Lucene search
+L
GoogleAndroid

8153 matches found

CVE
CVE
•added 2025/12/02 2:34 a.m.•14 views

CVE-2025-20763

CVE-2025-20763 affects the mmdvfs component. A missing bounds check can enable an out-of-bounds write, leading to local privilege escalation if an attacker already holds System privileges. No user interaction is required. Public records across NVD/Red Hat/ENISA and other feeds confirm the issue a...

7.8CVSS6.3AI score0.00072EPSS
CVE
CVE
•added 2025/12/08 4:57 p.m.•14 views

CVE-2025-48614

CVE-2025-48614 : Android recovery path bug in rebootWipeUserData (RecoverySystem.java) allows factory reset while in DSU mode due to a missing permission check. This creates a physical denial-of-service risk with no extra privileges and no user interaction needed. Affected: Android framework comp...

4.6CVSS5.7AI score0.00097EPSS
CVE
CVE
•added 2025/12/08 4:57 p.m.•14 views

CVE-2025-48628

Summary: CVE-2025-48628 affects the Android framework, specifically the PrintManagerService’s validateIconUserBoundary, enabling a cross-user image leak due to a confused deputy and enabling local privilege escalation without extra execution privileges or user interaction. What is affected: Print...

7.8CVSS6.4AI score0.00074EPSS
CVE
CVE
•added 2026/03/09 9:2 a.m.•14 views

CVE-2025-69278

CVE-2025-69278 affects the nr modem. The issue is a crash caused by improper input validation, leading to remote denial of service. CVSS 3.1 base score 7.5 (NETWORK, LOW attack complexity, NONE privileges, NONE user interaction). Exploitation details are not provided in the documents; no remediat...

7.5CVSS5.9AI score0.00228EPSS
CVE
CVE
•added 2026/05/06 1:43 a.m.•14 views

CVE-2025-71253

CVE-2025-71253 concerns Modem IMS with an input validation flaw that can allow remote denial of service without extra privileges. The issue is described as improper input validation in Modem IMS, leading to availability impact (high) per CVSS vector: Network access, no user interaction, low attac...

7.5CVSS6AI score0.00305EPSS
CVE
CVE
•added 2026/03/10 8:46 p.m.•14 views

CVE-2026-0115

Technical details for CVE-2026-0115 are not publicly available in the provided documents. Monitor for updates.

2.1CVSS5.9AI score0.0009EPSS
CVE
CVE
•added 2026/03/10 8:46 p.m.•14 views

CVE-2026-0117

CVE-2026-0117 affects the MFC decoder path in mfc_dec_v4l2.c, where an incorrect bounds check enables an out-of-bounds write. This could lead to local escalation of privileges with no extra execution privileges required and no user interaction needed. The vulnerability is documented across multip...

8.4CVSS5.9AI score0.00081EPSS
CVE
CVE
•added 2026/03/10 8:46 p.m.•14 views

CVE-2026-0118

Technical details about CVE-2026-0118 are not publicly provided in the supplied documents. Monitor for updates from the sources listed; the available descriptions indicate a local privilege escalation via oobconfig bypass but lack specifics.

8.4CVSS5.9AI score0.00085EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•14 views

CVE-2026-0135

CVE-2026-0135 affects the Modem component, where a missing bounds check can enable an out-of-bounds read. This can lead to remote code execution with no additional privileges required and no user interaction. Several connected sources (NVD, EUVD-ENISA, CVE listings, OSV and PT-Security entries) c...

7.8CVSS6.2AI score0.00103EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•14 views

CVE-2026-0145

CVE-2026-0145 affects Keymint; a logic error allows a permission bypass leading to local information disclosure without extra privileges or user interaction. Exploitation status and fix details are not provided in the supplied documents; several sources list the issue but no patch information is ...

