Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/10/06 6:48 p.m.132 views

CVE-2023-21244

CVE-2023-21244 affects Android components, specifically in Notification.java (visitUris), where a missing permission check can bypass user profile boundaries, enabling local escalation of privilege with User execution privileges required and no user interaction needed. The vulnerability is discus...

6.7CVSS6.7AI score0.00129EPSS
CVE
CVE
added 2023/08/14 9:1 p.m.132 views

CVE-2023-21275

CVE-2023-21275 is an Android elevation-of-privilege vulnerability caused by a logic error in DecideCancelProvisioningDialog within AdminIntegratedFlowPrepareActivity.java. The flaw could allow a local attacker to bypass factory reset protections with no extra privileges and without user interacti...

7.8CVSS7.7AI score0.00215EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.132 views

CVE-2023-35664

CVE-2023-35664 corresponds to an information-disclosure flaw in Android related to an out-of-bounds read in the ShimConverter.cpp function convertSubgraphFromHAL. The issue arises from a missing bounds check, enabling a local attacker to read sensitive information without additional execution pri...

5.5CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.132 views

CVE-2023-35679

The CVE-2023-35679 entry concerns information disclosure in Android via an out-of-bounds read in MtpPropertyValue (MtpProperty.h) caused by uninitialized data. Affected component is the MTP property handling code; the issue enables local information disclosure with no extra execution privileges, ...

5.5CVSS5AI score0.00096EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.132 views

CVE-2024-20144

CVE-2024-20144 affects V6 DA, with an out-of-bounds write caused by a missing bounds check. This can enable local escalation of privilege when an attacker has physical access, requiring user interaction for exploitation. Patch ALPS09167056 fixes MSV-2041 for affected devices. No explicit exploita...

6.6CVSS7.1AI score0.0011EPSS
CVE
CVE
added 2020/07/17 8:8 p.m.131 views

CVE-2020-0107

CVE-2020-0107 affects Android 10 via a flaw in PhoneInterfaceManager.getUiccCardsInfo where improper input validation enables a local information disclosure without additional privileges. The issue is a permissions bypass with no user interaction required. Exploitation details are not provided be...

5.5CVSS5.1AI score0.0014EPSS
CVE
CVE
added 2021/02/10 4:48 p.m.131 views

CVE-2021-0337

CVE-2021-0337 affects Android (8.1–11) via moveInMediaStore in FileSystemProvider.java. A stale-metadata file exposure could enable local escalation of privilege with User execution privileges; exploitation does not require user interaction. Public technical details are limited in the provided do...

7.8CVSS7.6AI score0.00169EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.131 views

CVE-2021-0935

The CVE-2021-0935 entry concerns the Linux kernel IPv6 path: in ip6_xmit() within ip6_output.c, an out-of-bounds write can occur due to a use-after-free, enabling locally escalated privileges with SYSTEM/root rights. Exploitation details are not provided in the supplied documents. Some connected ...

7.2CVSS6.8AI score0.00191EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.131 views

CVE-2021-39628

CVE-2021-39628 affects Android (StatusBar.java): a logic error can disclose notification content on the lockscreen, causing local information disclosure without user interaction. The vulnerability is described for Android 10 and 11, with a local attack vector and partial confidentiality impact. T...

3.3CVSS3.6AI score0.00117EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.131 views

CVE-2021-39632

CVE-2021-39632 : A bug in Android’s inotify_cb function (events.cpp) allows an out-of-bounds write due to an incorrect bounds check, enabling local privilege escalation without extra privileges or user interaction. Affected: Android 11 and 12 (Android devices with this code path). The issue is de...

7.8CVSS7.7AI score0.00122EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.131 views

CVE-2023-21090

CVE-2023-21090 affects Android 13 with a vulnerability in parseUsesPermission of ParsingPackageUtils.java that can cause a boot loop from resource exhaustion, leading to local denial of service. Exploitation requires user interaction and is local in scope; no remote/external vector is described i...

5CVSS5AI score0.00092EPSS
CVE
CVE
added 2024/02/16 6:33 p.m.131 views

CVE-2023-21165

CVE-2023-21165 concerns a use-after-free in the DevmemIntUnmapPMR function of devicemem_server.c, leading to possible arbitrary code execution and local privilege escalation in the kernel. Multiple connected sources corroborate the issue and its kernel-level impact, with the vulnerability enablin...

