Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/12/04 11:36 p.m.964 views

CVE-2018-9416

CVE-2018-9416 concerns memory corruption in the Linux kernel SCSI driver, specifically in sg_remove_scat (scsi/sg.c). The root cause is described as an unusual root cause leading to local escalation of privilege with System execution privileges needed; no user interaction required. Connected docu...

10CVSS7AI score0.00165EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.939 views

CVE-2024-40659

CVE-2024-40659 concerns Android’s RemoteProvisioningService.getRegistration, where improper input validation could allow an attacker to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps. This yields a local Denial of Service with...

5.5CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.917 views

CVE-2024-49734

CVE-2024-49734 affects Android’s ConnectivityService.java, enabling a Wi‑Fi AP to infer the site a device connected to via VPN through a side channel, causing remote information disclosure with no extra privileges and no user interaction. The issue is categorized as Information Disclosure with hi...

7.5CVSS6.1AI score0.00276EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.887 views

CVE-2024-49736

CVE-2024-49736 describes a logic error in MainClear.java that could trigger a factory reset without explicit user consent, enabling a local denial-of-service without additional privileges and with no user interaction required. The issue is documented across multiple sources (e.g., NVD/NVD-derived...

5.5CVSS6.7AI score0.00074EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.876 views

CVE-2024-0042

Technical details are not publicly available in the provided documents. No affected products/versions or remediation specifics are listed. Monitor for updates.

7.8CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2017/10/02 9:0 p.m.870 views

CVE-2017-14496

CVE-2017-14496: dnsmasq contains an integer underflow in the EDNS0 add_pseudoheader handling when --add-mac, --add-cpe-id, or --add-subnet is used, allowing a denial of service via crafted DNS requests. Public advisories (CentOS/RH, Arch Linux, AWS ALAS) and Arista note fixes, with upgrades to dn...

7.8CVSS8.1AI score0.66347EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.822 views

CVE-2024-43096

CVE-2024-43096 involves a possible out-of-bounds write in the Bluetooth stack (gatt_sr.cc) within the function build_read_multi_rsp. The root cause is a missing bounds check, which could allow remote code execution with no privileges and no user interaction, when the attacker is proximal/adjacent...

8.8CVSS7.2AI score0.00183EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.821 views

CVE-2024-49744

CVE-2024-49744 targets Android, specifically the AccountManagerService.checkKeyIntentParceledCorrectly path. The issue arises from unsafe deserialization that can bypass parcel mismatch mitigation, enabling local elevation of privilege with no extra privileges beyond those already present; exploi...

7.8CVSS6.9AI score0.00075EPSS
CVE
CVE
added 2025/01/17 11:11 p.m.794 views

CVE-2018-9434

CVE-2018-9434 is evidenced by a Binder Parcel overlap flaw in Android: Parcel data can overlap binder-object metadata, causing kernel pointers to be inserted into attacker-controlled buffers during unmarshalling. This enables information disclosure and an ASLR bypass, potentially allowing local p...

7.8CVSS6.9AI score0.00096EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.785 views

CVE-2024-49738

CVE-2024-49738 is documented across multiple sources as a vulnerability in Google Android involving the function writeInplace in Parcel.cpp. The issue is described as a possible out-of-bounds write in this function, which could enable local escalation of privilege with no additional execution pri...

7.8CVSS7.2AI score0.0008EPSS
CVE
CVE
added 2016/05/05 12:0 a.m.769 views

CVE-2016-2107

CVE-2016-2107 (OpenSSL) is a padding-oracle vulnerability in the AES-NI CBC MAC check. The issue arises in the AES-CBC padding validation where memory allocation during the padding check is mishandled, enabling potential leakage of plaintext under certain conditions. Affected OpenSSL versions inc...

5.9CVSS6.9AI score0.89058EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.769 views

CVE-2024-43765

CVE-2024-43765 is reported across multiple feeds as a local elevation-of-privilege on Android via a tapjacking/overlay attack that can grant access to a folder with user-initiated interaction. Exploitation requires user interaction and occurs in multiple locations; no device-specific proof or exp...

7.8CVSS6.8AI score0.00074EPSS
CVE
CVE
added 2025/01/17 11:17 p.m.768 views

CVE-2018-9401

CVE-2018-9401 describes a kernel memory access vulnerability in user space caused by an incorrect bounds check, enabling local privilege escalation without extra execution privileges and with no user interaction. Connected documents indicate this CVE is associated with Google Pixel/Nexus devices ...

7.8CVSS8.7AI score0.00095EPSS
CVE
CVE
added 2011/06/09 10:0 a.m.762 views

CVE-2011-1823

The CVE-2011-1823 entry concerns the vold volume manager daemon in Android (Android 3.0 and 2.x up to 2.3.4). The vulnerability arises from trusting PF_NETLINK messages, enabling a local attacker to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only ...

