Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/02/28 12:0 a.m.140 views

CVE-2023-20946

CVE-2023-20946 affects Android 11–13 (Android 11, 12, 12L, 13). Root cause is a permission bypass in onStart of BluetoothSwitchPreferenceController.java (confused deputy), enabling remote elevation of privilege in Bluetooth settings with no user interaction. The NVD metrics show a critical CVSS v...

9.8CVSS9AI score0.00479EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.140 views

CVE-2023-21128

The CVE-2023-21128 entry covers a local elevation of privilege in Android’s AppStandbyController.java caused by a logic error in multiple functions. Affected products/versions include Android 11, 12, 12L, and 13; the issue enables privilege escalation with LOW privileges required and no user inte...

7.8CVSS7.6AI score0.0009EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.140 views

CVE-2023-40133

CVE-2023-40133: In multiple locations of DialogFillUi.java, a confused deputy vulnerability allows an attacker to perform local information disclosure by viewing another user’s images. This requires no user interaction and can be exploited with local privileges (low attack complexity, low privile...

5.5CVSS5.1AI score0.00175EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.140 views

CVE-2024-0053

The CVE-2024-0053 issue affects the Android framework in PrintManagerService.getCustomPrinterIcon, where a proxy/confused-deputy mechanism could enable local information disclosure by viewing other users’ images. The underlying cause is information disclosure via getCustomPrinterIcon, with exploi...

3.3CVSS6AI score0.00118EPSS
CVE
CVE
added 2025/04/07 3:14 a.m.140 views

CVE-2025-20658

CVE-2025-20658 is a MediaTek DA component vulnerability caused by a logic error that enables a local elevation of privilege with physical access and no user interaction. The issue affects DA and can be exploited without additional execution privileges; CVSS 3.1 metrics indicate physical access re...

6CVSS6.5AI score0.00118EPSS
CVE
CVE
added 2019/06/07 7:40 p.m.139 views

CVE-2019-2098

CVE-2019-2098 affects Android 7.0–9 and is tied to a missing permissions check in NotificationManagerService.java areNotificationsEnabledForPackage, enabling local elevation of privilege with no additional privileges and no user interaction required. The issue impacts Android’s System/notificatio...

7.8CVSS7.5AI score0.00153EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.139 views

CVE-2021-0303

The CVE-2021-0303 issue is a use-after-free race in dispatchGraphTerminationMessage() within StreamSetObserver.cpp used by Android 11. It enables local privilege escalation with user privileges and does not require user interaction. Red Hat and OSV entries corroborate the same file path and impac...

7CVSS7AI score0.00119EPSS
CVE
CVE
added 2021/01/11 9:46 p.m.139 views

CVE-2021-0306

CVE-2021-0306 describes a vulnerability in Android’s PermissionManagerService.addAllPermissions that enables a local elevation of privilege by bypassing permission checks to obtain the android.permission.ACTIVITY_RECOGNITION without user confirmation. Affected products include Android versions 8....

7.8CVSS7.8AI score0.00259EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.139 views

CVE-2021-0473

CVE-2021-0473 affects Android via a double-free in rw_t3t_process_error in rw_t3t.cc, caused by uninitialized data, enabling remote code execution over NFC with no privileges and no user interaction required. Affected versions include Android-8.1, 9, 10, 11 per the description. The initial docume...

8.8CVSS8.8AI score0.00486EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.139 views

CVE-2021-39618

CVE-2021-39618 affects Android 9–12 where the EuiccNotificationManager.java contains an unsafe PendingIntent that allows a local attacker to install existing packages without user consent. This enables local privilege escalation with user privileges required, and exploitation does not require use...

7.8CVSS7.7AI score0.00122EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.139 views

CVE-2022-20394

CVE-2022-20394 affects Android 10–12/12L with a missing permission check in InputMethodManagerService.getInputMethodWindowVisibleHeight, allowing an app to determine when another app’s IME is shown and potentially disclose information locally. Exploitation requires user interaction; no remote cod...

5CVSS4.7AI score0.00093EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.139 views

CVE-2022-20413

The CVE-2022-20413 issue is in Android’s media handling logic, specifically at the start of Threads.cpp, enabling an attacker to record audio during a phone call. The flaw can cause local information disclosure with User privileges and does not require user interaction, with exploitation describe...

5.5CVSS5AI score0.00254EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.139 views

CVE-2022-20484

CVE-2022-20484 affects Android 10–13 where NotificationChannel.java’s permission persistence can fail due to resource exhaustion, enabling local elevation of privilege with no user interaction needed. CVSSv3.1 metrics indicate LOCAL access, LOW privileges, UI None, and HIGH impact on confidential...