8.4CVSS7.5AI score0.00088EPSS
CVE
CVE
added 2023/07/12 11:33 p.m.131 views

CVE-2023-21257

CVE-2023-21257 is an Android Framework elevation-of-privilege issue. In the function updateSettingsInternalLI of InstallPackageHelper.java , a missing permission check could allow sideloading an app into the work profile, enabling local privilege escalation with no extra execution privileges requ...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/08/14 9:4 p.m.131 views

CVE-2023-21280

The CVE-2023-21280 issue affects Android’s MediaSessionRecord.java in setMediaButtonBroadcastReceiver, causing a possible permanent DoS via resource exhaustion. Exploitation requires local access (AV:L, PR:L) with no user interaction, and no additional privileges are needed. The initial entry and...

5.5CVSS5.4AI score0.00085EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.131 views

CVE-2024-43091

Summary: CVE-2024-43091 is a Google Android/Skia vulnerability in the SkEmbossMaskFilter.cpp function filterMask. The issue is a possible out-of-bounds write caused by an integer overflow, which could allow remote code execution with no extra privileges and no user interaction, as described in th...

9.8CVSS7.9AI score0.00493EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.130 views

CVE-2015-3864

CVE-2015-3864 is a remote-code-execution vulnerability in Android’s mediaserver (libstagefright). It arises from an integer underflow when parsing the MPEG-4 tx3g chunk in the Stagefright parser, enabling crafted MPEG-4 data to corrupt memory. The issue is tied to an incomplete fix for CVE-2015-3...

10CVSS7.8AI score0.87125EPSS
Web
CVE
CVE
added 2020/11/10 12:51 p.m.130 views

CVE-2020-0424

CVE-2020-0424 is an Android System vulnerability where an out-of-bounds read in res_send.cpp (send_vc) can disclose local information due to an incorrect bounds check. Affected: Android-11, Android-9, Android-10. Impact: information disclosure with no extra privileges or user interaction required...

5.5CVSS5AI score0.00158EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.130 views

CVE-2021-0352

CVE-2021-0352 affects Android (Android-10/Android-11) via memory corruption in the RT regmap driver caused by a type confusion. This can lead to local denial of service with system execution privileges, and exploitation requires no user interaction. The patch referenced is ALPS05453809. The vulne...

4.4CVSS4.8AI score0.00143EPSS
CVE
CVE
added 2021/03/10 3:36 p.m.130 views

CVE-2021-0396

CVE-2021-0396: In Android, a bounds-check bug in Builtins::Generate_ArgumentsAdaptorTrampoline (builtins-arm.cc and related files) allows an out-of-bounds write, potentially enabling remote code execution in an unprivileged process with no privileges required and no user interaction. Affected: An...

9.8CVSS9.3AI score0.0193EPSS
CVE
CVE
added 2021/07/14 1:43 p.m.130 views

CVE-2021-0514

CVE-2021-0514 affects the Android platform through a race condition in several functions of the V8 library, causing a use-after-free that can enable remote code execution in an unprivileged process. Exploitation is possible with network access (no user interaction required) and affects Android ve...

9.3CVSS8.3AI score0.011EPSS
CVE
CVE
added 2021/10/22 1:26 p.m.130 views

CVE-2021-0651

Technical details about CVE-2021-0651 beyond the initial description are not publicly provided in the connected documents. Please monitor for updates from official advisories.

5.5CVSS5.5AI score0.0012EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.130 views

CVE-2021-0675

The CVE-2021-0675 entry affects the alac decoder and is due to an incorrect bounds check, causing an out-of-bounds write that enables local privilege escalation without user interaction. Documented impact and exploitation status indicate local escalation of privilege with complete confidentiality...

7.8CVSS7.8AI score0.00538EPSS
CVE
CVE
added 2021/10/06 2:10 p.m.130 views

CVE-2021-0688

CVE-2021-0688 is a local privilege-escalation race-condition vulnerability in Android affecting PhoneWindowManager.lockNow (lock screen bypass). Exploitation could grant higher privileges without user interaction; impact is described as local escalation with user privileges needed. Affected Andro...

7CVSS6.9AI score0.00155EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.130 views

CVE-2021-0967

CVE-2021-0967 : In vorbis_book_decodev_set of codebook.c there is a missing bounds check causing an out-of-bounds write. This could lead to remote information disclosure on Android devices running Android-10/11/12/9. Exploitation requires user interaction. The issue is within the Media/Codecs pat...

9.3CVSS7.6AI score0.01012EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.130 views

CVE-2021-39627

CVE-2021-39627 describes a permissions bypass in Android via an unsafe PendingIntent in LegacyModeSmsHandler.java (sendLegacyVoicemailNotification). Affected: Android 9–12 (Android-9, -10, -11, -12). Root cause: unsafe PendingIntent may allow elevation of privileges within a privileged process. I...

