8153 matches found
CVE-2024-0052
In healthconnect, a vulnerability exists where a missing permission check in several functions can leak exercise route data, causing local information disclosure without extra privileges. The issue is described as a data leakage risk with no user interaction required. CVSS data shows a local atta...
CVE-2024-20148
CVE-2024-20148 concerns MediaTek wlan STA FW where an improper input validation leads to an out-of-bounds write. The vulnerability could enable remote code execution on proximal devices with no privileges and no user interaction required. Patch IDs associated are WCNCR00389045 and ALPS09136494 (M...
CVE-2024-22012
CVE-2024-22012 : A Google Pixel-related out-of-bounds write due to a missing bounds check can lead to local privilege escalation without user interaction. Affected component: Pixel bootloader (per Pixel Update Bulletin).CVSS shows LOCAL access, LOW exploit complexity, and HIGH confidentiality/int...
CVE-2024-31327
CVE-2024-31327 affects Android/libfmq: multiple functions in MessageQueueBase.h may cause an out-of-bounds write due to a race, enabling local escalation of privilege with no user interaction. Exploitation specifics are not provided in the supplied documents. Android security references acknowled...
CVE-2024-43763
CVE-2024-43763 affects Google Android: in build_read_multi_rsp of gatt_sr.cc a logic error can cause remote DoS without user interaction. Impact is denial of service; no exploit details provided here. Remediation is through Android security patches at the 2025-01-01 (and newer) patch level as doc...
CVE-2019-1987
CVE-2019-1987 affects Google Android Framework components (notably a flaw in SkSwizzler.cpp) where a missing bounds check allows an out-of-bounds write, enabling remote code execution in a privileged context. Impact is described as high/severe, requiring user interaction for exploitation, with af...
CVE-2019-2009
CVE-2019-2009 affects Android’s Bluetooth stack, specifically l2c_lcc_proc_pdu in l2c_fcr.cc. The issue is an out-of-bounds write due to a missing bounds check, enabling remote code execution over Bluetooth with no user interaction. Affected products/versions include Android 7.0 through 9 (Androi...
CVE-2020-0122
CVE-2020-0122 affects Android where the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml can bypass permissions, enabling local elevation of privilege with System execution privileges and no user interaction required. Impact is describe...
CVE-2021-0302
CVE-2021-0302 describes a tapjacking/overlay risk in Android’s PackageInstaller caused by an insecure default value, enabling local escalation of privilege with no extra execution privileges and requiring user interaction to exploit. Affected products: Android versions 8.1, 9, and 10 (per the vul...
CVE-2021-0683
CVE-2021-0683 (Android) : In runTraceIpcStop of ActivityManagerShellCommand.java, a confused deputy can trigger deletion of system files, causing local escalation of privilege without additional execution privileges. Affected: Android 8.1, 9, 10, 11. CVSSv3.1 base score 7.8 (HIGH). Exploitation r...
CVE-2021-0968
CVE-2021-0968 affects Android 9–12. The issue is an out-of-bounds write caused by an integer overflow in allocator.cc (osi_malloc/osi_calloc), potentially enabling remote code execution with no user interaction. Public details indicate patch levels for 2021-12-01/2021-12-05 Android Bulletins addr...
CVE-2021-39630
CVE-2021-39630 pertains to Android 12 and affects the OverlayManagerService’s executeRequest path. The issue describes a permissions bypass that could allow an attacker withadb shell access to control fabricated overlays, resulting in local elevation of privilege with no additional execution priv...
CVE-2022-20122
The CVE-2022-20122 entry concerns the PowerVR GPU driver in Android devices. The vulnerability allows unprivileged apps to allocate pinned memory, unpin it to free it, and continue using the page in GPU calls without any privileges, leading to kernel memory corruption. Reported impact is high (CV...
CVE-2022-20416
CVE-2022-20416 involves a bounds-check error in the audioTransportsToHal function of HidlUtils.cpp, causing a possible out-of-bounds write. Affected: Android 12, 12L, 13. Impact: local elevation of privilege with high severity; no user interaction required. Root cause: incorrect bounds check lead...
CVE-2023-20926
CVE-2023-20926 : The issue is a missing permission check in onParentVisible of HeaderPrivacyIconsController.kt that could bypass factory reset protections on Android 12–13, enabling local escalation of privilege with physical device access and no extra execution privileges or user interaction req...
CVE-2023-21105
CVE-2023-21105 affects Android devices (Android 11–13). The vulnerability exists in multiple functions of ChooserActivity.java , caused by a confused deputy leading to a possible cross-user media read. This results in local information disclosure with no extra execution privileges and requires no...