7.8CVSS7.6AI score0.00166EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.139 views

CVE-2022-20486

CVE-2022-20486 affects Android (Android-10, -11, -12, -12L, -13) where NotificationChannel.java may fail to persist permissions due to resource exhaustion, enabling local elevation of privilege with no extra execution privileges required. The issue is described as a resource-exhaustion vulnerabil...

7.8CVSS7.7AI score0.0012EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.139 views

CVE-2022-20492

CVE-2022-20492 concerns Android where, in several functions of AutomaticZenRule.java , there is a potential failure to persist permissions settings due to resource exhaustion. This can lead to local elevation of privilege with no additional execution privileges required. Exploitation details are ...

7.8CVSS7.7AI score0.00269EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.139 views

CVE-2023-20930

CVE-2023-20930 affects Android 11–13 where the pushDynamicShortcut function in ShortcutPackage.java can exhaust resources and cause the device to boot loop, yielding local DoS without extra privileges or user interaction. The issue is documented in the Android May 2023 security bulletin with patc...

5.5CVSS5.3AI score0.00085EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.139 views

CVE-2023-20934

CVE-2023-20934 affects Android 12/12L/13. Root cause: in resolveAt attributionSource of ServiceUtilities.cpp, a permissions bypass could disable the microphone privacy indicator, enabling local elevation of privilege with no user interaction. Impact per sources is high (local, with confidentialit...

7.8CVSS7.6AI score0.00092EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.139 views

CVE-2023-20967

CVE-2023-20967 is an Android elevation-of-privilege vulnerability in the function avdt_scb_hdl_pkt_no_frag within avdt_scb_act.cc. A faulty bounds check allows an out-of-bounds write, enabling local privilege escalation with no additional execution privileges required and no user interaction. Aff...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.139 views

CVE-2023-21082

The CVE-2023-21082 entry describes an information-disclosure flaw in Android related to getNumberFromCallIntent in NewOutgoingCallIntentBroadcaster.java. Affected: Android 11–13 (Android-11, Android-12, Android-12L, Android-13). Root cause: a confused deputy allows enumerating other users’ contac...

5.5CVSS5AI score0.00082EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.139 views

CVE-2023-21131

CVE-2023-21131 concerns a logic error in ActivityManagerService.checkKeyIntentParceledCorrectly() that can bypass Parcel Mismatch mitigations, enabling local escalation of privilege to launch arbitrary activities in settings without extra privileges. Affected: Android 11–13 (Android-11, Android-1...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.139 views

CVE-2023-21137

CVE-2023-21137 affects Android platforms (Android 11, 12, 12L, 13). Root cause: uncaught exceptions in JobStore.java during job map parsing, leading to a local persistent denial of service. Impact is DoS without requiring user interaction or elevated privileges; exploitation is local. Public refe...

5.5CVSS5.3AI score0.00118EPSS
CVE
CVE
added 2023/08/14 9:3 p.m.139 views

CVE-2023-21278

CVE-2023-21278 affects Google Android, appearing in the Android 2023-08-01/08-01 bulletin under the Framework/EoP category. The issue is a logic error in multiple locations that can obscure the microphone privacy indicator, enabling local elevation of privilege without additional execution privil...

3.3CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2023/08/14 9:7 p.m.139 views

CVE-2023-21288

The CVE-2023-21288 entry affects Android via the Notification.java component, where in the visitUris method a missing permission check could allow information disclosure across users. Impact: local information disclosure with User privileges required; exploitation does not require user interactio...

5.5CVSS5.1AI score0.00167EPSS
CVE
CVE
added 2023/08/14 9:7 p.m.139 views

CVE-2023-21290

CVE-2023-21290 affects Google Android (MmsProvider.java) and is due to a race condition that can bypass file permission checks. This enables local denial of service with no additional execution privileges and requires no user interaction to exploit. Public references indicate Android security bul...

5.5CVSS5.4AI score0.00068EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.139 views

CVE-2023-21394

The CVE relates to TelecomServiceImpl.java (registerPhoneAccount) on Android. A missing permission check could allow an attacker to disclose images from another user via local access, with no extra execution privileges or user interaction required. The issue is described consistently across multi...

5.5CVSS5.2AI score0.00097EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.139 views

CVE-2023-35675

The CVE-2023-35675 entry describes a local information disclosure in Android tied to the loadMediaResumptionControls function in MediaResumeListener.kt. The logic error could allow a user on the same device to play/listen to media files belonging to another user without extra privileges or user i...

