Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/03/11 6:55 p.m.124 views

CVE-2024-27228

CVE-2024-27228 is a remote code execution in Google's Pixel MFC component caused by a heap buffer overflow/out-of-bounds write. The issue requires no user interaction and can be triggered over the network. Pixel Update Bulletin lists this CVE as Critical (RCE) with affected Pixel devices; remedia...

9.8CVSS7.9AI score0.00557EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.124 views

CVE-2024-31323

CVE-2024-31323 is an Android local elevation-of-privilege vulnerability in the onCreate path of the HealthFitness module (HealthFitness) that could trick a user into granting health permissions via tapjacking, requiring no user interaction for exploitation. The issue is mapped to the Healthfitnes...

7.8CVSS6.8AI score0.00102EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.124 views

CVE-2024-31324

CVE-2024-31324 affects Android Framework due to a tapjacking/overlay bypass in WindowState.java. The issue can be triggered by starting an activity in portrait, then rotating to landscape, enabling local elevation of privilege with user interaction required. The entry notes exploitation is possib...

7.8CVSS6.8AI score0.00103EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.124 views

CVE-2024-34731

CVE-2024-34731 affects Android components (TranscodingResourcePolicy.cpp) with a race-condition leading to memory corruption and local privilege escalation. The description across sources (NVD/Red Hat/CNVD/Vuln enrichment) consistently notes memory corruption as the root cause and local EoP risk ...

7.7CVSS7AI score0.00108EPSS
CVE
CVE
added 2025/02/26 5:45 a.m.124 views

CVE-2024-39441

The CVE-2024-39441 entry concerns Unisoc Unisoc components with a vulnerability in wifi display due to a missing permission check. This can allow local escalation of privilege without requiring additional execution privileges (local vector, as described). The connected Red Hat and NVD entries mir...

8.4CVSS7.1AI score0.00113EPSS
CVE
CVE
added 2019/06/19 7:52 p.m.123 views

CVE-2019-1989

CVE-2019-1989 affects the Android Media framework (Android 7.0–9) and is described as a Remote Code Execution (RCE) vulnerability. The issue arises in ih264d_fmt_conv_420sp_to_420p within ih264d_format_conv.c due to a missing bounds check, enabling an out-of-bounds write. The vulnerability is exp...

9.3CVSS8.8AI score0.0137EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.123 views

CVE-2021-0511

CVE-2021-0511 affects Android Dex2oat (dex2oat.cc) with an input-validation flaw that could inject bytecode into an app, enabling local privilege escalation without user interaction. Affected Android versions: 9, 10, 11. CVSS v3 base score 7.8 (local, low attack complexity, high impact). No remed...

7.8CVSS7.6AI score0.00217EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.123 views

CVE-2021-0579

CVE-2021-0579 affects the Android WiFi driver. The issue is an out‑of‑bounds read caused by a missing bounds check, enabling remote information disclosure to a proximal attacker with no additional privileges and no user interaction required. This is the concrete vulnerability detail reported acro...

6.5CVSS6.1AI score0.00297EPSS
CVE
CVE
added 2021/10/06 2:10 p.m.123 views

CVE-2021-0682

CVE-2021-0682 affects Android via a permissions check gap in NotificationManagerService.java (sendAccessibilityEvent), enabling local information disclosure of notifications. Affected: Android 8.1, 9, 10, 11. Exploitation: local, requires no user interaction, per description; no mitigation detail...

5.5CVSS5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.123 views

CVE-2021-0956

CVE-2021-0956 affects Android by a flaw in NfcTag::discoverTechnologies (activation) in NfcTag.cpp, where an incorrect bounds check allows an out-of-bounds write. This could enable remote elevation of privilege with no user interaction, impacting Android 11 and 12. The issue is listed in Android’...

10CVSS8.7AI score0.0123EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.123 views

CVE-2021-39720

CVE-2021-39720Concern: Affects Google Pixel devices in the Modem component; classified as Remote Code Execution (RCE) with Critical severity in the Pixel security bulletin. Root cause is documented as a modem-related vulnerability within the Android stack; no exploit details are provided in the c...

10CVSS9AI score0.00498EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.123 views

CVE-2021-39721

CVE-2021-39721 affects the Android kernel. The connected records specify a vulnerability described as an out-of-bounds write caused by memory corruption, enabling local escalation of privilege with System execution privileges required. Public references consistently cite Android kernel as the aff...

