Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/03/11 4:35 p.m.135 views

CVE-2024-0052

In healthconnect, a vulnerability exists where a missing permission check in several functions can leak exercise route data, causing local information disclosure without extra privileges. The issue is described as a data leakage risk with no user interaction required. CVSS data shows a local atta...

6.2CVSS6.1AI score0.00103EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.135 views

CVE-2024-20148

CVE-2024-20148 concerns MediaTek wlan STA FW where an improper input validation leads to an out-of-bounds write. The vulnerability could enable remote code execution on proximal devices with no privileges and no user interaction required. Patch IDs associated are WCNCR00389045 and ALPS09136494 (M...

9.8CVSS7.8AI score0.00259EPSS
CVE
CVE
added 2024/02/07 3:49 p.m.135 views

CVE-2024-22012

CVE-2024-22012 : A Google Pixel-related out-of-bounds write due to a missing bounds check can lead to local privilege escalation without user interaction. Affected component: Pixel bootloader (per Pixel Update Bulletin).CVSS shows LOCAL access, LOW exploit complexity, and HIGH confidentiality/int...

7.8CVSS7.8AI score0.00089EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.135 views

CVE-2024-31327

CVE-2024-31327 affects Android/libfmq: multiple functions in MessageQueueBase.h may cause an out-of-bounds write due to a race, enabling local escalation of privilege with no user interaction. Exploitation specifics are not provided in the supplied documents. Android security references acknowled...

7CVSS6.9AI score0.00082EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.135 views

CVE-2024-43763

CVE-2024-43763 affects Google Android: in build_read_multi_rsp of gatt_sr.cc a logic error can cause remote DoS without user interaction. Impact is denial of service; no exploit details provided here. Remediation is through Android security patches at the 2025-01-01 (and newer) patch level as doc...

6.5CVSS6.6AI score0.00117EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.134 views

CVE-2019-1987

CVE-2019-1987 affects Google Android Framework components (notably a flaw in SkSwizzler.cpp) where a missing bounds check allows an out-of-bounds write, enabling remote code execution in a privileged context. Impact is described as high/severe, requiring user interaction for exploitation, with af...

9.3CVSS8.1AI score0.01245EPSS
CVE
CVE
added 2019/06/19 7:57 p.m.134 views

CVE-2019-2009

CVE-2019-2009 affects Android’s Bluetooth stack, specifically l2c_lcc_proc_pdu in l2c_fcr.cc. The issue is an out-of-bounds write due to a missing bounds check, enabling remote code execution over Bluetooth with no user interaction. Affected products/versions include Android 7.0 through 9 (Androi...

8.8CVSS8.8AI score0.0061EPSS
CVE
CVE
added 2020/07/17 8:9 p.m.134 views

CVE-2020-0122

CVE-2020-0122 affects Android where the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml can bypass permissions, enabling local elevation of privilege with System execution privileges and no user interaction required. Impact is describe...

7.2CVSS6.5AI score0.00171EPSS
CVE
CVE
added 2021/02/10 4:48 p.m.134 views

CVE-2021-0302

CVE-2021-0302 describes a tapjacking/overlay risk in Android’s PackageInstaller caused by an insecure default value, enabling local escalation of privilege with no extra execution privileges and requiring user interaction to exploit. Affected products: Android versions 8.1, 9, and 10 (per the vul...

9.3CVSS7.7AI score0.00705EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.134 views

CVE-2021-0683

CVE-2021-0683 (Android) : In runTraceIpcStop of ActivityManagerShellCommand.java, a confused deputy can trigger deletion of system files, causing local escalation of privilege without additional execution privileges. Affected: Android 8.1, 9, 10, 11. CVSSv3.1 base score 7.8 (HIGH). Exploitation r...

7.8CVSS7.7AI score0.00218EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.134 views

CVE-2021-0968

CVE-2021-0968 affects Android 9–12. The issue is an out-of-bounds write caused by an integer overflow in allocator.cc (osi_malloc/osi_calloc), potentially enabling remote code execution with no user interaction. Public details indicate patch levels for 2021-12-01/2021-12-05 Android Bulletins addr...

8.8CVSS8.5AI score0.00651EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.134 views

CVE-2021-39630

CVE-2021-39630 pertains to Android 12 and affects the OverlayManagerService’s executeRequest path. The issue describes a permissions bypass that could allow an attacker withadb shell access to control fabricated overlays, resulting in local elevation of privilege with no additional execution priv...

