploitation requires user interaction. The issue is categorized as ID in the A...
CVE-2021-0475
CVE-2021-0475 is documented across multiple sources as a remote code execution (RCE) vulnerability in the Android System component, impacting Android 10 and 11 with fixes delivered for patch levels 10 and 11. The NVD entry describes a use-after-free memory corruption in Bluetooth (btif_sock_l2cap...
CVE-2021-0593
Technical details about CVE-2021-0593 are not publicly provided in the connected documents. Available references confirm the issue and affected Android versions, but no specific exploit vectors, affected builds, or mitigations are included here. Monitor for updates.
CVE-2021-39631
CVE-2021-39631 affects Android (Android-10 to Android-12). The issue lies in clear_data_dlg_text in strings.xml, where the messaging around the lear storageunctionality can mislead about security/privacy, enabling local information disclosure. Exploitation is local, requires no user interaction...
CVE-2022-20081
CVE-2022-20081 affects the A-GPS component and is caused by improper certificate validation, enabling a remote attacker to perform a man-in-the-middle attack that could disclose information without user interaction. Multiple connected sources (RH, CNVD, NVD/NVD list, and related security bulletin...
CVE-2022-20221
CVE-2022-20221 affects Android devices with a vulnerability in avrc_ctrl_pars_vendor_cmd (avrc_pars_ct.cc) where improper input validation can cause an out-of-bounds read, enabling remote information disclosure over Bluetooth without extra privileges. The issue resides in the Bluetooth AVRCP pars...