Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/12/15 6:5 p.m.121 views

CVE-2021-0963

CVE-2021-0963 involves a tapjacking/overlay vulnerability in KeyChainActivity.java that could allow an app certificate stored in the Android keychain to be misused, resulting in local elevation of privilege. Public details in the provided documents confirm the issue affects Android versions 9–12 ...

7.1CVSS7AI score0.00197EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.121 views

CVE-2021-39661

CVE-2021-39661 affects the PowerVR kernel driver on Android. In the function PMRLogicalOffsetToPhysicalOffset , a missing bounds check can cause an out-of-bounds write, leading to local escalation of privilege with no additional execution privileges or user interaction required. Exploitation stat...

7.8CVSS7.6AI score0.001EPSS
CVE
CVE
added 2022/05/10 8:16 p.m.121 views

CVE-2022-20119

CVE-2022-20119 affects the Android display/graphics path (mali_gralloc_buffer.h, private_handle_t) where an uninitialized data path allows local information disclosure. The root cause is uninitialized data in the private_handle_t structure, enabling information leakage without extra execution pri...

5.5CVSS5.2AI score0.00104EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.121 views

CVE-2022-20236

CVE-2022-20236 is referenced in the Android Security Bulletin under Unisoc GPU; the affected component is a UNISOC GPU driver. The underlying root cause and specific impact are not detailed in the provided documents. The CVSS from NVD indicates HIGH impact with network attack vector and no user i...

7.8CVSS7.4AI score0.0041EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.121 views

CVE-2022-20386

CVE-2022-20386 is listed in Android security bulletin details as affecting Android with Unisoc components (Unisoc U-1903099*). Severity is High. The connected sources do not provide concrete root-cause, exploit details, affected product versions, or a remediation/patch version. The CVE appears wi...

9.8CVSS9AI score0.0042EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.121 views

CVE-2022-32635

CVE-2022-32635 concerns an out-of-bounds write in the gps component, caused by a missing bounds check, which could enable local escalation of privilege with no user interaction needed. Multiple connected sources reference this exact issue (MediaTek ALPS07573237) and reiterate that exploitation wo...

7.8CVSS7.7AI score0.00094EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.121 views

CVE-2022-42755

CVE-2022-42755 describes a missing bounds check in a WLAN driver function, causing local denial-of-service via out-of-bounds access (heap overflow/out-of-bounds write) as per Red Hat, NVD and OSV entries. The affected component is the WLAN driver; root cause is parameter/bounds checking omissions...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.121 views

CVE-2022-44429

Technical details about CVE-2022-44429 are not publicly provided in the supplied documents. No confirmed affected products, versions, or fixes are listed here. Monitor for official disclosures and vendor advisories.

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.121 views

CVE-2023-20780

The CVE-2023-20780 entry concerns MediaTek/MVK keyinstall: a missing bounds check in the keyinstall module can cause local information disclosure, requiring System privileges with no user interaction. Affected component is the keyinstall path; impact is local information disclosure with potential...

4.4CVSS4.3AI score0.00104EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.121 views

CVE-2023-21101

CVE-2023-21101 concerns a race condition in WVDrmPlugin.cpp that leads to a use-after-free, enabling local escalation of privilege. The vulnerability is described as requiring no user interaction and enabling exploitation locally, with the Android Widevine DRM component implicated. The linked doc...

7CVSS7AI score0.00066EPSS
CVE
CVE
added 2023/08/14 9:4 p.m.121 views

CVE-2023-21279

CVE-2023-21279 concerns Android’s RemoteViews.visitUris, where a confused deputy could enable cross-user media reads and local information disclosure without extra execution privileges. The vulnerability is discussed across multiple sources tied to the Android security ecosystem (NVD, Red Hat, PR...

5.5CVSS5AI score0.00089EPSS
CVE
CVE
added 2024/05/07 9:1 p.m.121 views

CVE-2024-0026

CVE-2024-0026 corresponds to a DoS in Android’s SnoozeHelper.java, causing a persistent denial of service through resource exhaustion. Affected component: Android framework/system code on Google Android. Impact: local DoS with no extra execution privileges and no user interaction required. Source...

5.5CVSS6.5AI score0.00096EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.121 views

CVE-2024-20023

CVE-2024-20023 concerns the MediaTek/flashc component, where an out-of-bounds write can occur due to lack of validation. This could permit local escalation to SYSTEM privileges without user interaction. The issue is documented across several sources (e.g., NVD/Red Hat/NCSC etc.) and is associated...