CVE-2023-21145
CVE-2023-21145 corresponds to an Android Framework elevation-of-privilege issue in ActivityRecord.java, specifically in updatePictureInPictureMode, where a logic error could bypass background launch restrictions. The result is local escalation of privilege with no extra execution privileges or us...
CVE-2023-35682
CVE-2023-35682 affects Android components via a flaw in hasPermissionForActivity in PackageManagerHelper.java, enabling a confused deputy to start arbitrary components and potentially achieve local elevation of privilege. Exploitation requires user interaction, and the base CVSS indicates local a...
CVE-2023-35684
CVE-2023-35684 is described across multiple sources as a vulnerability in the Android Bluetooth stack: in the function avdt_msg_asmbl of avdt_msg.cc there is a possible out-of-bounds write caused by an integer overflow that could allow paired devices to escalate privileges with no extra execution...
CVE-2023-40137
CVE-2023-40137 affects Android’s DialogFillUi.java and enables local information disclosure of other users’ images due to a confused deputy, with no extra privileges or user interaction required. The vulnerability is documented across multiple sources (NVD entry, CVE list, OSV/ARMS-like records) ...
CVE-2025-27700
CVE-2025-27700 is an elevation-of-privilege issue described for Google Pixel devices. The vulnerability enables a local escalation of privilege via bypassing carrier restrictions with no extra execution privileges or user interaction required; exploitation is local. The NVD entry lists CVSSv3.1: ...
CVE-2019-2019
CVE-2019-2019 describes a local information-disclosure vulnerability in Android where, in ce_t4t_data_cback of ce_t4t.cc, an out-of-bounds read can occur due to a missing bounds check. The issue could allow leakage of information without extra execution privileges, requiring user interaction to e...
CVE-2019-2054
CVE-2019-2054 involves a seccomp bypass in the Android/Linux kernel prior to 4.8, where seccomp policies allow ptrace usage. This could enable local privilege escalation without additional execution privileges and without user interaction. The core issue is that certain seccomp policies permit pt...
CVE-2019-2185
CVE-2019-2185: Out-of-bounds write in VlcDequantH263IntraBlock_SH (vlc_dequant.cpp) can lead to remote code execution. Affected Android versions include 7.1.1, 7.1.2, 8.0, 8.1, 9, 10; vulnerability located in Android Media framework. Exploitation requires user interaction. Remediation is provided...
CVE-2020-0259
CVE-2020-0259 affects the Android kernel AMLogic dm-verity component (dm-android-verity.c). The vulnerability arises from improper crypto usage in android_verity_ctr, allowing a local attacker to modify a dm-verity protected filesystem and gain elevation of privilege with no additional execution ...
CVE-2021-0304
CVE-2021-0304 affects Android, describing an information-disclosure risk in GlobalScreenshot.java due to an unsafe PendingIntent. Exploitation requires local access with User privileges and does not require user interaction. Affected versions include Android 8.0, 8.1, 9, and 10. The issue could a...
CVE-2021-0321
CVE-2021-0321 affects Android 11 and is linked to a fault in ActivityManagerService.enforceDumpPermissionForPackage. It may allow a local attacker to determine if a package is installed via a side-channel information disclosure, with no additional privileges and no user interaction required. The ...
CVE-2021-0332
CVE-2021-0332 affects Android’s Media/Graphics stack (SurfaceFlinger) where a use-after-free in bootFinished can cause memory corruption, enabling local privilege escalation with low complexity and no user interaction. Affected: Android 10 and 11. Root cause: memory corruption via use-after-free ...
CVE-2021-0430
CVE-2021-0430 affects the Android System component. In rw_mfc_handle_read_op (rw_mfc.cc) there is a missing bounds check that allows an out-of-bounds write, enabling remote code execution via a malicious NFC packet with no user interaction. Affected: Android 10 and 11. Impact: RCE with high confi...
CVE-2021-0478
Technical details beyond the initial description are not provided in the connected documents. Monitor for updates from Android/vendor advisories to confirm affected components, root cause, and fixes.
CVE-2021-0506
CVE-2021-0506 corresponds to a tapjacking/overlay bypass in ActivityPicker.java that can bypass required user interaction during intent resolution, enabling local elevation of privilege with User execution privileges needed. Affected products/versions include Android 8.1, 9, 10, and 11. The vulne...
CVE-2021-0652
Technical details for CVE-2021-0652 are not available in the provided connected documents. The Initial document notes a memory corruption in VectorDrawable and local privilege escalation on Android, but there are no specific product/version, exploit, impact, or remediation details in the supplied...
CVE-2021-39676
CVE-2021-39676 — Android 11 : The flaw resides in the AndroidFuture.java writeThrowable path, where a parcel serialization/deserialization mismatch occurs due to improper input validation. This enables local escalation of privilege with no additional execution privileges required, and does not re...
