Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/12/04 10:40 p.m.119 views

CVE-2023-40084

CVE-2023-40084 involves a memory corruption vulnerability caused by a use-after-free in the MDnsSdListener.cpp path. The flaw can permit local escalation of privilege without additional execution privileges and without user interaction, as described across multiple sources (NVD/Red Hat/Android bu...

7.8CVSS7.9AI score0.002EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.119 views

CVE-2023-40092

CVE-2023-40092 affects the Android Framework, specifically the verifyShortcutInfoPackage function in ShortcutService.java. The Red Hat/Android/NVD entries describe a confused deputy scenario that could allow an authenticated local attacker to view another user’s image, causing local information d...

5.5CVSS5.1AI score0.00117EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.119 views

CVE-2023-45773

The CVE-2023-45773 issue affects the Bluetooth stack component (btm_ble_gap.cc) in Android. It describes an out-of-bounds write caused by a missing bounds check in multiple functions, which could enable local escalation of privilege with User privileges required and no user interaction. The threa...

7.8CVSS7.8AI score0.00124EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.119 views

CVE-2024-20005

The CVE-2024-20005 entry describes a permission bypass in MediaTek’s da module due to a missing permission check. This could allow local escalation to SYSTEM privileges with no user interaction required. The impact is confined to local, system-level access; exploitation details are not provided, ...

8.2CVSS6.9AI score0.00095EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.119 views

CVE-2024-31314

CVE-2024-31314 is a DoS via resource exhaustion in multiple functions of ShortcutService.java. The issue is described across Android/Red Hat/NVD/CVE lists as a local DoS without required user interaction. Affected component is ShortcutService.java, with a persistent denial of service risk due to ...

6.2CVSS6.4AI score0.00104EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.119 views

CVE-2024-31318

CVE-2024-31318 affects Android’s CompanionDeviceManagerService.java. The flaw is a missing permission check that could allow pairing a companion device without user acceptance, enabling local elevation of privilege with no extra execution privileges required. User interaction is not needed for ex...

7.8CVSS6.8AI score0.00106EPSS
CVE
CVE
added 2025/02/03 3:23 a.m.119 views

CVE-2025-20636

CVE-2025-20636 involves MediaTek MT8798 secmem module where a missing bounds check can cause an out-of-bounds write. This could enable local privilege escalation if an attacker already has System privileges, with no user interaction required. The available references list a patch: ALPS09403554 (M...

6.7CVSS7.1AI score0.00078EPSS
CVE
CVE
added 2019/08/08 8:58 p.m.118 views

CVE-2019-14783

CVE-2019-14783 affects Samsung mobile devices running N7.x, O8.x, and P9.0 software. The issue resides in the FotaAgent component and allows a malicious application to create privileged files, indicating an elevation of privilege risk within the FotaAgent handling of file creation. The connected ...

5.5CVSS5.4AI score0.00247EPSS
CVE
CVE
added 2020/08/11 7:26 p.m.118 views

CVE-2020-0238

CVE-2020-0238 affects the Android Framework in the AccountTypePreferenceLoader’s updatePreferenceIntents. The issue is a race condition that can enable a confused deputy, allowing local escalation of privilege and the launch of privileged activities without extra execution privileges. Impact is d...

7CVSS6.9AI score0.00129EPSS
CVE
CVE
added 2020/09/17 3:49 p.m.118 views

CVE-2020-0388

CVE-2020-0388 is an Android elevation-of-privilege issue in GnssVisibilityControl.java (createEmergencyLocationUserNotification) caused by an empty mutable PendingIntent. It enables a local attacker to bypass user interaction requirements and gain elevated privileges on Android-11/Android-10, wit...

7.8CVSS7.7AI score0.00169EPSS
CVE
CVE
added 2020/12/14 9:52 p.m.118 views

CVE-2020-0463

CVE-2020-0463 affects Android Bluetooth SDP server (sdp_server_handle_client_req in sdp_server.cc). It describes a possible out-of-bounds read due to missing bounds checks, leading to remote information disclosure without added privileges or user interaction. Affected Android versions include 8.0...

