Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/03/10 3:40 p.m.137 views

CVE-2021-0397

CVE-2021-0397 : A double-free in Android’s sdp_copy_raw_data (sdp_discovery.cc) can cause remote code execution with no privileges and no user interaction. Affected: Android 8.1, 9, 10, 11 (per public advisories). Root cause: memory management flaw (double free) in SDP discovery path. Impact: rem...

9.8CVSS9.2AI score0.0567EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.137 views

CVE-2021-0507

CVE-2021-0507 corresponds to an Android Bluetooth flaw in btif_rc.cc (handle_rc_metamsg_cmd) where a missing bounds check can cause an out-of-bounds write. This flaw could enable remote code execution over Bluetooth with no extra privileges and without user interaction. Affected Android versions ...

8.8CVSS8.4AI score0.01008EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.137 views

CVE-2021-0509

CVE-2021-0509 : A race condition causes a use-after-free in CryptoPlugin.cpp, leading to local privilege escalation with no additional privileges or user interaction required. Affected products/versions in the provided data include Android 8.1, 9, 10, and 11. The documents do not specify a public...

7CVSS7AI score0.00168EPSS
CVE
CVE
added 2021/07/14 1:45 p.m.137 views

CVE-2021-0589

CVE-2021-0589 is an Android local privilege escalation vulnerability: an out-of-bounds write in BTM_TryAllocateSCN (btm_scn.cc) caused by an incorrect bounds check, enabling local execution as a privileged context without user interaction. Affected Android versions include 8.1, 9, 10, and 11 (per...

7.8CVSS7.7AI score0.00265EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.137 views

CVE-2021-0645

CVE-2021-0645 is an elevation-of-privilege issue in Android 11 involving shouldBlockFromTree in ExternalStorageProvider.java. The root cause is a permissions bypass that could let a local attacker read private app directories in external storage, with exploitation reportedly requiring user intera...

7.8CVSS7.5AI score0.0033EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.137 views

CVE-2021-0695

CVE-2021-0695 is a vulnerability in the Android kernel (xt_qtaguid.c: get_sock_stat) caused by a use-after-free that enables an out-of-bounds read leading to local information disclosure. Exploitation is local (no user interaction required) per the description; impact is partial confidentiality. ...

5.5CVSS4.9AI score0.00119EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.137 views

CVE-2021-0706

CVE-2021-0706 affects Android (versions 10 and 11) via a missing permission check in startListening() of PluginManagerImpl.java, allowing an attacker to disable arbitrary app components and potentially cause local denial of service with no additional privileges or user interaction required. The v...

5.5CVSS5.7AI score0.00103EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.137 views

CVE-2021-39715

The CVE refers to an information disclosure in the Android kernel: in __show_regs of process.c, log information disclosure could leak kernel memory/addresses, enabling local information leakage with SYSTEM privileges. Affected software: Android kernel components; vulnerable item: the show_regs pa...

4.4CVSS4AI score0.0013EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.137 views

CVE-2022-20226

CVE-2022-20226 affects Android 12 / 12L. Root cause: in finishDrawingWindow of WindowManagerService.java, improper input validation enables tapjacking. This could allow local escalation of privilege with User privileges required; exploitation requires user interaction. Affected component is the W...

3.9CVSS4.5AI score0.001EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.137 views

CVE-2022-20467

The CVE-2022-20467 issue affects Android 11–13 where the function isBluetoothShareUri in BluetoothOppUtility.java can read files incorrectly due to a confused deputy, causing local information disclosure with no extra execution privileges. Exploitation requires user interaction, with local attack...

5.5CVSS5AI score0.00102EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.137 views

CVE-2023-20947

CVE-2023-20947 is an Elevation of Privilege vulnerability in Android affecting the getGroupState function in GrantPermissionsViewModel.kt. The issue can allow a local attacker with low privileges to bypass permission handling and keep a one-time permission granted, enabling local escalation witho...

7.8CVSS7.6AI score0.00098EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.137 views

CVE-2023-20964

The CVE-2023-20964 entry affects Android (Android-12/12L/13) via MediaSessionRecord.java, where an Intent rebroadcast in multiple functions can cause local denial of service or privilege escalation without extra execution privileges and with no user interaction required. The vulnerability is clas...

7.8CVSS7.6AI score0.0012EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.137 views

CVE-2023-21104

CVE-2023-21104 affects Android (Android-12L/Android-13) via a missing permission check in WindowOrganizer.java (applySyncTransaction), enabling local information disclosure without extra execution privileges. Impact is information leakage; exploitation requires no user interaction and is locally ...