7.8CVSS7.7AI score0.00124EPSS
CVE
CVE
added 2022/08/24 1:43 p.m.134 views

CVE-2022-20122

The CVE-2022-20122 entry concerns the PowerVR GPU driver in Android devices. The vulnerability allows unprivileged apps to allocate pinned memory, unpin it to free it, and continue using the page in GPU calls without any privileges, leading to kernel memory corruption. Reported impact is high (CV...

9.8CVSS8.7AI score0.00355EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.134 views

CVE-2022-20416

CVE-2022-20416 involves a bounds-check error in the audioTransportsToHal function of HidlUtils.cpp, causing a possible out-of-bounds write. Affected: Android 12, 12L, 13. Impact: local elevation of privilege with high severity; no user interaction required. Root cause: incorrect bounds check lead...

7.8CVSS7.7AI score0.00136EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.134 views

CVE-2023-20926

CVE-2023-20926 : The issue is a missing permission check in onParentVisible of HeaderPrivacyIconsController.kt that could bypass factory reset protections on Android 12–13, enabling local escalation of privilege with physical device access and no extra execution privileges or user interaction req...

6.8CVSS6.6AI score0.00142EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.134 views

CVE-2023-21105

CVE-2023-21105 affects Android devices (Android 11–13). The vulnerability exists in multiple functions of ChooserActivity.java , caused by a confused deputy leading to a possible cross-user media read. This results in local information disclosure with no extra execution privileges and requires no...

5.5CVSS5AI score0.00103EPSS
CVE
CVE
added 2023/07/12 11:18 p.m.134 views

CVE-2023-21145

CVE-2023-21145 corresponds to an Android Framework elevation-of-privilege issue in ActivityRecord.java, specifically in updatePictureInPictureMode, where a logic error could bypass background launch restrictions. The result is local escalation of privilege with no extra execution privileges or us...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.134 views

CVE-2023-35682

CVE-2023-35682 affects Android components via a flaw in hasPermissionForActivity in PackageManagerHelper.java, enabling a confused deputy to start arbitrary components and potentially achieve local elevation of privilege. Exploitation requires user interaction, and the base CVSS indicates local a...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.134 views

CVE-2023-35684

CVE-2023-35684 is described across multiple sources as a vulnerability in the Android Bluetooth stack: in the function avdt_msg_asmbl of avdt_msg.cc there is a possible out-of-bounds write caused by an integer overflow that could allow paired devices to escalate privileges with no extra execution...

8.8CVSS8.7AI score0.00148EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.134 views

CVE-2023-40137

CVE-2023-40137 affects Android’s DialogFillUi.java and enables local information disclosure of other users’ images due to a confused deputy, with no extra privileges or user interaction required. The vulnerability is documented across multiple sources (NVD entry, CVE list, OSV/ARMS-like records) ...

3.3CVSS3.6AI score0.00091EPSS
CVE
CVE
added 2025/05/27 3:41 p.m.134 views

CVE-2025-27700

CVE-2025-27700 is an elevation-of-privilege issue described for Google Pixel devices. The vulnerability enables a local escalation of privilege via bypassing carrier restrictions with no extra execution privileges or user interaction required; exploitation is local. The NVD entry lists CVSSv3.1: ...

8.4CVSS7.2AI score0.00105EPSS
CVE
CVE
added 2019/06/19 8:3 p.m.133 views

CVE-2019-2019

CVE-2019-2019 describes a local information-disclosure vulnerability in Android where, in ce_t4t_data_cback of ce_t4t.cc, an out-of-bounds read can occur due to a missing bounds check. The issue could allow leakage of information without extra execution privileges, requiring user interaction to e...

7.1CVSS6.2AI score0.00879EPSS
CVE
CVE
added 2019/05/08 4:32 p.m.133 views

CVE-2019-2054

CVE-2019-2054 involves a seccomp bypass in the Android/Linux kernel prior to 4.8, where seccomp policies allow ptrace usage. This could enable local privilege escalation without additional execution privileges and without user interaction. The core issue is that certain seccomp policies permit pt...

7.8CVSS7.5AI score0.00632EPSS
CVE
CVE
added 2019/10/11 6:15 p.m.133 views

CVE-2019-2185

CVE-2019-2185: Out-of-bounds write in VlcDequantH263IntraBlock_SH (vlc_dequant.cpp) can lead to remote code execution. Affected Android versions include 7.1.1, 7.1.2, 8.0, 8.1, 9, 10; vulnerability located in Android Media framework. Exploitation requires user interaction. Remediation is provided...