CVE-2022-20235
CVE-2022-20235 describes a memory corruption risk in the PowerVR GPU kernel driver for Android SoCs caused by a flaw in the Information Page of the driver’s cache subsystem. Prior to DDK 1.18, a user-space process could write arbitrary data to that page (the page is normally writable only by the ...
CVE-2022-20468
CVE-2022-20468: A Bluetooth out-of-bounds read in Android’s BNEP_ConnectResp (bnep_api.cc) due to an incorrect bounds check. Affects Android-10/11/12/12L/13; could lead to local information disclosure with no privileges required. Public sources confirm Android security bulletin references and pat...
CVE-2022-44435
CVE-2022-44435 describes a missing permission check in the Android messaging service, enabling local denial of service in the contacts service with no extra privileges. The issue is listed across multiple sources (NVD/NIST, Red Hat advisory, CVE list) and is associated with Unisoc components with...
CVE-2023-20940
Summary: CVE-2023-20940 affects Android 13. A vulnerability in the boot partition handling caused by improper use of crypto allows local escalation of privilege without user interaction. The issue’s impact is described as high (EoP) with CVSSv3.1 metrics showing attack vector LOCAL, privileges re...
CVE-2023-21122
CVE-2023-21122 is an Android local-EoP flaw: bypass of DISALLOW_DEBUGGING_FEATURES due to a missing permission check in various files/functions, enabling escalation with no extra privileges and no user interaction. Affected: Android 11–13. Exploitation is local and relies on access to the device....
CVE-2023-21142
CVE-2023-21142 involves a permissions bypass that can allow access to traces in Android dev mode, causing local information disclosure without extra execution privileges. Affected products listed in sources include Android 11–13. Root cause centers on improper access controls for trace data in de...
CVE-2023-21271
CVE-2023-21271 : In the parseInputs function of ShimPreparedModel.cpp, there is an out-of-bounds read due to improper input validation, potentially enabling local information disclosure without user interaction. This is a local information disclosure vulnerability with high confidentiality impact...
CVE-2023-21283
CVE-2023-21283 affects Google Android (StatusHints.java) and describes a local information disclosure via a confused deputy vulnerability. The issue allows revealing images across users and requires user interaction to exploit; no additional execution privileges are stated. The available connecte...
CVE-2024-0025
CVE-2024-0025 concerns a logic error in the Android framework (ActivityManagerService.sendIntentSender) that can enable a local elevation of privilege through a background activity launch. Affected component is Android’s system services (ActivityManagerService); no specific product/version is dis...
CVE-2019-2023
CVE-2019-2023 affects Android's hardware ServiceManager::add, where an insecure PID-based permissions check can let an app add or replace a HAL service, enabling code execution in a privileged process. Supported in multiple feeds (NVD, Red Hat, PRION, CIRCL) with exploited/attack data referenced ...
CVE-2020-0074
CVE-2020-0074 is a local elevation of privilege vulnerability in Android Framework (PackageManagerService.verifyIntentFiltersIfNeeded) that could allow a malicious app to become the default handler for arbitrary domains without user interaction. Impact, per sources, is local access to elevated pr...
CVE-2021-0961
CVE-2021-0961 affects the Android kernel via quota_proc_write in xt_quota2.c, enabling information disclosure by reading kernel memory due to uninitialized data. Impact is local: requires SYSTEM privileges with local access; user interaction is not required. Affected product scope is Android kern...
CVE-2021-39666
CVE-2021-39666 describes a vulnerability in Android where an out-of-bounds read in the MediaMetricsItem.h extractor may allow local information disclosure without extra privileges or user interaction. Affected software is Android 11 and Android 12; the description specifies the root cause as impr...
CVE-2022-20028
The CVE-2022-20028 entry concerns a Bluetooth out-of-bounds write due to a missing bounds check, enabling local privilege escalation without user interaction. Public documents tie this to MediaTek Bluetooth components exposed in Android devices and list Patch ALPS06198663 as the fix. Exploitation...
CVE-2022-42772
CVE-2022-42772 affects the WLAN driver and is caused by a missing bounds check, which could lead to a local denial of service in WLAN services. The connected documents do not specify exact affected product versions or a direct patch, but Android security bulletins indicate that patch levels 2022-...
CVE-2023-21099
CVE-2023-21099 affects Android via a logic error in the PackageInstallerSession.java component that can let an attacker start foreground services from the background, enabling local elevation of privilege with no extra execution privileges or user interaction. Affected Android versions include 11...
CVE-2023-21244
CVE-2023-21244 affects Android components, specifically in Notification.java (visitUris), where a missing permission check can bypass user profile boundaries, enabling local escalation of privilege with User execution privileges required and no user interaction needed. The vulnerability is discus...