5.5CVSS5AI score0.00082EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.137 views

CVE-2023-21117

CVE-2023-21117 affects Android 13, specifically the ActivityManagerService.registerReceiverWithFeature path. The issue enables a permissions bypass that could let isolated processes register a broadcast receiver, causing local elevation of privilege with no extra execution privileges and no user ...

8.4CVSS7.6AI score0.00084EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.137 views

CVE-2023-21118

The CVE-2023-21118 entry concerns a vulnerability in Android where the unflattenString8 function in Sensor.cpp can read beyond a heap buffer due to a missing bounds check, causing local information disclosure without extra privileges. Affected products/versions include Android 11, 12, 12L, and 13...

6.2CVSS5.2AI score0.00201EPSS
CVE
CVE
added 2023/07/12 11:26 p.m.137 views

CVE-2023-21245

CVE-2023-21245 affects Google's Android Framework, specifically the showNextSecurityScreenOrFinish path in KeyguardSecurityContainerController.java. A logic error could allow access to the lock screen during device setup, enabling local elevation of privilege without user interaction. Exploitatio...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.137 views

CVE-2023-32871

CVE-2023-32871 affects MediaTek DA (Device Access) in MediaTek-based platforms. The vulnerability arises from an incorrect status check, enabling local escalation of privilege with no additional execution privileges required and no user interaction. The issue is documented across multiple sources...

5.3CVSS7AI score0.00083EPSS
CVE
CVE
added 2019/09/05 9:42 p.m.136 views

CVE-2019-2108

CVE-2019-2108 affects Android 10 in the Media framework component. The issue is an out-of-bounds write in ihevcd_ref_list.c caused by a missing bounds check, enabling remote code execution with the attacker needing user interaction. The Android 2019-09-05 patch level (and later) addressing this i...

9.3CVSS7.9AI score0.01038EPSS
CVE
CVE
added 2019/09/05 9:42 p.m.136 views

CVE-2019-9254

CVE-2019-9254 affects Android 10 in zygote.java (readArgumentList). Describes a command injection due to improper input validation that could enable local privilege escalation without user interaction. Impact is defined as local EoP with high severity (C/C/I/A). Mitigation: patch levels 2019-09-0...

7.8CVSS7.9AI score0.00423EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.136 views

CVE-2021-0319

CVE-2021-0319 affects Android versions 8.0 through 11. It concerns CompanionDeviceManagerService.checkCallerIsSystemOr, where a permissions bypass may allow a local attacker to obtain a nearby Bluetooth device’s MAC address without proper permissions, enabling local privilege escalation to access...

7.3CVSS7.2AI score0.00256EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.136 views

CVE-2021-39626

CVE-2021-39626 affects Android devices (Android-9 to Android-12) via a permission bypass in ConnectedDeviceDashboardFragment.java (onAttach), enabling local privilege escalation in Bluetooth settings with no extra execution privileges or user interaction required. The NVD entry notes a high base ...

7.8CVSS7.7AI score0.00162EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.136 views

CVE-2022-20395

The CVE-2022-20395 entry concerns Android 11–13, where a path traversal in MediaProvider.java (checkAccess) can delete files, enabling local elevation of privilege with no extra execution privileges. Affected component: MediaProvider.java; root cause: path traversal leading to local file deletion...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2022/09/13 7:15 p.m.136 views

CVE-2022-20399

CVE-2022-20399 concerns the SEPolicy configuration in Android system apps, where an insecure default value allows access to the non-setuid ip utility. The resulting impact is local information disclosure of network data without extra privileges or user interaction. Documents consistently tie this...

5.5CVSS5AI score0.00092EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.136 views

CVE-2022-20414

Summary: CVE-2022-20414 describes a local DoS in Android via an uncaught exception in AlarmManagerService.setImpl that can push a device into a boot loop without extra privileges or user interaction. Affected products/versions (per sources): Android 10–13 (Android 10, 11, 12, 12L, 13). Root cause...

5.5CVSS5.3AI score0.00125EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.136 views

CVE-2023-20939

CVE-2023-20939 affects Android 12/12L/13, with memory corruption in the looper_backed_event_loop.cpp functions due to improper locking. The root cause is a locking defect that can lead to local elevation of privilege without extra execution privileges or user interaction. The impact is described ...