5.5CVSS5.1AI score0.00105EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.139 views

CVE-2023-40096

Summary: CVE-2023-40096 affects Android’s audio recording flow. A missing flag in OpRecordAudioMonitor::onFirstRef within AudioRecordClient.cpp may allow background audio recording, enabling local elevation of privilege with User privileges. Exploitation does not require user interaction. The vul...

7.8CVSS7.7AI score0.00197EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.139 views

CVE-2024-31313

CVE-2024-31313 is an Android/MessageQueueBase.h issue involving an incorrect bounds check in the function availableToWriteBytes, which can cause an out-of-bounds write. The vulnerability enables local escalation of privilege with no additional execution privileges required and does not require us...

7.8CVSS6.9AI score0.00102EPSS
CVE
CVE
added 2020/04/10 6:43 p.m.138 views

CVE-2015-8546

Concrete details: CVE-2015-8546 affects Samsung mobile devices with Shannon333 baseband (Galaxy S6/S6 Edge/S6 Edge+/Note5) and firmware up to 2015-11-12. Vulnerability is a stack-based buffer overflow in the baseband process, enabling remote code execution via a fake base station. Exploitation st...

10CVSS9.9AI score0.01595EPSS
CVE
CVE
added 2020/04/17 6:21 p.m.138 views

CVE-2020-0077

CVE-2020-0077 affects the FPC Iris TZ App (TrustZone) on Android. Description: an out-of-bounds read in authorize_enroll due to a missing bounds check, enabling local information disclosure with System privileges needed; exploitation does not require user interaction. Connected sources corroborat...

4.4CVSS4.3AI score0.00145EPSS
CVE
CVE
added 2020/09/17 3:24 p.m.138 views

CVE-2020-0379

CVE-2020-0379 affects the Bluetooth service in Android 8.0–11, where a logic error enables spoofing and potential remote information disclosure without extra execution privileges. Exploitation requires user interaction. The issue is categorized as an Information Disclosure/ID within multiple Andr...

5.7CVSS5.3AI score0.00333EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.138 views

CVE-2021-0641

CVE-2021-0641: A missing permission check in getAvailableSubscriptionInfoList() of SubscriptionController.java allows disclosure of unique identifiers and local information disclosure without extra execution privileges on Android 8.1–11. The NVD entry rates the base CVSSv3 as 5.5 (LOCAL, LOW comp...

5.5CVSS5AI score0.00108EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.138 views

CVE-2022-20197

CVE-2022-20197 affects the Android Framework (notably in Android 12L) where a Parcel.java recycle bug could allow starting a foreground activity from the background, enabling local elevation of privilege with no user interaction. The issue is categorized as EoP with a moderate to high risk depend...

7.8CVSS7.6AI score0.00112EPSS
CVE
CVE
added 2022/08/11 12:0 a.m.138 views

CVE-2022-20338

Summary: CVE-2022-20338 affects Android (Android-11, Android-12, Android-12L, Android-13) due to a vulnerability in HierarchicalUri.readFrom in Uri.java that allows crafting a malformed URI because of improper input validation, enabling local escalation of privilege without extra execution privil...

3.3CVSS4.2AI score0.00201EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.138 views

CVE-2022-20412

CVE-2022-20412 affects Android 10–13. It is caused by an out-of-bounds read in fdt_next_tag (fdt.c) due to an incorrect bounds check, enabling local escalation of privilege to System privileges without user interaction. Impacted components: system/kernel path in Android’s fdt handling. The NVD en...

6.7CVSS6.5AI score0.00136EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.138 views

CVE-2022-20418

CVE-2022-20418 → In Android 12/12L/13, a vulnerability in pickStartSeq() of AAVCAssembler.cpp allows an out-of-bounds read, leading to remote information disclosure without privileges or user interaction. Affected component: Android Media framework. Base CVSSv3.1 score: 7.5 (High). Remediation: p...

7.5CVSS7AI score0.00436EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.138 views

CVE-2022-20488

Technical details about CVE-2022-20488 are not publicly provided in the supplied documents. Monitor for updates from Android advisories and related sources for patch status and affected versions.

7.8CVSS7.6AI score0.0012EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.138 views

CVE-2022-20499

CVE-2022-20499 is a vulnerability in Android’s PasspointConfiguration.java where uncaught errors during parsing of stored configs in function validateForCommonR1andR2 can cause a local persistent DoS without extra privileges. Affected are Android 12, 12L, and 13 releases; exploitation is reported...