3.3CVSS5.6AI score0.00068EPSS
CVE
CVE
•added 2026/03/02 8:39 a.m.•14 views

CVE-2026-20416

The CVE-2026-20416 entry concerns an out-of-bounds write in pcie caused by a missing bounds check, enabling local privilege escalation to System level without user interaction. Affected scope includes MediaTek-based PCIe components (as reflected across NVD/Red Hat OSV, CVE lists, and PT-security ...

7.2CVSS5.9AI score0.00184EPSS
CVE
CVE
•added 2026/03/02 8:39 a.m.•14 views

CVE-2026-20438

CVE-2026-20438 affects MAE with a race-condition out-of-bounds write that can cause local privilege escalation without user interaction. The issue requires the System privilege to exploit and is associated with Patch ID ALPS10431920 and Issue MSV-5835. Red Hat and other feeds corroborate the same...

6.4CVSS5.9AI score0.00058EPSS
CVE
CVE
•added 2026/03/02 8:39 a.m.•14 views

CVE-2026-20444

CVE-2026-20444 affects MediaTek chipsets. The issue is a memory corruption caused by a missing bounds check in display, enabling local escalation of privilege from System with no user interaction required. Patch: ALPS10436995; Issue ID: MSV-5721. Connected sources (Red Hat, NVD, CVE list, etc.) c...

6.7CVSS5.9AI score0.00077EPSS
CVE
CVE
•added 2026/03/02 8:39 a.m.•14 views

CVE-2026-20445

The CVE-2026-20445 vulnerability affects the MDDP component, where a race condition can cause a system crash leading to local denial of service when the attacker already has System privileges. Exploitation does not require user interaction. The issue is associated with a patch identified as ALPS1...

4.4CVSS5.9AI score0.00122EPSS
CVE
CVE
•added 2026/06/17 7:21 a.m.•14 views

CVE-2026-28587

CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...

10CVSS5.5AI score0.00115EPSS
CVE
CVE
•added 2025/10/14 9:11 a.m.•13 views

CVE-2025-20723

The CVE-2025-20723 entry concerns the gnss driver. It describes an out-of-bounds write caused by an incorrect bounds check, potentially enabling local privilege escalation to System level without user interaction. A patch is identified (ALPS09920033) and the associated issue MSV-3797. Connected s...

7.8CVSS6.3AI score0.00089EPSS
CVE
CVE
•added 2025/11/04 6:20 a.m.•13 views

CVE-2025-20749

In MediaTek charger-related CVE-2025-20749, the flaw is an out-of-bounds write caused by a missing bounds check. This can enable local escalation of privilege for an attacker who already has System privileges, with no user interaction required. Affected component is the charger subsystem; the iss...

6.7CVSS6.3AI score0.0008EPSS
CVE
CVE
•added 2025/12/02 2:34 a.m.•13 views

CVE-2025-20771

CVE-2025-20771 relates to a local privilege-escalation in MediaTek chipsets due to improper input validation. A malicious actor already with System privileges could exploit this without user interaction, per multiple feeds. The underlying flaw is in input handling leading to elevation of privileg...

6.7CVSS6.3AI score0.00074EPSS
CVE
CVE
•added 2025/12/02 2:35 a.m.•13 views

CVE-2025-20789

In GPU pdma on affected MediaTek platforms, a missing bounds check can lead to local information disclosure. The vulnerability allows leakage of information without extra privileges, with exploitation requiring user interaction. A patch is referenced (ALPS10117741; MSV-4538). Affected component i...

4.4CVSS5AI score0.00069EPSS
CVE
CVE
•added 2025/12/11 7:35 p.m.•13 views

CVE-2025-36919

CVE-2025-36919: A double-free condition in aocc_read within aoc_channel_dev.c due to improper locking enables local elevation of privilege. Exploitation requires local access (no user interaction). Multiple feeds (NVD/Red Hat/CNVD/CVELIST) reference the same issue with AoC component; Pixel Androi...