6.7CVSS6.9AI score0.00104EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.121 views

CVE-2024-23705

CVE-2024-23705 is an Android elevation-of-privilege vulnerability described across multiple feeds. Affected software is Google Android; root cause is improper input validation in multiple locations allowing local escalation of privilege. Exploitation reportedly requires user interaction (per init...

9.8CVSS7AI score0.00313EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.121 views

CVE-2024-25988

CVE-2024-25988 describes an out-of-bounds read in the SAEMM_DiscloseGuti path of SAEMM_RadioMessageCodec.c, causing potential remote information disclosure without extra execution privileges. Affected component is related to Google/Pixel modem code; exploitation is described as requiring no user ...

8.4CVSS6.4AI score0.00123EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.121 views

CVE-2024-25991

CVE-2024-25991 affects Google/Pixel devices and relates to the ACPM/TMU component. The root cause is a missing bounds check in the function acpm_tmu_ipc_handler within tmu_plugin.c, leading to a possible out-of-bounds read. Impact is information disclosure localized to the attacker’s host with no...

3.3CVSS6AI score0.001EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.121 views

CVE-2024-27227

CVE-2024-27227 affects Google Pixel devices via the modem component, with remote code execution reported as the impact. The Pixel security bulletin lists this CVE under the Modem subcomponent with a High severity and notes that applying patch level 2024-03-05 or later mitigates issues described i...

9.8CVSS6.8AI score0.00318EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.120 views

CVE-2017-0675

CVE-2017-0675 is a remote code execution vulnerability in the Android media framework affecting Android 6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is described as RCE in the media framework with impact to confidentiality, integrity, and availability. The Android bulletin indicates that the most seve...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2020/08/11 7:27 p.m.120 views

CVE-2020-0241

CVE-2020-0241 is a Media Framework issue in Android (NuPlayerStreamListener.cpp) where a double free leads to memory corruption, enabling local privilege escalation with no user interaction. Affected: Android 8.0–10. Root cause: memory-management error in NuPlayerStreamListener. Impact: local ele...

7.8CVSS7.8AI score0.00251EPSS
CVE
CVE
added 2020/09/17 3:25 p.m.120 views

CVE-2020-0385

CVE-2020-0385 affects Android via the Media Framework component, specifically in eas_mdls.c Parse_insh, where an out-of-bounds write could disclose information. Exploitation requires user interaction; impact is information disclosure without remote code execution. Affected Android versions includ...

5.5CVSS5.3AI score0.00645EPSS
CVE
CVE
added 2020/10/14 1:5 p.m.120 views

CVE-2020-0414

CVE-2020-0414 affects Android’s Media Framework (AudioFlinger::RecordThread::threadLoop). A permissions bypass could allow a remote attacker to read a non-silenced audio buffer, leading to information disclosure without extra execution privileges, with exploitation requiring user interaction. Aff...

6.5CVSS6.3AI score0.00996EPSS
CVE
CVE
added 2020/10/14 1:8 p.m.120 views

CVE-2020-0420

CVE-2020-0420 affects Android Framework due to a missing permission check in setUpdatableDriverPath in GpuService.cpp, enabling local EoP with no user interaction. The NVD/NCSC/Red Hat entries confirm a memory-corruption path leading to privilege escalation. The Android Security Bulletin lists th...

7.8CVSS7.8AI score0.00128EPSS
CVE
CVE
added 2020/12/14 9:51 p.m.120 views

CVE-2020-0459

The CVE-2020-0459 issue affects Android’s WifiConfigManager.java (sendConfiguredNetworkChangedBroadcast) and is an information-disclosure flaw caused by a missing permission check. It allows local disclosure of WiFi network names without extra execution privileges, with no user interaction requir...

3.3CVSS3.5AI score0.0015EPSS
CVE
CVE
added 2021/07/14 1:45 p.m.120 views

CVE-2021-0596

CVE-2021-0596 is an out-of-bounds read in the NFC path (phNciNfc_RecvMfResp in phNxpExtns_MifareStd.cpp) caused by a missing bounds check. This allows remote information disclosure over NFC with no extra execution privileges and no user interaction. Affected are Android versions 8.1, 9, 10, and 1...

7.8CVSS7AI score0.01117EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.120 views

CVE-2021-0691

CVE-2021-0691 affects Android 11 via an overly-permissive SELinux policy in system_app.te, enabling a local attacker with system execution privileges to gain code execution in other processes. The Red Hat and NVD entries describe a local elevation of privilege vulnerability that does not require ...