6.7CVSS6.7AI score0.00104EPSS
CVE
CVE
added 2022/05/10 8:16 p.m.123 views

CVE-2022-20118

CVE-2022-20118 affects the Android kernel ion.c, specifically in ion_ioctl and related functions, where a race condition can trigger a use-after-free. This leads to local privilege escalation without extra execution privileges or user interaction. Documented impact appears as EoP with local acces...

7CVSS7.3AI score0.00083EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.123 views

CVE-2022-26098

CVE-2022-26098 is a heap-based buffer overflow in the libsimba library, specifically in the sheifd_create function, that allows remote code execution. The issue affects libsimba prior to the SMR Apr-2022 Release 1. The vulnerability’s impact is described as code execution with high severity, incl...

10CVSS9.8AI score0.01306EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.123 views

CVE-2022-44427

Technical details about CVE-2022-44427 are not publicly provided in the supplied documents. The entries reference a missing bounds check in the WLAN driver and local DoS, but no vendor/product/version specifics or fixes are given here. Monitor for updates.

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.123 views

CVE-2022-44431

CVE-2022-44431 describes a missing bounds check in the WLAN driver that could allow a local Denial of Service in WLAN services. The NVD entry lists a CVSS v3.1 base score of 5.5 (Local, Low complexity, Low privileges, High impact on availability). Connected sources corroborate the WLAN-driver foc...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.123 views

CVE-2023-21000

CVE-2023-21000 relates to a use-after-free in MediaCodec.cpp due to improper locking, enabling local privilege escalation on Android 13. The vulnerability affects the Android MediaCodec path and is described across multiple sources (NVD, Red Hat, PRION, PT-Security, and Pixel bulletin). The provi...

7.8CVSS7.8AI score0.00078EPSS
CVE
CVE
added 2023/10/06 6:48 p.m.123 views

CVE-2023-21253

CVE-2023-21253 describes a resource exhaustion condition that can crash multiple system services, leading to local DoS with no required user interaction. The impact is limited to denial of service on affected Android/Linux components; no remote context is implied. Public details indicate the issu...

5.5CVSS5.4AI score0.0014EPSS
CVE
CVE
added 2023/08/14 9:1 p.m.123 views

CVE-2023-21274

CVE-2023-21274 affects Google Android, specifically the code path in ShimConverter.cpp:convertSubgraphFromHAL. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure without requiring additional privileges. Exploitation is described as needing...

5.5CVSS5.1AI score0.00104EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.123 views

CVE-2023-21351

CVE-2023-21351 affects Google Android (Framework) and is described as a local elevation-of-privilege vulnerability caused by a logic error that can trigger a background activity launch. The issue can be exploited without user interaction and could compromise confidentiality, integrity, and availa...

7.8CVSS7.9AI score0.00119EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.123 views

CVE-2023-40073

CVE-2023-40073 concerns an information disclosure in Android’s framework: in the method visitUris of Notification.java, there is a cross-user media read (Confused Deputy) that can lead to local information disclosure without extra execution privileges. The exposed data is restricted to local acce...

5.5CVSS5AI score0.00134EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.123 views

CVE-2023-40090

What’s affected: Google Android platform vulnerability CVE-2023-40090 in the Bluetooth stack, specifically BTM_BleVerifySignature in btm_ble.cc. The issue is described as bypassing signature validation via side-channel information disclosure, enabling remote escalation of privilege with no additi...

6.5CVSS6.6AI score0.00542EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.123 views

CVE-2024-0043

CVE-2024-0043 involves a logic error that can grant a notification listener to an app in the work profile, enabling local elevation of privilege with no extra execution privileges needed. Exploitation requires user interaction. Multiple connected sources (Android NVD entry, Red Hat advisory, CNVD...

7.8CVSS7AI score0.00149EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.123 views

CVE-2024-27236

Summary: CVE-2024-27236 concerns a memory corruption risk in the aoc_unlocked_ioctl handler of aoc.c caused by type confusion, enabling local escalation of privilege without user interaction. The issue is reported across multiple sources (NVD/Red Hat/OSV/PRION/CVELIST/etc.) with consistent descri...

8.4CVSS7.2AI score0.0009EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.123 views

CVE-2024-40650

CVE-2024-40650 is an Android elevation-of-privilege vulnerability caused by a missing FRP state check in wifi_item_edit_content (styles.xml). It enables local privilege escalation with no user interaction. Connected sources confirm Android FRP bypass and affected components; exploitation details ...