7.8CVSS7.5AI score0.41634EPSS
In wild
CVE
CVE
added 2025/01/21 11:4 p.m.759 views

CVE-2023-40132

CVE-2023-40132 affects Google Android through RingtoneManager.setActualDefaultRingtoneUri. The vulnerability arises from a missing permission check when accessing content providers, allowing a local escalation of privilege by bypassing read permissions. Impact is described as local privilege esca...

7.8CVSS7.1AI score0.00083EPSS
CVE
CVE
added 2011/05/16 5:0 p.m.758 views

CVE-2011-0419

CVE-2011-0419 is a stack consumption/DoS vulnerability in the APR library’s fnmatch implementation (apr_fnmatch.c) and, for some platforms, in libc’s fnmatch.c. It affects APR < 1.4.3 and Apache HTTP Server

4.3CVSS7.7AI score0.30406EPSS
CVE
CVE
added 2023/12/08 12:0 a.m.749 views

CVE-2023-45866

CVE-2023-45866 affects BlueZ Bluetooth HID Hosts. The description states that an unauthenticated Peripheral role HID Device could initiate, establish an encrypted connection, and send HID keyboard reports, potentially injecting HID messages when there is no user interaction in the Central role to...

6.3CVSS6.9AI score0.07879EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.745 views

CVE-2024-49737

CVE-2024-49737 affects Google Android. In WindowOrganizerController.java, the function applyTaskFragmentOperation can be misused to launch arbitrary activities as the system UID, constituting a local elevation of privilege with no extra execution privileges and no user interaction required. The C...

7.8CVSS6.9AI score0.00077EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.741 views

CVE-2023-20963

CVE-2023-20963 affects Android WorkSource: a parcel/unparcel mismatch can enable local privilege escalation with no additional execution privileges required. Affected versions include Android 11–13 (11, 12, 12L, 13); patch information is in the March 2023 Android Security Bulletin, with mitigatio...

7.8CVSS7.6AI score0.01445EPSS
In wild
CVE
CVE
added 2022/05/10 7:56 p.m.735 views

CVE-2022-20007

The CVE-2022-20007 issue is a race-condition vulnerability in Android's RootWindowContainer.java (startActivityForAttachedApplicationIfNeeded) that could allow an overlay to fool a foreground app, enabling local privilege escalation. Affected: Android 10–12 (including 12L). Root cause: a race bet...

7CVSS6.9AI score0.00204EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.727 views

CVE-2024-31310

CVE-2024-31310 affects Android: in AutofillManagerServiceImpl.newServiceInfoLocked, improper input validation can allow hiding an enabled Autofill service in the Autofill service settings. Impact is local privilege escalation with high confidentiality/integrity/availability implications, requirin...

7.8CVSS6.8AI score0.00112EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.705 views

CVE-2023-35674

The CVE-2023-35674 issue affects the Android Framework, specifically an onCreate path in WindowState.java that can launch a background activity due to a logic error. This enables local elevation of privilege without extra execution privileges and without user interaction. The Android Security Bul...

8.8CVSS7.7AI score0.02203EPSS
In wild
CVE
CVE
added 2025/01/21 11:4 p.m.684 views

CVE-2024-49735

CVE-2024-49735 affects Google Android (Framework component) with an elevation-of-privilege issue caused by a failure to persist permissions settings due to resource exhaustion. The impact is local privilege escalation with no extra privileges required; exploitation is described as requiring no us...

7.8CVSS6.8AI score0.00073EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.665 views

CVE-2024-49724

CVE-2024-49724 concerns a race-condition flaw in Android’s AccountManagerService.java that could bypass permissions and allow local elevation of privilege by launching protected activities. Exploitation requires user interaction, and affected behavior is described across multiple sources (NVD/NVD...

7CVSS6.9AI score0.0007EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.663 views

CVE-2024-49748

CVE-2024-49748 affects Google Android Bluetooth GATT server code: in gatts_process_primary_service_req of gatt_sr.cc, a heap-based out-of-bounds write could enable remote code execution with no privileges and no user interaction. Impact is contingent on affected Android versions (not explicitly s...

9.8CVSS7.7AI score0.00408EPSS
CVE
CVE
added 2025/01/17 11:13 p.m.661 views

CVE-2018-9461

The CVE-2018-9461 entry describes a race-condition vulnerability in the ShareIntentActivity.java on Android, enabling an app to read files in the Messages app and leading to local privilege escalation without extra execution privileges or user interaction. Several sources (NVD, Red Hat, CVE lists...