7.8CVSS7.7AI score0.00128EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.130 views

CVE-2021-39629

CVE-2021-39629 is a race condition in phTmlNfc_Init/phTmlNfc_CleanUp that can cause a use-after-free, enabling local elevation of privilege without extra execution privileges or user interaction. Affected product: Android devices using phTmlNfc (component phTmlNfc.cc). Reported impact in the init...

7CVSS7AI score0.00092EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.130 views

CVE-2022-20142

CVE-2022-20142 affects Android (10, 11, 12, 12L) where the issue resides in GeofenceHardwareRequestParcelable.java: createFromParcel, causing an arbitrary code execution due to a parcel mismatch and enabling local privilege escalation with no extra privileges or user interaction. Connected source...

7.8CVSS7.9AI score0.00228EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.130 views

CVE-2022-20417

CVE-2022-20417 describes an out-of-bounds write in the Android framework: in audioTransportsToHal of HidlUtils.cpp, caused by an incorrect bounds check, enabling local elevation of privilege with no user interaction. Affected: Android 12, 12L, and 13. The connected documents do not provide a conc...

7.8CVSS7.7AI score0.00098EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.130 views

CVE-2022-20487

CVE-2022-20487 affects Android 10–13: In NotificationChannel.java, a possible failure to persist permissions settings due to resource exhaustion could enable local privilege escalation with no extra execution privileges or user interaction. CVSSv3.1 metrics indicate Local attack, Low privileges r...

7.8CVSS7.6AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.130 views

CVE-2022-20568

CVE-2022-20568 describes a use-after-free in the Android kernel that could corrupt kernel memory and enable local escalation of privileges without user interaction; exploitation is reported as local, with no additional privileges or interaction required. The connected security bulletins (EulerOS/...

7.8CVSS7.8AI score0.00209EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.130 views

CVE-2022-47335

CVE-2022-47335 is described across multiple sources as a vulnerability in Android Unisoc components, with the root cause being a missing permission check in the telecom service. This could allow a local attacker with low privileges and no user interaction to induce a denial of service on the affe...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.130 views

CVE-2022-47460

CVE-2022-47460 describes a memory corruption via a use-after-free in the GPU device that can lead to local denial of service in the kernel. The connected records corroborate a kernel-level use-after-free affecting GPU-related paths and kernel space, with the impact explicitly stated as local DoS....

5.5CVSS5.5AI score0.00088EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.130 views

CVE-2023-20957

CVE-2023-20957 describes a possible bypass of Factory Reset Protections in Android via the onAttach method of SettingsPreferenceFragment.java, caused by a confused deputy. The impact is local elevation of privilege with no extra execution privileges required, and exploitation is described as requ...

7.8CVSS7.7AI score0.00088EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.130 views

CVE-2023-21091

The CVE-2023-21091 entry affects Android 13 and involves the canDisplayLocalUi path in AppLocalePickerActivity.java. The underlying issue is a missing permission check that could allow changing system app locales, enabling a local denial of service across user boundaries. Exploitation is describe...

5.5CVSS5.3AI score0.00083EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.130 views

CVE-2023-21120

CVE-2023-21120 affects Android components, notably cdm_engine.cpp, where a use-after-free caused by improper locking could enable local privilege escalation with no required user interaction. The vulnerability is documented across multiple feeds (NVD/Red Hat/NCSC/OSV) with Android context; exploi...

7.8CVSS7.7AI score0.00072EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.130 views

CVE-2023-21141

CVE-2023-21141 affects Android 11–13 and is linked to a permissions bypass that allows access to developer mode traces, enabling local information disclosure without additional execution privileges. The vulnerability is described as an information disclosure (ID) issue with local attack vector an...

5.5CVSS5.1AI score0.00083EPSS
CVE
CVE
added 2023/08/14 9:8 p.m.130 views

CVE-2023-21292

CVE-2023-21292 affects Android’s ActivityManagerService.openContentUri, where a confused deputy could allow a third-party app to access restricted files and disclose information locally without extra execution privileges and with no user interaction. The vulnerability is described in Android’s CV...

5.5CVSS5.1AI score0.0009EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.130 views

CVE-2023-40081

The CVE-2023-40081 entry describes an information-disclosure flaw in Android: in loadMediaDataInBgForResumption inside MediaDataManager.kt, a confused-deputy allows viewing another user’s images (no extra execution privileges, no user interaction required). Several connected advisories confirm th...