7.8CVSS6.5AI score0.00071EPSS
CVE
CVE
•added 2025/12/08 4:57 p.m.•13 views

CVE-2025-48586

Summary: CVE-2025-48586 relates to Android's EditFdnContactScreen.java: In onActivityResult, a confused-deputy flaw could leak contacts from the work profile, enabling local elevation of privilege with no extra privileges and no user interaction. Affected component: Android app code path in EditF...

7.8CVSS6.4AI score0.0008EPSS
CVE
CVE
•added 2026/03/02 6:42 p.m.•13 views

CVE-2025-48650

CVE-2025-48650 is described in public sources as an information disclosure via SQL injection that can lead to local privilege escalation with no additional execution privileges and no user interaction required. The initial entry does not specify affected products or versions. Connected documents ...

8.4CVSS6.1AI score0.00114EPSS
CVE
CVE
•added 2026/06/17 5:53 a.m.•13 views

CVE-2026-0057

CVE-2026-0057 affects the Android Contacts Provider. A missing permission check can allow an attacker to read an incoming call’s phone number and related metadata, enabling local information disclosure without extra execution privileges, and exploitation does not require user interaction. The iss...

3.3CVSS5.6AI score0.00065EPSS
CVE
CVE
•added 2026/03/10 8:46 p.m.•13 views

CVE-2026-0112

CVE-2026-0112 describes a use-after-free in vpu_open_inst of vpu_ioctl.c caused by a race condition, enabling local privilege escalation with no extra execution privileges or user interaction required. Multiple feeds (NVD/Red Hat/EUVD/PT Security/OSV) report the same description. The connected so...

7.4CVSS5.9AI score0.00062EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•13 views

CVE-2026-0129

The CVE-2026-0129 entry concerns RtcpByePacket::decodeByePacket with a missing bounds check that can lead to remote information disclosure. The available sources (NVD, OSV, PT security, Android Pixel bulletin) indicate this is related to libpixelimsmedia and triggers information disclosure withou...

3.5CVSS5.7AI score0.00168EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•13 views

CVE-2026-0130

CVE-2026-0130 affects the RtcpChunk::decodeRtcpChunk path, where a heap buffer overflow can cause an out-of-bounds read. This may lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The provided documents do not specify affected produc...

3.5CVSS6AI score0.00173EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•13 views

CVE-2026-0160

The vulnerability CVE-2026-0160 affects the TextRtpPayloadDecoderNode, specifically in DecodeT140 of TextRtpPayloadDecoderNode.cpp. It is caused by a missing bounds check that can result in an out-of-bounds write. The documented impact is remote code execution with no additional privileges requir...

8.8CVSS6.2AI score0.00231EPSS
CVE
CVE
•added 2026/03/02 8:39 a.m.•13 views

CVE-2026-20424

CVE-2026-20424 affects MediaTek chipsets. It is a missing bounds check in display leading to an out-of-bounds read, potentially exposing local information if an attacker already has System privileges. Exploitation does not require user interaction and is local. Patch: ALPS10320471 (Issue MSV-5540...

4.4CVSS5.9AI score0.00073EPSS
CVE
CVE
•added 2025/11/04 6:19 a.m.•12 views

CVE-2025-20744

The CVE-2025-20744 entry concerns the pda component with a use-after-free in privileged context leading to local escalation of privilege. The advisory indicates that a malicious actor who already has System privileges can exploit this without user interaction; no exploit vectors or in-wild detail...

4.2CVSS6.3AI score0.00078EPSS
CVE
CVE
•added 2025/11/04 6:20 a.m.•12 views

CVE-2025-20745

CVE-2025-20745 concerns a memory corruption issue in apusys caused by a use-after-free, enabling local privilege escalation for an attacker with System privileges. The vulnerability does not require user interaction. Affected component: apusys; root cause: use-after-free leading to memory corrupt...

