Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/12/06 2:0 p.m.128 views

CVE-2017-13167

CVE-2017-13167 is described as an elevation of privilege vulnerability in the kernel sound timer affecting the Android kernel. The provided connected document notes the product as Android and versions as the Android kernel, with Android ID A-37240993. The Unity Linux/UTSA advisories reference thi...

7.8CVSS7.3AI score0.00191EPSS
CVE
CVE
added 2020/09/17 3:27 p.m.128 views

CVE-2020-0383

CVE-2020-0383 affects Android Media Framework (Parse_ins in eas_mdls.c). The issue is an out-of-bounds write due to a missing bounds check, enabling remote information disclosure in the media extractor process with no extra execution privileges required. Impact is shown as partial confidentiality...

5.5CVSS5.3AI score0.00645EPSS
CVE
CVE
added 2020/10/14 1:5 p.m.128 views

CVE-2020-0408

CVE-2020-0408: A local EoP in Android’s runtime due to an out-of-bounds write caused by an integer overflow in String16.cpp. Affected: Android versions 8.0–11 (Android Runtime component). Exploitation would require local access with no user interaction; impact is potentially arbitrary code execut...

7.8CVSS7.7AI score0.00192EPSS
CVE
CVE
added 2020/12/14 9:51 p.m.128 views

CVE-2020-0458

CVE-2020-0458 affects the Android Media Framework, specifically the SPDIFEncoder.cpp path. The issue is a possible out-of-bounds write caused by an integer overflow in SPDIFEncoder::writeBurstBufferBytes and related methods, leading to remote code execution with no extra privileges. Public detail...

9.3CVSS8AI score0.0146EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.128 views

CVE-2021-0312

CVE-2021-0312 involves WAVSource::read in WAVExtractor.cpp. Root cause: integer overflow causing an out-of-bounds write. Impact: remote information disclosure without extra execution privileges; requires user interaction to exploit. Affected Android versions: 8.0–11 (Android 8.0, 8.1, 9, 10, 11)....

7.1CVSS6.2AI score0.01098EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.128 views

CVE-2021-0327

CVE-2021-0327 affects Android (Android-9, Android-10, Android-11, Android-8.1) via getContentProviderImpl in ActivityManagerService, enabling a local privilege bypass due to non-restored binder identities. This could lead to local escalation of privilege without extra execution privileges or user...

7.8CVSS7.7AI score0.00259EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.128 views

CVE-2021-0333

CVE-2021-0333 affects Android BluetoothPermissionActivity.java, where a tapjacking overlay during device pairing can bypass the phonebook permissions dialog. This enables local privilege escalation with user interaction required, across Android 8.1–11. The issue is documented in multiple sources ...

7.3CVSS7.2AI score0.00302EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.128 views

CVE-2021-0476

CVE-2021-0476 describes a local elevation-of-privilege vulnerability due to a race condition causing a use-after-free in FindOrCreatePeer (btif_av.cc). Affected: Android 11, 10, 9. Exploitation requires local access with no user interaction; impact is escalation to a privileged context with high ...

7CVSS7AI score0.00183EPSS
CVE
CVE
added 2021/07/14 1:46 p.m.128 views

CVE-2021-0587

CVE-2021-0587 affects Android’s Media Framework. The issue involves an out-of-bounds write via a use-after-free in the media path (StreamOut.cpp), enabling local escalation of privilege with no user interaction required. Vulnerable Android versions include 8.1–11; the Android Security Bulletin in...

7.8CVSS7.8AI score0.0014EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.128 views

CVE-2021-39622

CVE-2021-39622 affects Google GBoard on Android 10–12, where a missing permission check allows bypassing Factory Reset Protection, enabling local elevation of privilege without user interaction. The NVD entry lists the impact as local privilege escalation with complete confidentiality/integrity/a...

7.8CVSS7.6AI score0.00124EPSS
CVE
CVE
added 2022/07/13 6:21 p.m.128 views

CVE-2022-20217

CVE-2022-20217 stems from an authorization weakness in Android’s SprdContactsProvider, enabling a third-party app to trigger an unauthorized broadcast that could delete FDN contacts. Connected sources (PT-2022-4134, NVD entry) confirm the vulnerability in SprdContactsProvider with Android telepho...

6.5CVSS6.3AI score0.00296EPSS
CVE
CVE
added 2023/08/14 8:48 p.m.128 views

CVE-2023-20965

CVE-2023-20965 is a high-severity Android issue in the WiFi stack (ClientModeImpl.java TOFU flow) that could disclose credentials and enable remote elevation of privilege without user interaction. The NVD notes a 9.8 CVSS v3.1 score (Network, None PR, high impact). Public references in the provid...