9.3CVSS8.7AI score0.01345EPSS
CVE
CVE
added 2020/08/11 7:32 p.m.133 views

CVE-2020-0259

CVE-2020-0259 affects the Android kernel AMLogic dm-verity component (dm-android-verity.c). The vulnerability arises from improper crypto usage in android_verity_ctr, allowing a local attacker to modify a dm-verity protected filesystem and gain elevation of privilege with no additional execution ...

7.8CVSS7.6AI score0.0016EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.133 views

CVE-2021-0304

CVE-2021-0304 affects Android, describing an information-disclosure risk in GlobalScreenshot.java due to an unsafe PendingIntent. Exploitation requires local access with User privileges and does not require user interaction. Affected versions include Android 8.0, 8.1, 9, and 10. The issue could a...

5.5CVSS5AI score0.00169EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.133 views

CVE-2021-0321

CVE-2021-0321 affects Android 11 and is linked to a fault in ActivityManagerService.enforceDumpPermissionForPackage. It may allow a local attacker to determine if a package is installed via a side-channel information disclosure, with no additional privileges and no user interaction required. The ...

5.5CVSS4.9AI score0.00153EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.133 views

CVE-2021-0332

CVE-2021-0332 affects Android’s Media/Graphics stack (SurfaceFlinger) where a use-after-free in bootFinished can cause memory corruption, enabling local privilege escalation with low complexity and no user interaction. Affected: Android 10 and 11. Root cause: memory corruption via use-after-free ...

7.8CVSS7.8AI score0.00242EPSS
CVE
CVE
added 2021/04/13 6:25 p.m.133 views

CVE-2021-0430

CVE-2021-0430 affects the Android System component. In rw_mfc_handle_read_op (rw_mfc.cc) there is a missing bounds check that allows an out-of-bounds write, enabling remote code execution via a malicious NFC packet with no user interaction. Affected: Android 10 and 11. Impact: RCE with high confi...

10CVSS9.3AI score0.02846EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.133 views

CVE-2021-0478

Technical details beyond the initial description are not provided in the connected documents. Monitor for updates from Android/vendor advisories to confirm affected components, root cause, and fixes.

7.8CVSS7.7AI score0.00253EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.133 views

CVE-2021-0506

CVE-2021-0506 corresponds to a tapjacking/overlay bypass in ActivityPicker.java that can bypass required user interaction during intent resolution, enabling local elevation of privilege with User execution privileges needed. Affected products/versions include Android 8.1, 9, 10, and 11. The vulne...

7.3CVSS7.2AI score0.00282EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.133 views

CVE-2021-0652

Technical details for CVE-2021-0652 are not available in the provided connected documents. The Initial document notes a memory corruption in VectorDrawable and local privilege escalation on Android, but there are no specific product/version, exploit, impact, or remediation details in the supplied...

7.8CVSS7.5AI score0.00174EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.133 views

CVE-2021-39676

CVE-2021-39676 — Android 11 : The flaw resides in the AndroidFuture.java writeThrowable path, where a parcel serialization/deserialization mismatch occurs due to improper input validation. This enables local escalation of privilege with no additional execution privileges required, and does not re...

7.8CVSS7.7AI score0.00123EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.133 views

CVE-2022-20235

CVE-2022-20235 describes a memory corruption risk in the PowerVR GPU kernel driver for Android SoCs caused by a flaw in the Information Page of the driver’s cache subsystem. Prior to DDK 1.18, a user-space process could write arbitrary data to that page (the page is normally writable only by the ...

5.5CVSS5.5AI score0.00115EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.133 views

CVE-2022-20468

CVE-2022-20468: A Bluetooth out-of-bounds read in Android’s BNEP_ConnectResp (bnep_api.cc) due to an incorrect bounds check. Affects Android-10/11/12/12L/13; could lead to local information disclosure with no privileges required. Public sources confirm Android security bulletin references and pat...

6.5CVSS5.9AI score0.00141EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.133 views

CVE-2022-44435

CVE-2022-44435 describes a missing permission check in the Android messaging service, enabling local denial of service in the contacts service with no extra privileges. The issue is listed across multiple sources (NVD/NIST, Red Hat advisory, CVE list) and is associated with Unisoc components with...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.133 views

CVE-2023-20940

Summary: CVE-2023-20940 affects Android 13. A vulnerability in the boot partition handling caused by improper use of crypto allows local escalation of privilege without user interaction. The issue’s impact is described as high (EoP) with CVSSv3.1 metrics showing attack vector LOCAL, privileges re...