7.8CVSS7.7AI score0.00072EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.136 views

CVE-2023-21080

CVE-2023-21080 affects Android 11–13 and is tied to register_notification_rsp in btif_rc.cc, where a missing bounds check enables a local out-of-bounds read. This can cause information disclosure without requiring privileges or user interaction. The available sources (NVD/NVDC/CNVD/OsV/PRION mirr...

5.5CVSS5AI score0.00087EPSS
CVE
CVE
added 2023/07/12 11:34 p.m.136 views

CVE-2023-21262

Consolidated evidence across CVE-2023-21262 entries shows a race condition in the startInput function of AudioPolicyInterfaceImpl.cpp that can cause the microphone privacy indicator to be displayed incorrectly. This could mislead users about mic activity and state. Exploitation, if any, is noted ...

3.1CVSS4AI score0.00145EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.136 views

CVE-2023-35683

CVE-2023-35683 affects Android’s DatabaseUtils.java (bindSelection) within the MediaProvider component, enabling SQL injection that can allow local information disclosure by accessing files from other apps. Exploitation requires local access with no user interaction, and no explicit exploit detai...

5.5CVSS5.5AI score0.00173EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.136 views

CVE-2023-35687

CVE-2023-35687 affects Google Android, specifically the MtpPropertyValue path in MtpProperty.h. The issue is a memory corruption due to a use-after-free, allowing local escalation of privilege with no additional execution privileges required and without user interaction. In practice, exploitation...

7.8CVSS7.9AI score0.00152EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.136 views

CVE-2023-40076

The CVE-2023-40076 issue concerns Android’s CredentialManagerUi.java: in createPendingIntent, a permissions bypass could allow access to credentials from other users. This represents a local elevation of privilege, with exploitation possible without additional execution privileges or user interac...

5.5CVSS5.7AI score0.02281EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.136 views

CVE-2024-0045

CVE-2024-0045: A vulnerability exists in the smp_proc_sec_req function of smp_act.cc that can trigger an out-of-bounds read due to improper input validation. This may allow remote information disclosure without additional execution privileges and without user interaction. Multiple sources (Androi...

7.5CVSS6.4AI score0.00317EPSS
CVE
CVE
added 2024/04/01 2:34 a.m.136 views

CVE-2024-20040

CVE-2024-20040 affects MediaTek WLAN firmware (MT6XXX/MT79XX) and stems from an out-of-bounds write caused by improper input validation. This could enable remote escalation of privilege with no additional execution privileges required and no user interaction. The CVSSv3.1 base score is 8.8 (HIGH)...

8.8CVSS7.3AI score0.00178EPSS
CVE
CVE
added 2024/06/13 8:48 p.m.136 views

CVE-2024-32929

CVE-2024-32929 affects the Pixel GPU driver path gpu_slc_get_region in pixel_gpu_slc.c. A use-after-free in that function can cause a local elevation of privilege, with no additional execution privileges needed and no user interaction required. Public details across connected records confirm the ...

8.1CVSS7.4AI score0.00209EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.136 views

CVE-2024-34743

CVE-2024-34743 affects Google Android via a logic error in SurfaceFlinger.cpp (setTransactionState) that could enable tapjacking, leading to local elevation of privilege with no user interaction required. The vulnerability is classified as EoP, High severity, with local attack vector and impact t...

7.8CVSS6.8AI score0.00082EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.136 views

CVE-2024-40674

CVE-2024-40674 affects Google Android via WifiConfigurationUtil.java (validateSsid). The issue is a logic error that could overflow a system configuration file, causing a local denial of service without requiring privileges or user interaction. Public details consistently reference Android/WifiCo...

5.3CVSS7.2AI score0.00211EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.135 views

CVE-2017-13230

CVE-2017-13230 affects the Android Media framework, specifically an out-of-bounds write in the HEVC (H.265) codec caused by an incorrect bounds check on i2_pic_width_in_luma_samples. This can enable remote escalation of privilege with no additional execution privileges required, though exploitati...

9.3CVSS8.7AI score0.01941EPSS
CVE
CVE
added 2019/10/11 6:16 p.m.135 views

CVE-2019-2114

CVE-2019-2114 describes a local elevation-of-privilege issue in Android related to NFC default privileges that can bypass part of the user-interaction requirement during package installation. The result could allow a local attacker to install a malicious application and gain higher privileges, wi...

7.8CVSS7.7AI score0.0023EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.135 views

CVE-2021-0317

CVE-2021-0317 is an Elevation of Privilege vulnerability in Android stemming from a logic error in createOrUpdate(...) of Permission.java that could allow local privilege escalation. Affected Android versions include 8.0, 8.1, 9, 10, and 11. The issue requires user interaction to exploit and is c...

