Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/07/12 11:29 p.m.126 views

CVE-2023-21246

CVE-2023-21246 affects Android’s ShortcutInfo.java. The issue: an uncaught exception could allow an app to retain notification listening access, enabling local elevation of privilege with no extra execution privileges and no user interaction required. Public details in NVD/NVD-linked entries conf...

3.3CVSS4.3AI score0.00174EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.126 views

CVE-2023-40075

CVE-2023-40075 affects Android and is caused by a missing bounds check in the forceReplaceShortcutInner method of ShortcutPackage.java, allowing registration of unlimited packages. This leads to a local denial-of-service condition and a boot loop, with no additional execution privileges required....

5.5CVSS5.3AI score0.00115EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.126 views

CVE-2023-40079

CVE-2023-40079 affects Android frameworks (ShortcutService.java: injectSendIntentSender) where a permissions bypass may allow a background activity launch, leading to local privilege escalation without user interaction. The issue is documented as an Elevation of Privilege (EoP) with high impact. ...

7.8CVSS7.7AI score0.00127EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.126 views

CVE-2024-20024

CVE-2024-20024 concerns the MediaTek flashc module where an out-of-bounds write arises from insufficient input validation. The vulnerability can enable local escalation of privilege to System execution privileges without user interaction. Public documentation consistently lists the issue as affec...

6CVSS6.9AI score0.00102EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.126 views

CVE-2024-22005

CVE-2024-22005 affects Google Pixel devices, categorized under the Pixel bulletin as a WLAN-related Elevation of Privilege vulnerability. The root cause is described as an authentication bypass due to improperly used cryptography, enabling local privilege escalation without user interaction. No p...

8.4CVSS7AI score0.00097EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.126 views

CVE-2024-34739

CVE-2024-34739 concerns a logic error in shouldRestrictOverlayActivities within UsbProfileGroupSettingsManager.java, potentially allowing local escalation of privilege in Android’s framework. The vulnerability description is consistent across multiple sources (NVD, Red Hat advisory, CNVD, OSV, et...

7.8CVSS6.8AI score0.00189EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.126 views

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a potential information disclosure across users due to a confused deputy. This could cause local information disclosure without requiring additional execution privileges, and exploitation requires user interaction. The v...

5.5CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.125 views

CVE-2016-2434

CVE-2016-2434 affects NVIDIA Tegra kernel driver (NVHOST) on Android/Nexus 9. An attacker can write an arbitrary value to an arbitrary location, leading to privilege escalation in the kernel. The issue is tied to the NVIDIA video driver in Android before 2016-05-01. Impact is described as local p...

9.3CVSS7.4AI score0.0125EPSS
CVE
CVE
added 2016/08/30 5:0 p.m.125 views

CVE-2016-5344

CVE-2016-5344 affects the MDSS driver in the Linux kernel 3.x, used in Qualcomm QuIC Android MSM contributions. The root cause is multiple integer overflows triggered by large size values in mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c, potentially causing denial of service and possibly oth...

9.8CVSS9.2AI score0.01734EPSS
CVE
CVE
added 2020/09/17 3:47 p.m.125 views

CVE-2020-0394

CVE-2020-0394 describes a tapjacking vulnerability in Android’s BluetoothPairingDialog.java, triggered in onCreate, due to an insecure default value. Affects Android 8.0–11; impact is local elevation of privilege with untrusted devices potentially accessing contact lists, requiring user interacti...

7.8CVSS7.7AI score0.0027EPSS
CVE
CVE
added 2020/10/14 1:7 p.m.125 views

CVE-2020-0412

CVE-2020-0412 affects Android where in setProcessMemoryTrimLevel of ActivityManagerService.java a missing permission check could allow local information disclosure of foreground processes without extra privileges. Affected Android versions include 8.0–11 (Android-8.0/8.1/9/10/11). The issue is cl...

3.3CVSS3.6AI score0.0016EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.125 views

CVE-2021-0325

CVE-2021-0325 (Android Media Framework) : A remote code execution vulnerability exists due to an out-of-bounds write (heap buffer overflow) in ih264d_parse_pslice.c. It affects Android 8.1, 9, 10 and 11 and can be exploited with user interaction. CVSS v3 base score is 8.8 (HIGH) with NETWORK atta...

9.3CVSS8.9AI score0.02046EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.125 views

CVE-2021-0576

CVE-2021-0576 is described as an out-of-bounds write in the Android flv extractor caused by a missing bounds check, allowing local elevation of privilege with no user interaction. The issue affects Android’s flv extractor component; exploitation is local and could impact devices where the vulnera...