5.5CVSS5.3AI score0.00171EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.138 views

CVE-2022-20567

CVE-2022-20567 concerns the Linux kernel (also reflected in Android kernel contexts) where in the function pppol2tp_create of l2tp_ppp.c a race condition can cause a use-after-free. This vulnerability enables local escalation of privilege with kernel/system level impact and requires no user inter...

7.4CVSS6.6AI score0.0011EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.138 views

CVE-2023-20936

CVE-2023-20936 affecting Android 11–13: In bta_av_rc_disc_done of bta_av_act.cc, an out-of-bounds write is caused by a missing bounds check, enabling local elevation of privilege with no extra user interaction beyond local access. Multiple sources (NVD, CVE records, and Android security bulletins...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.138 views

CVE-2023-20959

CVE-2023-20959 affects Android 13, where AddSupervisedUserActivity allows guest users to start the activity due to missing permission checks. Root cause: inadequate access control in AddSupervisedUserActivity. Impact: local elevation of privilege with no additional execution privileges required; ...

7.8CVSS7.7AI score0.00088EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.138 views

CVE-2023-20962

CVE-2023-20962 affects Android 13, specifically the MediaVolumePreferenceController.java function getSliceEndItem, where an unsafe PendingIntent could start a foreground activity from the background. This enables local information disclosure without extra privileges and without user interaction. ...

5.5CVSS5.1AI score0.00086EPSS
CVE
CVE
added 2023/08/14 8:58 p.m.138 views

CVE-2023-21242

CVE-2023-21242 affects Android’s InsecureEapNetworkHandler.isServerCertChainValid, where a logic error could allow trusting an imposter server. The root cause is in isServerCertChainValid, enabling remote escalation of privilege without additional execution privileges and with no user interaction...

9.8CVSS9.2AI score0.00439EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.138 views

CVE-2023-35676

CVE-2023-35676 describes an elevation-of-privilege issue in Android related to an unsafe PendingIntent in the CreateQuickShareAction flow inside SaveImageInBackgroundTask.java. The vulnerability can trigger a background activity launch, enabling local privilege elevation with no additional execut...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.138 views

CVE-2024-0046

CVE-2024-0046 involves a logic error in InstallPackageHelper.java (installExistingPackageAsUser) that can bypass carrier restrictions, enabling local privilege escalation without additional execution privileges or user interaction. The vulnerability affects Android framework code and is rated hig...

7.8CVSS7AI score0.00121EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.138 views

CVE-2024-23707

CVE-2024-23707 is an Android elevation-of-privilege issue caused by improper input validation in multiple locations, enabling a local bypass with no additional execution privileges but requiring user interaction. Public references show the flaw as fixed in Android’s 2024-05 patch cycle, with the ...

7.8CVSS7AI score0.00095EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.138 views

CVE-2024-32913

CVE-2024-32913 affects the WLAN stack in wl_notify_rx_mgmt_frame within wl_cfg80211.c. The issue is an out-of-bounds write caused by an integer overflow, which could enable remote code execution with no authentication or user interaction required. The vulnerability is documented in Android Pixel ...

9.8CVSS7.5AI score0.00321EPSS
CVE
CVE
added 2019/10/11 6:14 p.m.137 views

CVE-2019-2173

CVE-2019-2173 involves the Android Framework component where in startActivityMayWait of ActivityStarter.java an incorrect permission check can launch an Activity improperly. This creates a local elevation of privilege risk on affected Android versions: 7.1.1, 7.1.2, 8.0, 8.1, and 9. The issue doe...

7.8CVSS7.6AI score0.00161EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.137 views

CVE-2021-0309

CVE-2021-0309 affects Android (versions 8.0–11) with a flaw in grantCredentialsPermissionActivity during onCreate that enables a confused deputy to disclose local information and gain account access without extra execution privileges. Exploitation requires user interaction, and impact is describe...

5.5CVSS5.1AI score0.00162EPSS
CVE
CVE
added 2021/03/10 3:40 p.m.137 views

CVE-2021-0397

CVE-2021-0397 : A double-free in Android’s sdp_copy_raw_data (sdp_discovery.cc) can cause remote code execution with no privileges and no user interaction. Affected: Android 8.1, 9, 10, 11 (per public advisories). Root cause: memory management flaw (double free) in SDP discovery path. Impact: rem...

9.8CVSS9.2AI score0.0567EPSS
Total number of security vulnerabilities8153