6.7CVSS7AI score0.00109EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.120 views

CVE-2021-0964

CVE-2021-0964 is an out-of-bounds write in the MP3 decoding path: in C2SoftMP3Dec.cpp, C2SoftMP3::process() a heap buffer overflow can lead to remote information disclosure without extra privileges. Affected Android versions: 9–12. Exploitation requires user interaction. References note this vuln...

7.1CVSS6.4AI score0.00904EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.120 views

CVE-2021-39621

CVE-2021-39621 is an Android elevation-of-privilege vulnerability in the LegacyModeSmsHandler.java’s sendLegacyVoicemailNotification. It relies on an unsafe PendingIntent to bypass permissions, enabling local privilege escalation from Android 9 to 12. The issue does not require user interaction f...

7.8CVSS7.7AI score0.00128EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.120 views

CVE-2021-39659

CVE-2021-39659 affects Google Android (10–12) and concerns the method sortSimPhoneAccountsForEmergency in CreateConnectionProcessor.java. An unhandled exception can block access to emergency calling, potentially causing a local denial of service with user privileges. Exploitation details are not ...

5.5CVSS5.3AI score0.00109EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.120 views

CVE-2021-39724

CVE-2021-39724 is an Android/kernel issue: in TuningProviderBase::GetTuningTreeSet there is an out-of-bounds read due to a missing bounds check. This can enable local information disclosure with system privileges required. The vulnerability affects the Android kernel via tuning_provider_base.cc a...

4.4CVSS4.3AI score0.00107EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.120 views

CVE-2022-20390

Technical details about CVE-2022-20390 are not publicly available in the provided documents. Monitor the Android Bulletin and vendor advisories for updates and fixes.

9.8CVSS8.9AI score0.0042EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.120 views

CVE-2022-44434

CVE-2022-44434 affects a messaging service component and is caused by a missing permission check, enabling local denial of service in the contacts service with no extra privileges required. The vulnerability has a CVSS v3.1 base score of 5.5 (AV:L, AC:L, PR:L, UI:N, S:U, C:N, I:N, A:H), indicatin...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.120 views

CVE-2023-21086

CVE-2023-21086 concerns a permissions bypass in Android’s NFC runtime: in the isToggleable logic of SecureNfcEnabler.java and SecureNfcPreferenceController.java , an attacker could enable NFC from a secondary/guest account without additional execution privileges or user interaction. Reported as a...

7.8CVSS7.6AI score0.00177EPSS
CVE
CVE
added 2023/07/12 11:30 p.m.120 views

CVE-2023-21248

CVE-2023-21248 affects Android’s WifiScanningMainSwitchPreferenceController.java. The issue is a missing permission check in getAvailabilityStatus, which could bypass a device policy restriction and enable local escalation of privilege without additional execution privileges. Exploitation details...

7.8CVSS7.7AI score0.00092EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.120 views

CVE-2023-35668

The CVE-2023-35668 entry affects Android’s Notification.java visitUris path, where a confused deputy could cause an image display from another user. This is an information-disclosure vulnerability with local impact and no execution privileges required (no user interaction). Connected sources corr...

5.5CVSS5.1AI score0.00135EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.120 views

CVE-2023-40080

CVE-2023-40080 involves the Bluetooth stack in Android (btm_ble_gap.cc) where a logic error can cause an out-of-bounds write, leading to local elevation of privilege without extra execution privileges or user interaction. The issue is categorized with high impact and is described across multiple ...

7.8CVSS7.8AI score0.00132EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.120 views

CVE-2024-31312

CVE-2024-31312 affects Google Android Framework. It describes a local information disclosure due to a missing permission check in multiple locations, allowing access to played media without extra privileges and without user interaction. The issue is listed in the Android Security Bulletin and is ...

5.5CVSS5.9AI score0.001EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.120 views

CVE-2024-31336

The CVE-2024-31336 entry concerns PVRSRVBridgeRGXKickTA3D2 in server_rgxta3d_bridge.c, affecting the PowerVR-GPU component. The issue is described as an arbitrary code execution caused by improper input validation, enabling local kernel privilege escalation without extra privileges or user intera...

8.4CVSS8.3AI score0.001EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.120 views

CVE-2024-43077

CVE-2024-43077 : Affects Google Android via the DevmemValidateFlags function in devicemem_server.c. The vulnerability is described as an out-of-bounds write caused by memory corruption, enabling local escalation of privilege with no additional execution privileges and no user interaction required...