7.8CVSS7.7AI score0.00118EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.125 views

CVE-2021-0581

CVE-2021-0581 affects the Android Wi-Fi driver (Android SoC) and is described as an out-of-bounds read caused by a missing bounds check, enabling remote information disclosure to a proximal attacker without extra privileges or user interaction. The issue is documented across multiple feeds (NVD, ...

6.5CVSS6.1AI score0.00297EPSS
CVE
CVE
added 2021/07/14 1:44 p.m.125 views

CVE-2021-0599

CVE-2021-0599 : Android information disclosure in NotificationRecord.scheduleTimeoutLocked. Affected: Android 8.1, 9, 10, 11. Root cause: broadcasted intent leaks a sensitive identifier due to a confused deputy, enabling local information disclosure without extra privileges or user interaction. I...

5.5CVSS5.1AI score0.00131EPSS
CVE
CVE
added 2022/08/24 1:35 p.m.125 views

CVE-2021-0698

CVE-2021-0698 involves a leak of kernel heap content in PVRSRVBridgeHeapCfgHeapDetails due to uninitialized data, enabling local information disclosure without extra privileges or user interaction. Affected component/driver appears to be PowerVR-GPU (Imagination Technologies) within Android envir...

5.5CVSS5AI score0.00093EPSS
CVE
CVE
added 2021/10/22 1:26 p.m.125 views

CVE-2021-0708

CVE-2021-0708 in Android is described as a local elevation-of-privilege flaw caused by a confused deputy in ActivityManagerShellCommand.java (runDumpHeap). The issue enables deletion of system files and privilege escalation without additional execution privileges, with no user interaction require...

7.8CVSS7.3AI score0.00145EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.125 views

CVE-2021-0953

CVE-2021-0953 affects Android 9–12. The issue is in SearchWidgetProvider.setOnClickActivityIntent, where an unsafe PendingIntent could allow access to contacts and history bookmarks without permission, enabling local privilege escalation with no user interaction required. Android patch levels 202...

7.8CVSS7.7AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.125 views

CVE-2021-0971

CVE-2021-0971 affects Google Android Media Framework: specifically MPEG4Source::read in MPEG4Extractor.cpp, where an out-of-bounds write can occur due to a missing bounds check. This can lead to remote information disclosure. The vulnerability is described for Android 9–12, with exploitation requ...

6.5CVSS6.2AI score0.00649EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.125 views

CVE-2023-32832

CVE-2023-32832 describes a local race condition in the Mediatek mtk_jpeg (MediaTek JPEG decoding) driver used on MTK-based Android devices (e.g., Xiaomi 11T and Asus ROG 6D). The vulnerability arises during memory/ DMA buffer handling in the JPEG hybrid decoding path, enabling a race between jpeg...

7CVSS7.1AI score0.00106EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.125 views

CVE-2023-40136

The CVE-2023-40136 entry corresponds to a local information disclosure in Android via DialogFillUi.java setHeader, caused by a confused deputy that allows viewing another user’s images without extra privileges or user interaction. Connected sources (including PT-Security PT-2023-27288 and Android...

3.3CVSS3.6AI score0.00088EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.125 views

CVE-2023-45779

CVE-2023-45779 affects the AOSP APEX module framework. The root cause is the improper use of crypto, enabling a malicious update to platform components and resulting in local privilege escalation with no extra execution privileges required. No user interaction is needed for exploitation. The vuln...

7.8CVSS7.7AI score0.00333EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.125 views

CVE-2024-31315

In Android, CVE-2024-31315 affects the ManagedServices.java implementation, where improper input validation in multiple functions could enable hiding an app with notification access via the Device & app notifications settings. The vulnerability is described as enabling local elevation of privileg...

7.8CVSS6.8AI score0.00117EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.125 views

CVE-2024-31319

CVE-2024-31319 affects Android Framework (NotificationManagerService.java). A cross-user data leak caused by a confused deputy could lead to local escalation of privilege with no extra execution privileges required. Exploitation is described as local and independent of user interaction. Public de...

8.4CVSS6.8AI score0.0017EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.125 views

CVE-2024-34722

CVE-2024-34722 is an Android BLE legacy-pairing authentication bypass caused by an incorrect protocol implementation in smp_proc_rand of smp_act.cc. The issue enables remote elevation of privilege with no extra privileges or user interaction, as described across multiple sources (NVD, Red Hat CVE...

8.8CVSS7.4AI score0.00251EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.125 views

CVE-2024-34736

CVE-2024-34736 affects Android’s media stack, specifically the StagefrightRecorder.cpp setupVideoEncoder. When B-frame support is enabled, there is a potential for asynchronous playback that can enable local elevation of privilege without requiring additional execution privileges or user interact...