5.5CVSS5.1AI score0.00117EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.130 views

CVE-2024-0024

The CVE-2024-0024 issue affects Android’s UserManagerService.java, where improper input validation can cause a failure to persist or enforce user restrictions. This can enable local privilege escalation, requiring user interaction to exploit. Public references in the provided documents (Android/O...

7.8CVSS7AI score0.00111EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.130 views

CVE-2024-34740

CVE-2024-34740 affects Android frameworks where BinaryXmlSerializer.java writes byte arrays in attributeBytesBase64/attributeBytesHex. The root cause is an integer overflow when serializing a length (e.g., 65536) via writeShort, causing the length to wrap to zero and the bytes to be misinterprete...

7.8CVSS7.2AI score0.00147EPSS
CVE
CVE
added 2020/04/10 6:49 p.m.129 views

CVE-2015-9547

CVE-2015-9547 describes an information-disclosure issue on Samsung mobile devices running JBP(4.3) and KK(4.4.2). The vulnerability stems from mishandling the READ_LOGS permission, causing sensitive data to be exposed in a world-readable log copy if the error messages include, for example, “Unhan...

7.8CVSS7.4AI score0.00486EPSS
CVE
CVE
added 2022/05/10 8:17 p.m.129 views

CVE-2022-20120

CVE-2022-20120 is a bootloader remote code execution vulnerability affecting Android Pixel devices. The Pixel Update Bulletin Groups this CVE under Bootloader with a Critical severity and indicates that security patch levels of 2022-05-05 or later address the issue. The available documents provid...

10CVSS8.5AI score0.01301EPSS
CVE
CVE
added 2022/07/13 6:21 p.m.129 views

CVE-2022-20216

CVE-2022-20216 concerns an Android risk where the exported attribute is used to grant third‑party app access permissions; the default intent-filter is true and com.sprd.firewall has set exported to true. The vulnerability is tied to Android devices with a vulnerable Telephony/OSC component (Andro...

10CVSS9AI score0.00515EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.129 views

CVE-2023-20602

CVE-2023-20602 affects the MediaTek ged component in MediaTek devices. The issue is a vulnerability in ged caused by an integer overflow leading to an out-of-bounds write. This can enable local escalation of privilege with System execution privileges required; no user interaction is needed for ex...

6.7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2023/02/15 12:0 a.m.129 views

CVE-2023-20927

CVE-2023-20927 affects Android 13 (and related AAOS/Android Automotive OS entries) where a permissions bypass in AndroidManifest.xml could grant signature permissions, enabling local privilege escalation with no user interaction. Vulnerable component is AndroidManifest.xml permission handling; ro...

7.8CVSS7.7AI score0.00086EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.129 views

CVE-2023-20993

CVE-2023-20993 affects Android 11–13 via SnoozeHelper.java, where an uncaught exception can cause a failure to persist settings, enabling local elevation of privilege with no extra execution privileges and no user interaction required. The vulnerability is documented across multiple sources (NVD,...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.129 views

CVE-2023-35677

CVE-2023-35677 describes a DoS vulnerability in Android where, in the onCreate path of DeviceAdminAdd.java, a missing permission check could allow a device admin to be forcibly added. This enables local denial of service (factory reset or persistent locking) without extra execution privileges and...

5.5CVSS5.4AI score0.00093EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.129 views

CVE-2023-40091

CVE-2023-40091 affects Android via the IncidentService.cpp onTransact path, where a memory corruption leads to a possible out-of-bounds write. This could allow local escalation of privilege with no extra execution privileges or user interaction required. The description is consistently reported a...

7.8CVSS7.8AI score0.00126EPSS
CVE
CVE
added 2020/04/10 6:54 p.m.128 views

CVE-2015-9546

CVE-2015-9546 affects Samsung mobile devices running KK(4.4) and later through 2015-06-16. The issue arises when HTTP is used for an Inputmethod instead of HTTPS, allowing a man-in-the-middle to modify the client–server data stream and insert directory traversal sequences into an extracted file p...

5.8CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.128 views

CVE-2016-0823

The CVE-2016-0823 entry concerns the Linux kernel vulnerability in which pagemap_open (fs/proc/task_mmu.c) on kernels before 3.19.3, including Android 6.0.1 before 2016-03-01, can let a local user read pagemap data to obtain sensitive physical-address information. This is triggered by reading the...

4CVSS5.3AI score0.00305EPSS
Total number of security vulnerabilities8153