9.8CVSS9.1AI score0.00639EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.128 views

CVE-2023-20971

CVE-2023-20971 affects the Android Framework in PermissionManagerServiceImpl.java (removePermission) where a logic error could allow obtaining dangerous permissions without user consent, enabling local elevation of privilege with no extra execution privileges and no user interaction needed. The i...

7.8CVSS7.7AI score0.00105EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.128 views

CVE-2023-21084

CVE-2023-21084 affects Android 13, with the flaw in the buildPropFile of filesystem.go caused by an insecure hash from improper crypto usage. The impact is local elevation of privilege (EoP) with system-level execution privileges required and no user interaction. Public details in the provided do...

6.7CVSS6.6AI score0.0009EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.128 views

CVE-2023-40087

CVE-2023-40087 affects Android Bluetooth code in transcodeQ*ToFloat (btif_avrcp_audio_track.cc) with a missing bounds check, causing an out-of-bounds write and potential elevation of privilege on a paired device. No user interaction required. Documents note this issue and reference Android patch ...

8.8CVSS8.7AI score0.00237EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.128 views

CVE-2023-45774

CVE-2023-45774 affects the Android Shortcuts framework: In fixUpIncomingShortcutInfo of ShortcutService.java, an attacker could view another user’s image due to a confused deputy, enabling local elevation of privilege with no user interaction. Exploitation status is not detailed in the provided d...

7.8CVSS7.7AI score0.00124EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.128 views

CVE-2025-20645

The CVE-2025-20645 issue affects MediaTek components (KeyInstall) and is caused by a missing bounds check, leading to a possible out-of-bounds write. This could enable local privilege escalation for an attacker with System privileges, with no user interaction required. A patch is available (ALPS0...

7.8CVSS7.1AI score0.0009EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.127 views

CVE-2015-6644

CVE-2015-6644 : The vulnerability concerns Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01. A crafted application can cause the library to leak sensitive information, enabling an attacker who can force a user to run a malicious app to obtain private data. The connected docu...

4.3CVSS3.4AI score0.00934EPSS
CVE
CVE
added 2020/08/11 7:27 p.m.127 views

CVE-2020-0240

CVE-2020-0240 is an Android Framework vulnerability for Android 10, caused by an out-of-bounds write in NewFixedDoubleArray within factory.cc due to an integer overflow. It could enable remote code execution and requires user interaction for exploitation, with network-based access as the attack v...

9.3CVSS8.8AI score0.021EPSS
CVE
CVE
added 2020/09/17 3:29 p.m.127 views

CVE-2020-0245

CVE-2020-0245 is a Media Framework issue in Android (DecodeFrameCombinedMode in combined_decode.cpp) causing a heap-based out-of-bounds write that could disclose information remotely. Affected Android versions include 8.0, 8.1, 9, 10, and 11. The CVSS vectors indicate high severity with network a...

9.3CVSS8.1AI score0.02053EPSS
CVE
CVE
added 2021/01/11 9:48 p.m.127 views

CVE-2021-0301

CVE-2021-0301 affects the Android ged component. The root cause is a missing bounds check that allows an out-of-bounds write, leading to local escalation of privilege with System-level execution privileges required. Exploitation does not require user interaction. Multiple connected sources (NVD, ...

6.7CVSS6.7AI score0.00158EPSS
CVE
CVE
added 2021/04/13 6:18 p.m.127 views

CVE-2021-0433

CVE-2021-0433 affects Android 8.1–11. The issue is a tapjacking/overlay bypass in DeviceChooserActivity.java that lets an attacker bypass the consent dialog when pairing a Bluetooth device, enabling local escalation of privilege and pairing with a malicious device without extra privileges. Exploi...

8CVSS7.8AI score0.00551EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.127 views

CVE-2021-0690

CVE-2021-0690 is an Android vulnerability describing an out-of-bounds write (heap buffer overflow) in ih264d_parse_pslice.c that could cause remote information disclosure without extra privileges. Affected Android versions include 8.1, 9, 10, and 11. The issue is exploitable via network-like cond...

6.5CVSS6.4AI score0.00778EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.127 views

CVE-2021-0959

CVE-2021-0959 is a local elevation-of-privilege vulnerability in Android 12 affecting jit_memory_region.cc. The flaw enables bypassing memory restrictions due to a logic error, allowing a local attacker to gain higher privileges without user interaction. Exploitation is described as requiring loc...