7.8CVSS6.8AI score0.00085EPSS
CVE
CVE
added 2025/04/07 3:14 a.m.125 views

CVE-2025-20655

CVE-2025-20655 concerns a missing bounds check in keymaster that enables a possible out-of-bounds read and local information disclosure when the attacker already has System privileges. According to public descriptions, the vulnerability is exploitable without user interaction and is classified wi...

5.3CVSS5.7AI score0.00079EPSS
CVE
CVE
added 2019/06/19 7:50 p.m.124 views

CVE-2019-1985

CVE-2019-1985 affects Android Framework: In TextServicesManagerService.findAvailSpellCheckerLocked, there is a permissions bypass that can bypass the warning dialog when selecting an untrusted spell checker. This could allow local elevation of privilege with no additional privileges and without u...

7.8CVSS7.7AI score0.00199EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.124 views

CVE-2019-1999

CVE-2019-1999 is evidenced in connected Nessus advisories for Unity Linux kernel updates (UTSA-2026-003839/004335/000386). The issue is in binder_alloc_free_page in binder_alloc.c, causing a possible double free due to improper locking. This can lead to local escalation of privilege in the kernel...

7.8CVSS7.5AI score0.00788EPSS
CVE
CVE
added 2020/09/17 3:40 p.m.124 views

CVE-2020-0382

CVE-2020-0382 affects Android 10/11. In RunInternal of dumpstate.cpp, an uncaught exception enables a possible user-consent bypass, allowing local disclosure of bug report data with System privileges. No user interaction is required for exploitation, and the impact is limited to information discl...

2.3CVSS3.4AI score0.00152EPSS
CVE
CVE
added 2020/12/14 9:50 p.m.124 views

CVE-2020-0464

CVE-2020-0464 affects Android 10; in resolv_cache_lookup (res_cache.cpp) a side-channel enables local information disclosure of accessed web resources without extra privileges or user interaction. The Android Security Bulletin lists this as a High‑impact, local vulnerability with CVSS v3.1 base s...

5.5CVSS4.9AI score0.00159EPSS
CVE
CVE
added 2021/04/13 6:23 p.m.124 views

CVE-2021-0427

CVE-2021-0427 affects Android 11 and is tied to parseExclusiveStateAnnotation in LogEvent.cpp. The vulnerability is a heap buffer overflow that can cause a local escalation of privilege via an out-of-bounds write, with no user interaction required. The issue is documented in the Android security ...

7.8CVSS7.8AI score0.00125EPSS
CVE
CVE
added 2021/04/13 6:17 p.m.124 views

CVE-2021-0438

CVE-2021-0438 describes a tapjacking/overlay risk in Android where an incorrect FLAG_OBSCURED value in InputDispatcher.cpp and WindowManagerService.java can enable local elevation of privilege with user interaction. The description covers affected Android versions (8.1, 9, 10) and notes exploitat...

7.8CVSS7.7AI score0.00134EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.124 views

CVE-2021-0520

CVE-2021-0520 describes a use-after-free due to a race condition in MemoryFileSystem.cpp and related files, enabling local escalation of privilege with no additional execution privileges or user interaction. Affected: Android (Android-11 and Android-10 per the Initial document). The vulnerability...

7CVSS7AI score0.00175EPSS
CVE
CVE
added 2021/07/14 1:44 p.m.124 views

CVE-2021-0588

CVE-2021-0588 describes an information-disclosure flaw in Android’s System component where processInboundMessage in MceStateMachine.java can disclose SMS-related data due to a missing permission check. Exploitation is local (no user interaction required) and could occur on affected versions (Andr...

5.5CVSS5AI score0.00131EPSS
CVE
CVE
added 2021/07/14 1:45 p.m.124 views

CVE-2021-0600

CVE-2021-0600 affects Android devices (Android 8.1–11) with an elevation-of-privilege vulnerability in DeviceAdminAdd.java. The issue arises from improper input validation that could mislead a user into activating a device admin app, enabling local privilege escalation without additional privileg...

7.8CVSS7.6AI score0.00362EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.124 views

CVE-2021-0653

Technical details for CVE-2021-0653 are not publicly provided in the connected documents. The initial description notes a local information disclosure due to a missing permission check in NetworkPolicyManagerService. Monitor for official advisories and patches.