7.8CVSS7.6AI score0.00062EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.133 views

CVE-2023-21122

CVE-2023-21122 is an Android local-EoP flaw: bypass of DISALLOW_DEBUGGING_FEATURES due to a missing permission check in various files/functions, enabling escalation with no extra privileges and no user interaction. Affected: Android 11–13. Exploitation is local and relies on access to the device....

7.8CVSS7.7AI score0.00105EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.133 views

CVE-2023-21142

CVE-2023-21142 involves a permissions bypass that can allow access to traces in Android dev mode, causing local information disclosure without extra execution privileges. Affected products listed in sources include Android 11–13. Root cause centers on improper access controls for trace data in de...

5.5CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2023/08/14 9:0 p.m.133 views

CVE-2023-21271

CVE-2023-21271 : In the parseInputs function of ShimPreparedModel.cpp, there is an out-of-bounds read due to improper input validation, potentially enabling local information disclosure without user interaction. This is a local information disclosure vulnerability with high confidentiality impact...

5.5CVSS5.1AI score0.00087EPSS
CVE
CVE
added 2023/08/14 9:5 p.m.133 views

CVE-2023-21283

CVE-2023-21283 affects Google Android (StatusHints.java) and describes a local information disclosure via a confused deputy vulnerability. The issue allows revealing images across users and requires user interaction to exploit; no additional execution privileges are stated. The available connecte...

5.5CVSS5.2AI score0.00109EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.133 views

CVE-2024-0025

CVE-2024-0025 concerns a logic error in the Android framework (ActivityManagerService.sendIntentSender) that can enable a local elevation of privilege through a background activity launch. Affected component is Android’s system services (ActivityManagerService); no specific product/version is dis...

7.8CVSS7AI score0.00107EPSS
CVE
CVE
added 2019/06/19 8:5 p.m.132 views

CVE-2019-2023

CVE-2019-2023 affects Android's hardware ServiceManager::add, where an insecure PID-based permissions check can let an app add or replace a HAL service, enabling code execution in a privileged process. Supported in multiple feeds (NVD, Red Hat, PRION, CIRCL) with exploited/attack data referenced ...

7.8CVSS7.5AI score0.00489EPSS
CVE
CVE
added 2020/09/17 3:21 p.m.132 views

CVE-2020-0074

CVE-2020-0074 is a local elevation of privilege vulnerability in Android Framework (PackageManagerService.verifyIntentFiltersIfNeeded) that could allow a malicious app to become the default handler for arbitrary domains without user interaction. Impact, per sources, is local access to elevated pr...

7.8CVSS7.7AI score0.00219EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.132 views

CVE-2021-0961

CVE-2021-0961 affects the Android kernel via quota_proc_write in xt_quota2.c, enabling information disclosure by reading kernel memory due to uninitialized data. Impact is local: requires SYSTEM privileges with local access; user interaction is not required. Affected product scope is Android kern...

4.4CVSS4.2AI score0.00146EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.132 views

CVE-2021-39666

CVE-2021-39666 describes a vulnerability in Android where an out-of-bounds read in the MediaMetricsItem.h extractor may allow local information disclosure without extra privileges or user interaction. Affected software is Android 11 and Android 12; the description specifies the root cause as impr...

5.5CVSS5AI score0.00111EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.132 views

CVE-2022-20028

The CVE-2022-20028 entry concerns a Bluetooth out-of-bounds write due to a missing bounds check, enabling local privilege escalation without user interaction. Public documents tie this to MediaTek Bluetooth components exposed in Android devices and list Patch ALPS06198663 as the fix. Exploitation...

7.8CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.132 views

CVE-2022-42772

CVE-2022-42772 affects the WLAN driver and is caused by a missing bounds check, which could lead to a local denial of service in WLAN services. The connected documents do not specify exact affected product versions or a direct patch, but Android security bulletins indicate that patch levels 2022-...

5.5CVSS5.3AI score0.00081EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.132 views

CVE-2023-21099

CVE-2023-21099 affects Android via a logic error in the PackageInstallerSession.java component that can let an attacker start foreground services from the background, enabling local elevation of privilege with no extra execution privileges or user interaction. Affected Android versions include 11...

7.8CVSS7.6AI score0.00095EPSS
CVE
CVE
added 2023/10/06 6:48 p.m.132 views

CVE-2023-21244

CVE-2023-21244 affects Android components, specifically in Notification.java (visitUris), where a missing permission check can bypass user profile boundaries, enabling local escalation of privilege with User execution privileges required and no user interaction needed. The vulnerability is discus...

6.7CVSS6.7AI score0.00129EPSS
Total number of security vulnerabilities8153