7CVSS8.1AI score0.00076EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.655 views

CVE-2024-49733

CVE-2024-49733 affects Google Android, describing a logic error in ServiceListing.java that could allow a malicious app to hide an NLS from Settings, leading to local information disclosure without additional privileges and with no user interaction required. The records from multiple sources (NVD...

5.5CVSS5.9AI score0.0008EPSS
CVE
CVE
added 2023/08/14 9:1 p.m.635 views

CVE-2023-21273

CVE-2023-21273 describes an out-of-bounds write in the Android SDP_AddAttribute path (sdp_db.cc), caused by an incorrect bounds check. The issue can enable remote code execution with no extra privileges and no user interaction, as stated in multiple public sources. Public documents consistently i...

8.8CVSS8.8AI score0.00173EPSS
CVE
CVE
added 2017/09/14 7:0 p.m.607 views

CVE-2017-0781

CVE-2017-0781 is a remote code execution vulnerability in the Android Bluetooth stack (BNEP) that allows crafting packets to overflow a heap buffer and execute code. Connected PoC/Exploit references (BlueBorne) describe Android RCE via the BNEP service and related Bluetooth flaws across Android v...

8.8CVSS8.2AI score0.2285EPSS
CVE
CVE
added 2019/09/06 9:49 p.m.603 views

CVE-2019-9456

CVE-2019-9456 stems from the Android kernel Pixel C USB monitor driver. The issue is an out-of-bounds write caused by a missing bounds check in the Pixel C USB monitor driver, enabling local escalation of privilege to System with no user interaction required. This is described in the CVE entry as...

6.7CVSS7.3AI score0.00197EPSS
CVE
CVE
added 2025/01/17 11:12 p.m.578 views

CVE-2018-9447

CVE-2018-9447 affects Android devices (Pixel/Nexus context) via a vulnerability in EmergencyCallbackModeExitDialog.java where a missing null check in onCreate can crash emergency callback mode, enabling local denial of service without extra privileges. Descriptions across multiple sources confirm...

5.5CVSS6.4AI score0.00091EPSS
CVE
CVE
added 2025/11/18 4:51 a.m.575 views

CVE-2025-48593

The CVE-2025-48593 entry concerns a remote code execution flaw in Android’s system code, specifically within the bta_hf_client_main.cc path (bta_hf_client_cb_init). The root cause is a missing bounds check during processing of network packets, enabling a buffer overflow via memcpy into a fixed-si...

8CVSS7.5AI score0.00911EPSS
CVE
CVE
added 2024/08/19 4:47 p.m.574 views

CVE-2024-32927

CVE-2024-32927 affects Google's Pixel devices via the RadioExt.cpp function sendDeviceState_1_6, where a use-after-free due to improper locking is reported. The vulnerability enables local escalation of privilege with no additional execution privileges required and no user interaction needed, per...

7.8CVSS7.5AI score0.00082EPSS
CVE
CVE
added 2025/01/17 11:9 p.m.564 views

CVE-2018-9379

The CVE-2018-9379 issue affects the Media framework component MiniThumbFile.java on Google Pixel/Nexus devices. Description from multiple sources states a confused-deputy path could allow viewing thumbnails of deleted photos, causing local information disclosure without additional privileges and ...

5.5CVSS5.9AI score0.00099EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.560 views

CVE-2024-49742

CVE-2024-49742 affects Android: in the onCreate of NotificationAccessConfirmationActivity.java, there is a missing permission check that could allow an app with notification access to be hidden in Settings. This could enable local escalation of privilege with no extra execution privileges require...

7.8CVSS7.1AI score0.00073EPSS
CVE
CVE
added 2025/01/17 11:17 p.m.556 views

CVE-2018-9405

CVE-2018-9405 describes a potential out-of-bounds write in BnDmAgent::onTransact (dm_agent.cpp) due to a missing bounds check, enabling local privilege escalation to System level without user interaction. Affected context shown in multiple sources (Android Pixel/Nexus bulletin references and vend...

6.7CVSS8.8AI score0.00103EPSS
CVE
CVE
added 2019/09/06 9:49 p.m.553 views

CVE-2019-9458

CVE-2019-9458 is a Linux kernel video driver use-after-free caused by a race condition, leading to local privilege escalation without user interaction. Multiple connected advisories confirm the issue exists in the Android/Linux kernel/video driver stack and note kernel fixes are needed; no public...

7CVSS7.1AI score0.00171EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.545 views

CVE-2025-0087

CVE-2025-0087 describes a local elevation-of-privilege in Android: in UninstallerActivity.java onCreate, missing permission checks could allow uninstalling another user’s app without user interaction. Several sources (NVD, CNVD/CNNVD, OSV) confirm the issue and classify it as EoP with a CVSSv3.1 ...