7.8CVSS7.6AI score0.002EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.135 views

CVE-2021-0320

CVE-2021-0320 affects Android 10/11, describing a race condition in keystore_keymaster_enforcement.h (is_device_locked and set_device_locked) that could bypass lockscreen requirements for keyguard-bound keys. This may lead to local information disclosure without additional privileges, and exploit...

4.7CVSS4.4AI score0.00104EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.135 views

CVE-2021-0584

CVE-2021-0584 relates to an out-of-bounds read in Android’s Parcel.cpp (verifyBufferObject), caused by improper input validation. The issue can enable local information disclosure without additional privileges or user interaction. Affected Android versions include 8.1, 9, 10, and 11. The descript...

5.5CVSS5AI score0.00115EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.135 views

CVE-2021-0591

CVE-2021-0591 (Android) affects Android 8.1, 9, 10, 11. In BluetoothPermissionActivity.java, sendReplyIntentToReceiver can enable invoking privileged broadcast receivers due to a confusing deputy, enabling local elevation of privilege with User execution privileges needed. Exploitation requires u...

7.3CVSS7.2AI score0.00382EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.135 views

CVE-2021-0918

CVE-2021-0918 affects Android 12 with a Bluetooth GATT vulnerability: in gatt_process_notification (gatt_cl.cc) an out-of-bounds write due to missing bounds check could enable remote code execution via a specially crafted Bluetooth transmission. Exploitation requires no user interaction and can o...

8.8CVSS8.7AI score0.00449EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.135 views

CVE-2022-20117

Mode C: CVE-2022-20117 affects Pixel devices with Titan M (per Pixel Update Bulletin). The Titan M ID vulnerability indicates an information-disclosure issue where local data encrypted by the GSC can be decrypted due to improper crypto usage. Impact is local information disclosure without extra e...

5.5CVSS5.2AI score0.00075EPSS
CVE
CVE
added 2022/08/09 8:23 p.m.135 views

CVE-2022-20356

CVE-2022-20356 affects Android 11/12/12L via the shouldAllowFgsWhileInUsePermissionLocked path in ActiveServices.java. The root cause is improper input validation, allowing a foreground service to be started from the background, causing local elevation of privilege with no additional execution pr...

7.8CVSS7.7AI score0.00106EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.135 views

CVE-2022-20451

CVE-2022-20451 affects Android 10–13 via a missing permission check in onCallRedirectionComplete of CallsManager.java, enabling local elevation of privilege with user interaction required. Red Hat and PT-Security references corroborate the issue; Android security bulletins indicate patches have b...

7.8CVSS7.7AI score0.00102EPSS
CVE
CVE
added 2022/07/06 1:4 p.m.135 views

CVE-2022-21763

CVE-2022-21763 affects the telecom service component; due to a missing permission check, it can disclose local information without extra privileges. Exploitation requires no user interaction. A patch is listed (ALPS07044717/ALPS07044708) and updates are reflected in multiple sources (NVD, Red Hat...

5.5CVSS5.1AI score0.00099EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.135 views

CVE-2023-35658

CVE-2023-35658 affects the Android Bluetooth stack (gatt_process_prep_write_rsp in gatt_cl.cc), where a use-after-free can cause privilege escalation and remote code execution without extra privileges or user interaction. The issue is described across multiple sources as a proximal code execution...

8.8CVSS8.8AI score0.002EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.135 views

CVE-2023-35681

CVE-2023-35681 affects Android’s Bluetooth stack (eatt_impl.h: eatt_l2cap_reconfig_completed). Public sources describe a possible out-of-bounds write caused by an integer overflow, which could allow remote code execution with no additional privileges and without user interaction. The available co...

9.8CVSS9.5AI score0.00538EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.135 views

CVE-2023-40098

The CVE-2023-40098 issue affects Android and stems from a logic error in mOnDone() within NotificationConversationInfo.java, enabling local information disclosure of another user’s app notification data. Exploitation requires local access with no user interaction specified, and the confidentialit...

5.5CVSS5.1AI score0.00121EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.135 views

CVE-2023-40134

CVE-2023-40134 concerns a local information disclosure in the Android UI code path. The vulnerability is described as a confused deputy in isFullScreen/FillUi.java that can allow viewing another user’s images without extra execution privileges and without user interaction. Public sources in the c...

3.3CVSS3.6AI score0.00088EPSS
Total number of security vulnerabilities8153