7.8CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.127 views

CVE-2021-39717

CVE-2021-39717 affects the Android kernel component iaxxx-btp.c (function iaxxx_btp_write_words). The issue is an out-of-bounds read caused by an incorrect bounds check, leading to local information disclosure with System privileges required. No exploitation details or user interaction informatio...

4.4CVSS4.3AI score0.00107EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.127 views

CVE-2021-39718

CVE-2021-39718 concerns the Android kernel component ProtocolStkProactiveCommandAdapter (file protocolstkadapter.cpp). A possible out-of-bounds write caused by an incorrect bounds check is reported, which could enable local escalation of privilege with System execution privileges needed. Exploita...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.127 views

CVE-2022-20238

CVE-2022-20238 describes a kernel memory mapping flaw in Android where remap_pfn_range can map memory outside the intended region because vma->vm_page_prot is user-controllable. The result is a potential writable mapping of kernel memory, enabling exploitation per several sources (Android kern...

10CVSS8.8AI score0.00515EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.127 views

CVE-2022-32636

The CVE-2022-32636 issue, attributed to MediaTek’s keyinstall, is a local-privilege-escalation vulnerability caused by an integer overflow that leads to an out-of-bounds write. Exploitation is described as requiring local access with no user interaction. The vulnerability affects MediaTek’s keyin...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.127 views

CVE-2023-21087

CVE-2023-21087 affects Android 11–13, with the root cause described as an uncaught exception in PreferencesHelper.java that can cause a boot loop. The consequence is a local persistent DoS without requiring user interaction. Connected sources repeatedly reference the same underlying issue and not...

5.5CVSS5.3AI score0.0009EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.127 views

CVE-2023-35665

CVE-2023-35665 describes a local elevation-of-privilege in Android where a missing permission check across multiple files allows importing a contact from another user. The issue enables privilege escalation without additional execution privileges and without user interaction. The connected source...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.127 views

CVE-2023-40078

CVE-2023-40078 describes a possible out-of-bounds write caused by a heap buffer overflow in the Android a2dp_vendor_opus_decoder_decode_packet function. This can enable paired-device escalation of privilege without user interaction. Affected context is the A2DP Opus decoder path in Android Blueto...

9.8CVSS9.3AI score0.00524EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.127 views

CVE-2023-40095

CVE-2023-40095 describes a likely local elevation of privilege in Android Framework due to a missing check in PendingIntentUtils.createDontSendToRestrictedAppsBundle. Exploitation does not require user interaction and could enable background activity launches on affected devices. Connected source...

7.8CVSS7.7AI score0.00126EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.127 views

CVE-2023-40097

CVE-2023-40097 affects Android’s PackageManagerHelper.hasPermissionForActivity inside the framework. The flaw is an input-validation issue that can allow a URI grant, causing local elevation of privilege with no extra execution privileges required; exploitation requires user interaction. The publ...

7.8CVSS7.7AI score0.00126EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.127 views

CVE-2024-25990

The CVE-2024-25990 issue affects the Google Pixel Android stack described in multiple sources: the function pktproc_perftest_gen_rx_packet_sktbuf_mode in link_rx_pktproc.c experiences an out-of-bounds write due to a race condition. This vulnerability is claimed to permit local escalation of privi...

6.4CVSS7AI score0.00077EPSS
CVE
CVE
added 2020/09/17 3:25 p.m.126 views

CVE-2020-0381

CVE-2020-0381 affects Android, with the vulnerability located in Media Framework (Parse_wave of eas_mdls.c). The issue is an out-of-bounds write caused by an integer overflow, enabling remote information disclosure in a highly constrained process without requiring user interaction. Affected Andro...

7.5CVSS7.1AI score0.01494EPSS
CVE
CVE
added 2020/10/14 1:3 p.m.126 views

CVE-2020-0398

CVE-2020-0398 affects Android 10 and 11, relating to updateMwi in NotificationMgr.java. A PendingIntent error allows a permission bypass that could cause local information disclosure without user interaction; exploitation requires User execution privileges but not explicit user action. Affected c...

5.5CVSS5AI score0.00194EPSS
CVE
CVE
added 2020/11/10 12:48 p.m.126 views

CVE-2020-0409

CVE-2020-0409 affects Android (Android-8.0/8.1/9/10). The issue is an out-of-bounds write in FileMap.cpp caused by an integer overflow in create(), enabling local elevation of privilege with no user interaction. In the public docs, severity is high for local access with partial confidentiality/ i...

7.8CVSS7.7AI score0.00248EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.126 views

CVE-2020-0471

CVE-2020-0471 in Android concerns a flaw in reassemble_and_dispatch of packet_fragmenter.cc that could allow injecting packets into an encrypted Bluetooth connection due to improper input validation. This enables remote escalation of privilege between two Bluetooth devices by a proximal attacker ...