7.8CVSS7.2AI score0.0008EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.123 views

CVE-2024-40658

CVE-2024-40658 affects the Android Framework: the vulnerability is in getConfig of SoftVideoDecoderOMXComponent.cpp, causing a heap buffer overflow that can produce an out-of-bounds write. Impact is local escalation of privilege with no additional execution privileges or user interaction required...

7.8CVSS7.4AI score0.00106EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.123 views

CVE-2024-43095

CVE-2024-43095 is an elevation-of-privilege vulnerability in Google Android System (Permission Controller) caused by a logic error. It enables local privilege escalation and is listed as a High-severity EoP issue affecting Android 12–15. The Android security bulletin (January 2025) notes updated ...

7.8CVSS7.1AI score0.00084EPSS
CVE
CVE
added 2025/01/17 11:3 p.m.122 views

CVE-2018-9383

CVE-2018-9383 is a vulnerability in the Linux kernel where the asn1_ber_decoder in lib/asn1_decoder.c allows an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure and, per the description, system execution privileges could be required for exploitation;...

4.4CVSS7.6AI score0.00105EPSS
CVE
CVE
added 2020/11/10 12:47 p.m.122 views

CVE-2020-0442

CVE-2020-0442 affects Android and is tied to the Notification.java path (Message and toBundle). The root cause is improper input validation that can cause a UI slowdown or crash, leading to a remote denial of service when a malicious contact file is received. Exploitation requires no user interac...

7.8CVSS7.4AI score0.01003EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.122 views

CVE-2021-0334

CVE-2021-0334 is a vulnerability in the Android Framework affecting Android 8.1–11 where ResolverActivity.java’s onTargetSelected allows a malicious app to bypass domain-handling settings and register as the default handler for arbitrary domains. This can lead to local privilege elevation with no...

7.8CVSS7.7AI score0.0028EPSS
CVE
CVE
added 2021/03/10 3:41 p.m.122 views

CVE-2021-0399

Summary: CVE-2021-0399 is a memory corruption use-after-free in Android kernel’s xt_qtaguid.c (qtaguid_untag). The issue can lead to local escalation of privilege with no extra execution privileges or user interaction. The vulnerable component is the kernel’s qtaguid path; exploitation is local, ...

7.8CVSS7.7AI score0.00382EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.122 views

CVE-2021-0434

CVE-2021-0434 is an Android Bluetooth permission handling flaw in onReceive of BluetoothPermissionRequest.java that could enable a malicious Bluetooth device to phish permissions from the user, potentially causing local elevation of privilege. The vulnerability affects Android 9–11 as cited in th...

7.3CVSS7.1AI score0.00173EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.122 views

CVE-2021-0480

CVE-2021-0480 affects Android devices due to a vulnerability in SnoozeHelper.java (createPendingIntent) where a broadcast intent may include a sensitive identifier, enabling local information disclosure with no extra privileges. Exploitation requires user interaction. Affected Android versions in...

5.5CVSS5AI score0.00404EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.122 views

CVE-2021-0513

CVE-2021-0513 concerns an elevation-of-privilege via the Android NotificationManagerService.java layer. The issue is described as a permission bypass caused by improper state validation in deleteNotificationChannel and related functions, enabling local escalation of privilege to hidden services w...

7.8CVSS7.7AI score0.00199EPSS
CVE
CVE
added 2021/07/14 1:46 p.m.122 views

CVE-2021-0586

CVE-2021-0586 describes a tapjacking/overlay flaw in DevicePickerFragment.java on Android 8.1–11 that could trick users into selecting a Bluetooth device, enabling local escalation of privilege with no extra execution privileges required. The initial description notes user interaction is needed f...

7.8CVSS7.6AI score0.00298EPSS
CVE
CVE
added 2021/07/14 1:44 p.m.122 views

CVE-2021-0594

CVE-2021-0594 affects Android: In ConfirmConnectActivity.onCreate, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote (proximal, NFC) escalation of privilege by deceiving a user into allowing a Bluetooth connection with no additional exec...

8CVSS8AI score0.01393EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.122 views

CVE-2021-0965

CVE-2021-0965 affects Android devices via a missing permission check in AndroidManifest.xml under Settings, enabling pairing of a Bluetooth device without user consent. This is described as a local elevation of privilege with no extra execution privileges required, and no user interaction is need...

8.8CVSS8.1AI score0.00205EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.122 views

CVE-2021-0970

CVE-2021-0970 : In Android, a mismatch in Parcel serialization/deserialization in createFromParcel of GpsNavigationMessage.java can enable local elevation of privilege without user interaction. Affected: Android 9–12 (as listed by the CVE entry). The issue stems from Parcel handling, potentially ...