5.1CVSS6.1AI score0.00209EPSS
CVE
CVE
added 2016/05/05 12:0 a.m.534 views

CVE-2016-2108

CVE-2016-2108 : OpenSSL’s ASN.1 implementation allows remote attackers to execute arbitrary code or cause a denial of service via a crafted ASN.1 ANY field, due to a buffer underflow/memory corruption when deserializing data. Affected: OpenSSL versions prior to 1.0.1o (and prior to 1.0.2c in the ...

10CVSS8.3AI score0.77906EPSS
CVE
CVE
added 2025/01/17 11:7 p.m.532 views

CVE-2018-9375

CVE-2018-9375 affects Google Android’s UserDictionaryProvider.java, enabling a confused deputy to add/delete words in the user dictionary and cause local privilege escalation without extra execution privileges. Public sources (Android Pixel/Nexus bulletin) list this as a local, low-ex Complexity ...

7.8CVSS6.8AI score0.00201EPSS
CVE
CVE
added 2025/01/17 11:10 p.m.532 views

CVE-2018-9382

CVE-2018-9382 affects Android Wi‑Fi service (WifiServiceImpl.java). A missing permission check can allow activating a Wi‑Fi hotspot from a non‑owner profile, enabling local privilege escalation with no extra execution privileges and no user interaction required. Public data confirms the issue is ...

7.8CVSS6.8AI score0.00077EPSS
CVE
CVE
added 2025/01/17 11:14 p.m.517 views

CVE-2018-9387

CVE-2018-9387 affects the mnh-sm.c component and describes a heap/heap-buffer overflow caused by an integer overflow. The vulnerability enables local escalation of privilege with no additional execution privileges and does not require user interaction. Connected sources (Red Hat, NVD, CVE lists, ...

7.8CVSS9.1AI score0.00103EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.517 views

CVE-2024-43769

CVE-2024-43769 affects Google Android: a logic edge case in PackageManagerService.isPackageDeviceAdmin could prevent CloudDpc uninstallation, enabling local privilege escalation with no extra privileges or user interaction required. Affected component is Android’s PackageManagerService.java; root...

7.8CVSS7.1AI score0.00081EPSS
CVE
CVE
added 2019/08/14 4:27 p.m.515 views

CVE-2019-9506

CVE-2019-9506 affects Bluetooth KNOB (Key Negotiation of Bluetooth) by allowing nearby attackers to influence encryption key length during BR/EDR negotiation, enabling potential eavesdropping and ciphertext injection. Connected sources show this vulnerability being acknowledged by Apple across iO...

8.1CVSS8.4AI score0.02691EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.510 views

CVE-2023-21127

CVE-2023-21127 affects Android (11, 12, 12L, 13) via the NuMediaExtractor.cpp function readSampleData, where an out-of-bounds write on uninitialized data is possible. This can lead to remote code execution with no additional privileges required, with user interaction needed for exploitation. Mult...

8.8CVSS8.8AI score0.0047EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.507 views

CVE-2025-26426

The issue is in Android’s Framework BroadcastController.java, function registerReceiverWithFeatureTraced. Improper input validation can allow receiving broadcasts intended for the android package, enabling local elevation of privilege with no extra execution privileges and no user interaction req...

5.1CVSS6.3AI score0.00098EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.504 views

CVE-2022-26461

CVE-2022-26461 affects the vow component; it involves undefined behavior caused by API misuse that could enable local privilege escalation with system execution privileges required. No user interaction is needed. The vulnerability is associated with patch ALPS07032604 (Issue ALPS07032604). Multip...

6.7CVSS6.6AI score0.001EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.498 views

CVE-2018-9568

This CVE-2018-9568 entry concerns the Linux kernel socket code: In sk_clone_lock of sock.c, a memory corruption due to type confusion could allow local privilege escalation without user interaction. Affected product/version in the initial doc is Android kernel; connected MiracleLinux advisory con...

7.8CVSS7.9AI score0.00715EPSS
CVE
CVE
added 2020/12/14 9:50 p.m.491 views

CVE-2020-0466

CVE-2020-0466 is a use-after-free in eventpoll.c (do_epoll_ctl and ep_loop_check_proc) that can enable local privilege escalation without user interaction. Publicly documented in multiple advisories linked to kernel packages (Unity Linux UTSA-2026-004002/004258, MiracleLinux AXSA advisories, Cent...

7.8CVSS8.2AI score0.00268EPSS
CVE
CVE
added 2020/09/17 3:20 p.m.489 views

CVE-2020-0404

CVE-2020-0404 affects the Android kernel via a vulnerability in uvc_scan_chain_forward() in uvc_driver.c, where an unusual root cause can cause linked list corruption and local privilege escalation without user interaction. Upstream kernel reports indicate this is a kernel linked-list corruption ...

5.5CVSS6.4AI score0.00232EPSS
Total number of security vulnerabilities8153