7.8CVSS7.3AI score0.00079EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.119 views

CVE-2020-0181

CVE-2020-0181 affects libexif: the DoS is due to an integer overflow in exif_data_load_data_thumbnail within exif-data.c. The Nessus/NVD data describe remote denial of service with network access and no user interaction. Multiple advisories (Unity Linux, MiracleLinux, SUSE, Red Hat) reference thi...

7.5CVSS7.6AI score0.02856EPSS
CVE
CVE
added 2020/08/11 7:28 p.m.119 views

CVE-2020-0243

CVE-2020-0243 is a Media Framework elevation-of-privilege vulnerability in Android. In clearPropValue of MediaAnalyticsItem.cpp, an improper locking leads to a use-after-free that could allow a local attacker to escalate privileges within the media server. Impact is described as local escalation ...

7.8CVSS7.7AI score0.00153EPSS
CVE
CVE
added 2020/10/14 1:3 p.m.119 views

CVE-2020-0400

CVE-2020-0400 affects Android (Android-10/Android-11) in the NotificationMgr.showDataRoamingNotification path. The root cause is an unsafe PendingIntent, enabling a local permission bypass that could disclose data. Exploitation is local with no user interaction required (UI: NONE). The issue is c...

5.5CVSS5AI score0.00196EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.119 views

CVE-2021-0314

The CVE-2021-0314 issue affects Android’s UninstallerActivity in the Framework. It describes a tapjacking/overlay-based method to uninstall an app without informed user consent, leading to local elevation of privilege with User execution privileges needed. Affected Android versions include 8.1, 9...

7.3CVSS7.2AI score0.00274EPSS
CVE
CVE
added 2021/04/13 6:23 p.m.119 views

CVE-2021-0437

CVE-2021-0437 is a local elevation-of-privilege issue in Android’s DRM module. The root cause is a possible double free in DrmPlugin.cpp within setPlayPolicy, which could allow a privileged process to escalate privileges without additional execution privileges or user interaction. Affected OS ver...

7.8CVSS7.5AI score0.00242EPSS
CVE
CVE
added 2021/10/22 1:26 p.m.119 views

CVE-2021-0483

CVE-2021-0483 affects Android’s Media Framework via the AAudioService: a race condition can cause a use-after-free, enabling local elevation of privilege with user privileges and no user interaction needed. The issue is documented across multiple feeds (NVD/Red Hat/ CVE lists) with Android 10–11 ...

7.8CVSS7.4AI score0.0009EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.119 views

CVE-2021-39710

CVE-2021-39710 is listed in the Pixel security bulletin as a Telephony-related Elevation of Privilege (EoP) vulnerability in the Android kernel, categorized as High impact. The CVE entry in the bulletin confirms the affected component (Kernel/Telephony) and assigns a High severity for Pixel devic...

10CVSS9AI score0.00498EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.119 views

CVE-2021-39712

CVE-2021-39712 is an Elevation of Privilege issue in the Android kernel tied to a race-condition leading to a possible user-after-free. The connected Pixel bulletin and related records confirm this vulnerability affects the Android kernel (upstream kernel) and can enable local privilege escalatio...

6.4CVSS6.5AI score0.00088EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.119 views

CVE-2021-39731

CVE-2021-39731 concerns an out-of-bounds write in Android’s ProtocolStkProactiveCommandAdapter::Init (protocolstkadapter.cpp). The vulnerability arises from an incorrect bounds check in the Android kernel component, enabling a local elevation of privilege with System execution privileges, without...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.119 views

CVE-2021-39736

CVE-2021-39736 affects the Android kernel: in lwis_ioctl.c and lwis_periodic_io.c, an integer overflow can cause an out-of-bounds write, enabling local elevation of privileges with SYSTEM access. Exploitation details are not provided in the documents, and no user interaction is required for explo...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.119 views

CVE-2022-44432

CVE-2022-44432 describes a vulnerability in the WLAN driver where a missing bounds check could allow a local denial-of-service in WLAN services. The concrete details in the provided documents are limited to this root cause and its local impact; no public exploit information, affected vendor/produ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.119 views

CVE-2023-21401

CVE-2023-21401 : Concrete details across connected docs show an out-of-bounds write in the Linux kernel component DevmemIntChangeSparse within devicemem_server.c caused by an integer overflow. This can enable local escalation of privilege with no extra execution privileges or user interaction req...

9.8CVSS8.5AI score0.00414EPSS
Total number of security vulnerabilities8153