5.5CVSS5.1AI score0.00115EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.124 views

CVE-2021-0684

CVE-2021-0684 is an Android local privilege escalation affecting Android 8.1, 9, 10, and 11. The issue is described as an out-of-bounds write caused by a use-after-free in TouchInputMapper::sync, enabling a local attacker to escalate privileges without user interaction. Exploitation, if any, is n...

7.8CVSS7.7AI score0.00118EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.124 views

CVE-2021-0701

Summary: CVE-2021-0701 involves the PowerVR kernel driver, specifically the PVRSRVBridgeSyncPrimOpCreate function, where a missing size check can cause an integer overflow leading to out-of-bounds heap access. This could enable local privilege escalation without additional execution privileges an...

9.8CVSS8.7AI score0.00316EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.124 views

CVE-2021-0877

CVE-2021-0877 is linked in connected documents to Imagination Technologies as an issue affecting PowerVR-GPU on Android SoC. The CVE entry carries a high severity (CVSSv3.1 base score 9.8, CRITICAL) with network attack vector, no user interaction, and impact to confidentiality, integrity, and ava...

9.8CVSS9.1AI score0.00292EPSS
CVE
CVE
added 2022/08/24 1:40 p.m.124 views

CVE-2021-0947

CVE-2021-0947 involves a kernel information disclosure in Android's graphics stack. The method PVRSRVBridgeTLDiscoverStreams allocates a heap buffer for streams, fills it via TLServerDiscoverStreamsKM, then copies it to userspace. If TLServerDiscoverStreamsKM fails (e.g., due to invalid sizes), t...

7.5CVSS7.4AI score0.00272EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.124 views

CVE-2021-39648

CVE-2021-39648 affects the Linux kernel gadget code path: the function gadget_dev_desc_UDC_show in configfs.c may disclose kernel heap memory due to a race condition, enabling local information disclosure with SYSTEM privileges (no user interaction required). Publicly documented references in And...

4.1CVSS5.2AI score0.00161EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.124 views

CVE-2021-39735

CVE-2021-39735 involves the Android kernel component gasket_alloc_coherent_memory in gasket_page_table.c, where a race condition can cause memory corruption. The vulnerability enables local escalation of privilege with System execution privileges needed, and exploitation is not dependent on user ...

6.4CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.124 views

CVE-2022-20385

CVE-2022-20385 affects Android and is tied to a nla_parse path that does not validate para length. Userspace can influence nla_type via maxtype (GSCAN_MAX) and trigger OOB access to the policy[type] array. This is described across multiple sources as a kernel/Android issue with potential for loca...

9.8CVSS9AI score0.0036EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.124 views

CVE-2022-22291

Technical details about CVE-2022-22291 are not publicly provided in the connected documents. Available sources summarize a logging-related information disclosure in Samsung telephony, but do not specify affected versions, root cause, exploit details, or patches; monitor for updates.

5.5CVSS5.3AI score0.00105EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.124 views

CVE-2023-20695

CVE-2023-20695 concerns MediaTek preloader on MT6880/6890/6980/6990 devices. The issue is an out-of-bounds write caused by a missing bounds check in the preloader, enabling local escalation of privilege with System execution privileges required; exploitation does not require user interaction. Pub...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.124 views

CVE-2023-21109

CVE-2023-21109 describes a local elevation-of-privilege flaw in Android’s AccessibilityService across multiple Android versions (11–13). The issue arises from a logic error in the AccessibilityService code that could allow an app to hide itself from the user without requiring extra privileges or ...

7.8CVSS7.6AI score0.00127EPSS
CVE
CVE
added 2023/07/12 11:22 p.m.124 views

CVE-2023-21238

CVE-2023-21238 affects Google's Android framework: in RemoteViews.visitUris, a confused-deputy flaw can leak images between users, causing local information disclosure without extra privileges or user interaction. The issue is documented in the 2023-07-01 Android Security Bulletin (Framework sect...

5.5CVSS5.1AI score0.00175EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.124 views

CVE-2023-40074

CVE-2023-40074 affects Google Android via a flaw in PersistableBundle.java (saveToXml): invalid data can cause local persistent denial of service without user interaction. Impacted component: Android framework (PersistableBundle.java). Exploitation is described as local; no in-the-wild exploitati...

5.5CVSS5.4AI score0.00136EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.124 views

CVE-2024-23695

CVE-2024-23695 involves the Android/Linux kernel’s CacheOpPMRExec in cache_km.c, with a reported out-of-bounds write caused by an integer overflow. This can lead to local elevation of privilege with no extra execution privileges or user interaction required. The available connected documents do n...

8.4CVSS6.8AI score0.00104EPSS
Total number of security vulnerabilities8153