4.2CVSS6.5AI score0.00075EPSS
CVE
CVE
•added 2025/12/02 2:34 a.m.•12 views

CVE-2025-20776

CVE-2025-20776 affects MediaTek chipsets with an out-of-bounds read caused by a missing bounds check. This can enable local privilege escalation to System level without user interaction. Exploitation status is not detailed in the provided documents. Patch: ALPS10184297 (MSV-4759) is referenced. N...

6.7CVSS6.2AI score0.00074EPSS
CVE
CVE
•added 2026/01/06 1:46 a.m.•12 views

CVE-2025-20800

CVE-2025-20800 affects the MediaTek-related component mminfra. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege to System level without user interaction. Exploitation details (vectors, exploit code) are not provided in the supplied docum...

7.8CVSS6.3AI score0.00071EPSS
CVE
CVE
•added 2026/01/06 1:47 a.m.•12 views

CVE-2025-20806

Impactful but constrained: CVE-2025-20806 is a memory corruption via use-after-free in dpe that could enable local escalation of privilege to System level. Exploitation requires local access; no user interaction is needed. Root cause is use-after-free vulnerability in dpe; no explicit affected pr...

6.7CVSS6.5AI score0.00071EPSS
CVE
CVE
•added 2025/12/11 7:35 p.m.•12 views

CVE-2025-36929

CVE-2025-36929 affects gxp_fence_manager.cc AreFencesRegistered. The issue is an information leak caused by improper input validation, enabling local information disclosure without extra privileges and without user interaction. Public exploitation details are not provided in the documents. The An...

5.5CVSS5.2AI score0.00083EPSS
CVE
CVE
•added 2025/12/11 7:35 p.m.•12 views

CVE-2025-36936

The CVE-2025-36936 entry concerns Tachyon Server, specifically the GetTachyonCommand function in tachyon_server_common.h. The issue is a potential out-of-bounds write caused by an integer overflow, enabling local elevation of privilege with no additional execution privileges required and no user ...

7.8CVSS6.6AI score0.00071EPSS
CVE
CVE
•added 2025/12/08 4:57 p.m.•12 views

CVE-2025-48591

CVE-2025-48591 is an Android framework information-disclosure vulnerability caused by a missing permission check in multiple locations, allowing local read-access to another user’s files without requiring privileges or user interaction. Affected: Android devices with patches that address ASB 2025...

5.5CVSS5AI score0.00083EPSS
CVE
CVE
•added 2026/03/09 9:2 a.m.•12 views

CVE-2025-61616

CVE-2025-61616 affects the nr modem component where improper input validation can cause a system crash, leading to remote denial of service. The public records consistently describe the vulnerability as a crash in nr modem with no additional execution privileges required, and the impact is Availa...

7.5CVSS5.9AI score0.00312EPSS
CVE
CVE
•added 2026/03/10 8:46 p.m.•12 views

CVE-2026-0113

CVE-2026-0113 describes an out-of-bounds write in ns_GetUserData within ns_SmscbUtilities.c that could enable remote escalation of privilege without user interaction. Affected references across multiple feeds corroborate the same flaw and classify it as a high-severity issue with a common-criteri...

9.8CVSS5.9AI score0.00306EPSS
CVE
CVE
•added 2026/03/10 8:46 p.m.•12 views

CVE-2026-0123

The CVE-2026-0123 entry concerns the EfwApTransport::ProcessRxRing function in efw_ap_transport.cc, where an out-of-bounds write can occur due to a missing bounds check. This vulnerability is described as enabling local elevation of privilege with no additional execution privileges required and n...

8.4CVSS5.9AI score0.00073EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•12 views

CVE-2026-0126

In WC-Radio, there is a confirmed vulnerability causing an out-of-bounds write due to a missing bounds check. This can lead to remote code execution with no privileges and no user interaction required. The issue is detailed across multiple feeds (NVD entry CVE-2026-0126, EUVD-2026-, and related O...