9.8CVSS9AI score0.0159EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.126 views

CVE-2021-0510

CVE-2021-0510 affects Android's CryptoPlugin.cpp (decrypt_1_2) where an integer overflow can cause an out-of-bounds write. This is described as enabling local privilege escalation with no user interaction. Affected Android versions per the entry are Android 8.1, 9, 10, and 11 (Android-8.1, Androi...

7.8CVSS7.7AI score0.00218EPSS
CVE
CVE
added 2021/08/17 6:29 p.m.126 views

CVE-2021-0639

CVE-2021-0639 affects Android/Widevine through libl3oemcrypto.cpp. Described as a local information disclosure due to weaknesses in the obfuscation/handling of sensitive data; requires no user interaction. Documented impact is partial confidentiality loss with local access and no privileges beyon...

5.5CVSS5.1AI score0.00117EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.126 views

CVE-2021-39723

CVE-2021-39723 affects Google Pixel devices and is listed in the Pixel March 2022 bulletin as a Critical RCE in the Modem component. Patch levels 2022-03-05 address issues in that bulletin. The provided documents do not include public exploit details or specific root-cause/affected kernel version...

10CVSS9AI score0.00498EPSS
CVE
CVE
added 2022/07/06 1:5 p.m.126 views

CVE-2022-21764

CVE-2022-21764 concerns a vulnerability in the telecom service where a missing permission check can lead to local information disclosure. The underlying issue is an inadequate access control in the telecom subsystem, allowing an attacker with local access to read sensitive data without executing ...

5.5CVSS5.1AI score0.00099EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.126 views

CVE-2022-32602

CVE-2022-32602 is described as an out-of-bounds read in the Mediatek keyinstall component caused by a missing bounds check. This could lead to local information disclosure with no authentication or user interaction required. The CVSS data indicates a LOCAL attack vector, LOW privileges, and HIGH ...

5.5CVSS5AI score0.00129EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.126 views

CVE-2022-32637

CVE-2022-32637 affects the hevc decoder (MediaTek components) with a missing bounds check causing an out-of-bounds write. This can enable local privilege escalation to System level with no user interaction required. The patch identified is ALPS07491374 (Issue ID ALPS07491374). Exploitation detail...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.126 views

CVE-2022-47339

CVE-2022-47339 describes a local OS command injection in the cmd_services component due to missing permission checks, enabling local privilege escalation to a root/system level on affected Unisoc/Android devices. The CVSS vector indicates LOCAL access, low attack complexity, but HIGH privileges r...

6.7CVSS7AI score0.00268EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.126 views

CVE-2023-20655

CVE-2023-20655 stems from a parcel format mismatch in MediaTek’s mmsdk, enabling local privilege escalation and potential local code execution without extra privileges or user interaction. Severity is rated high (CVSSv3.1: 7.8; LOCAL attack, LOW complexity, HIGH impact on confidentiality, integri...

7.8CVSS7.8AI score0.00086EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.126 views

CVE-2023-20694

CVE-2023-20694 affects MediaTek preloader for MT6880/MT6890. The issue is an out-of-bounds write caused by a missing bounds check in the preloader, enabling local escalation of privilege with System execution privileges required; no user interaction is needed. A patch is available (ALPS07733998 /...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.126 views

CVE-2023-21144

The CVE-2023-21144 entry affects Android 11–13 and involves a DoInBackground() path in NotificationContentInflater.java. The vulnerability is a temporary denial of service caused by long-running operations, enabling remote DoS without extra privileges or user interaction. The Red Hat/CNVD/PRION/N...

7.5CVSS7.4AI score0.00741EPSS
CVE
CVE
added 2023/07/12 11:29 p.m.126 views

CVE-2023-21246

CVE-2023-21246 affects Android’s ShortcutInfo.java. The issue: an uncaught exception could allow an app to retain notification listening access, enabling local elevation of privilege with no extra execution privileges and no user interaction required. Public details in NVD/NVD-linked entries conf...

3.3CVSS4.3AI score0.00174EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.126 views

CVE-2023-35666

This CVE (CVE-2023-35666) affects the Android Bluetooth stack: specifically in the bta_av_rc_msg handling within bta_av_act.cc. The vulnerability is a use-after-free caused by a logic error, leading to local elevation of privilege without requiring user interaction. The exploitation is categorize...

7.8CVSS7.8AI score0.00091EPSS
Total number of security vulnerabilities8153