7.8CVSS7.6AI score0.00202EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.122 views

CVE-2021-1050

CVE-2021-1050 affects the PowerVR kernel driver (MMU_UnmapPages). The root cause is a missing bounds check causing an out-of-bounds write, enabling local privilege escalation with no user interaction. Impact is High. The Android bulletin notes patch levels 2022-11-01/2022-11-05 or newer address t...

7.8CVSS7.6AI score0.00155EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.122 views

CVE-2021-39726

CVE-2021-39726 affects the Android kernel component cd_ParseMsg in cd_codec.c. Root cause: an out-of-bounds read caused by an incorrect bounds check, leading to remote information disclosure without user interaction. Severity/impact are stated as high in the Pixel bulletin context; exploitation s...

7.5CVSS7AI score0.00709EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.122 views

CVE-2021-39737

CVE-2021-39737 is listed in the Pixel security bulletin as a Modem component vulnerability (RCE) affecting Google Pixel devices. The entry ties the issue to the Pixel modem with a critical impact profile (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The public documentation does not specify t...

10CVSS9AI score0.00498EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.122 views

CVE-2022-22268

CVE-2022-22268 concerns Samsung Knox Guard. The vulnerability is described as an incorrect implementation that, on affected devices, allows a physically proximate attacker to temporarily unlock Knox Guard by using Samsung DeX mode when Knox Guard is locked. Root cause: DeX mode runs in contexts w...

6.1CVSS6.2AI score0.00112EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.122 views

CVE-2022-26447

Summary of CVE-2022-26447 : A MediaTek BT firmware vulnerability causes an out-of-bounds write due to a missing bounds check. This can enable remote code execution with no privileges and no user interaction required. Affected component is BT firmware (MediaTek). The issue is associated with patch...

9.8CVSS9.2AI score0.00617EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.122 views

CVE-2023-20652

CVE-2023-20652 is a MediaTek keyinstall vulnerability described as an out-of-bounds write caused by a missing bounds check. It allows local escalation to SYSTEM privileges with no user interaction required. Exploitation status is not detailed in the provided records, but NVD/Red Hat entries confi...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.122 views

CVE-2023-40082

CVE-2023-40082: Elevation of privilege affecting Google Android via modify_for_next_stage in fdt.rs, which can render KASLR ineffective due to improper crypto use. The result is remote escalation of privilege with no required user interaction and no additional execution privileges needed, as desc...

9.8CVSS9.2AI score0.00639EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.122 views

CVE-2024-20146

The CVE-2024-20146 issue affects MediaTek wlan STA driver and is caused by improper input validation leading to an out-of-bounds write. This can allow remote code execution with no additional privileges and without user interaction, affecting adjacent systems and potentially enabling high-severit...

8.1CVSS7.8AI score0.00136EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.122 views

CVE-2024-27220

CVE-2024-27220 affects Google Pixel/Android components; in lpm_req_handler (TBD module), a missing bounds check allows out-of-bounds memory access. This leads to local escalation of privilege with no user interaction required. The issue is classified as Elevation of Privilege (EoP) and appears in...

8.4CVSS7AI score0.00095EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.122 views

CVE-2024-34723

Summary: CVE-2024-34723 describes a logic error in Android’s ParcelableListBinder.java (onTransact) that could enable local elevation of privilege by stealing the mAllowlistToken to launch an app from the background, without extra privileges or user interaction. The vulnerability is tied to how P...

7.8CVSS6.8AI score0.00115EPSS
CVE
CVE
added 2024/09/27 7:37 a.m.122 views

CVE-2024-39431

The CVE-2024-39431 issue affects Unisoc chipsets’ UMTS RLC driver, where a missing bounds check can cause an out-of-bounds write. This can lead to remote denial of service with system privileges. Public references confirm the vulnerable component as the UMTS RLC driver and describe the exploit su...

8.3CVSS7.1AI score0.00176EPSS
CVE
CVE
added 2022/09/13 7:13 p.m.121 views

CVE-2021-0942

CVE-2021-0942 describes an ioctl-based path where an untrusted app can control the ui32PageIndex in sPA.uiAddr = page_to_phys(psOSPageArrayData->pagearray[ui32PageIndex]), leading to an out-of-bounds read (and plausibly an OOB write) in the Android kernel. Multiple sources confirm a high-sever...

9.8CVSS8.6AI score0.00314EPSS
Total number of security vulnerabilities8153