9.8CVSS6.2AI score0.00277EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•12 views

CVE-2026-0143

The CVE-2026-0143 issue is in LWIS (lwIS) device handling: in lwis_device_external_event_emit of lwis_event.c, a memory corruption via use-after-free is reported, enabling local escalation of privilege with System execution privileges, and no user interaction is required. Public documents from NV...

7.8CVSS5.7AI score0.00073EPSS
CVE
CVE
•added 2026/06/16 6:51 p.m.•12 views

CVE-2026-0153

CVE-2026-0153: Out-of-bounds write in Write of msg_to_host_buffer.cc due to an incorrect bounds check; could enable local escalation of privilege with no user interaction. Pixel bulletin lists EdgeTPU as the affected subcomponent; initial materials do not publish a patch version or mitigation ste...

7.8CVSS5.6AI score0.00068EPSS
CVE
CVE
•added 2026/03/02 8:39 a.m.•12 views

CVE-2026-20437

CVE-2026-20437 affects MAE. A use-after-free causes a possible system crash leading to local denial of service when the attacker already has System privileges; no user interaction is required. Patch ALPS10431940 (MSV-5843).

4.4CVSS5.9AI score0.00071EPSS
CVE
CVE
•added 2026/01/06 1:46 a.m.•11 views

CVE-2025-20798

MediaTek chipsets/Battery component contains an out-of-bounds write due to a missing bounds check, enabling local privilege escalation if an attacker already has System privileges. User interaction is not required. Patch ALPS10315812 and Issue MSV-5533 address this. Exploitation details are not p...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
•added 2026/01/06 1:46 a.m.•11 views

CVE-2025-20799

CVE-2025-20799 affects the c2ps component and is linked to a memory corruption via use-after-free. The issue enables local escalation of privilege if the attacker already holds System privileges, with no user interaction required. The vulnerability details indicate a patch identified as ALPS10274...

7.8CVSS6.5AI score0.00071EPSS
CVE
CVE
•added 2025/12/08 5:27 p.m.•11 views

CVE-2025-48608

CVE-2025-48608 affects the Android SettingsProvider.java isValidMediaUri path, enabling cross-user media read due to a missing permission check. The issue permits local information disclosure without user interaction (ATT&CK: T1552-like, per the description), with CVSS 3.1 base score 5.5 (AV:L/AC...

5.5CVSS4.9AI score0.00064EPSS
CVE
CVE
•added 2026/05/06 1:43 a.m.•11 views

CVE-2025-71256

CVE-2025-71256 affects the nr modem component. The issue is improper input validation that can allow remote denial of service without additional privileges. Attack vector is network with no user interaction; impact is availability degradation (CVE scored with CVSS v3.1 base 7.5, HIGH). Root cause...

7.5CVSS6AI score0.00305EPSS
CVE
CVE
•added 2025/12/02 2:34 a.m.•10 views

CVE-2025-20770

CVE-2025-20770 involves a memory corruption via use-after-free in display handling on MediaTek chipsets, resulting in local privilege escalation if an attacker already has System privileges. No user interaction is required. The vulnerability affects the component responsible for display/memory ha...

6.7CVSS6.5AI score0.00074EPSS
CVE
CVE
•added 2025/12/02 2:34 a.m.•10 views

CVE-2025-20775

CVE-2025-20775 affects MediaTek chipsets’ display component. The issue is a memory corruption due to a use-after-free in display, allowing local escalation of privilege to System level without user interaction. Affected versions are prior to Patch ID ALPS10182914; the patch/mitigation is ALPS1018...

6.7CVSS6.5AI score0.00074EPSS
CVE
CVE
•added 2025/12/02 2:34 a.m.•10 views

CVE-2025-20788

CVE-2025-20788 affects the GPU PDMA path in MediaTek chipsets. The issue is a memory corruption caused by a missing permission check, which can enable local denial of service with no additional execution privileges required. Exploitation requires user interaction. A patch is available: ALPS101177...

4.4CVSS5.5AI score0.00065EPSS
Total number of security vulnerabilities8153