7.5CVSS7AI score0.01396EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.118 views

CVE-2021-0517

CVE-2021-0517 affects Google Android ConnectivityService.java (Android 11). In updateCapabilities, a logic error can lead to an incorrect network state determination, biasing networking tasks to non-VPN networks and enabling remote information disclosure without additional privileges. Exploitatio...

7.5CVSS7.3AI score0.00802EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.118 views

CVE-2021-0522

CVE-2021-0522 is an Android vulnerability reported as an out-of-bounds read caused by a use-after-free in ConnectionHandler::SdpCb (connection_handler.cc). The issue could allow remote information disclosure without additional execution privileges, and no user interaction is required. Affected pr...

7.5CVSS7AI score0.01383EPSS
CVE
CVE
added 2021/07/14 1:45 p.m.118 views

CVE-2021-0604

CVE-2021-0604 affects Android 8.1, 9, 10 and 11. In BluetoothOppSendFileInfo.java, generateFileInfo allows sharing private files over Bluetooth via a confused deputy, leading to local information disclosure without extra execution privileges; user interaction is required for exploitation. The ent...

5.5CVSS5AI score0.00144EPSS
CVE
CVE
added 2021/10/06 2:12 p.m.118 views

CVE-2021-0689

CVE-2021-0689 affects Android platforms (Android-8.1, 9, 10, 11) via an out-of-bounds read in SkSwizzler_opts.h: RGB_to_BGR1_portable, caused by a missing bounds check. This can lead to local information disclosure without user interaction. The provided documents do not specify an exploit or patc...

5.5CVSS5AI score0.00115EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.118 views

CVE-2021-0704

CVE-2021-0704 (Google Android): A local information-disclosure vulnerability in AccountManagerService.java allows retrieving accounts without required permissions due to a permissions bypass. Affected Android versions include 9, 10, and 11. Exploitation is local and does not require user interact...

5.5CVSS5.2AI score0.00128EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.118 views

CVE-2021-39620

CVE-2021-39620 affects Android (Android 11 and 12) and is caused by a memory corruption in ipcSetDataReference within Parcel.cpp due to a use-after-free, enabling local privilege escalation with no user interaction. The Red Hat/OSV entries corroborate a local EoP risk and list the component as An...

7.8CVSS7.6AI score0.00119EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.118 views

CVE-2022-20391

CVE-2022-20391 is listed in the Android 2022-09-01 bulletin under Unisoc components with a High severity. The provided documents do not include explicit root-cause, exploit details, or affected Android versions beyond the bulletin’s context. remediation guidance, where provided, is to apply the 2...

9.8CVSS9AI score0.0042EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.118 views

CVE-2022-20431

CVE-2022-20431 describes a local elevation of privilege in Android due to a missing authorization check in a system service. The issue affects Android devices (specific component not publicly named in the documents) and is exploited locally with high impact (confidentiality, integrity, and availa...

7.8CVSS7.5AI score0.00111EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.118 views

CVE-2022-32597

CVE-2022-32597 : In Widevine, there is an out-of-bounds write due to an incorrect bounds check, enabling local escalation to System execution privileges. Exploitation requires no user interaction and is localized (local attacker). The issue is associated with the MediaTek Widevine implementation;...

6.7CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.118 views

CVE-2022-44437

CVE-2022-44437 affects Android components related to the messaging service, where a missing permission check could allow local denial of service in the contacts service with no extra privileges. The base CVSS3.1 vector indicates Local access, Low attack complexity and Low privileges required, wit...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/03/07 1:32 a.m.118 views

CVE-2022-47459

CVE-2022-47459 concerns a vulnerability in the WLAN driver where a missing parameter check can lead to a local denial of service in WLAN services. The concrete details across connected sources consistently identify the affected component as the WLAN driver and describe the root cause as an inadeq...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.118 views

CVE-2023-20623

CVE-2023-20623 affects the Ion component in MediaTek-based systems. Root cause is improper locking that allows local privilege escalation without extra execution privileges and with no user interaction required. The CVSS metrics indicate a local attack vector, high complexity, and high privileges...

6.4CVSS6.6AI score0.00067EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.118 views

CVE-2023-21216

CVE-2023-21216 affects the Linux kernel memory path (PMRChangeSparseMemOSMem in physmem_osmem_linux.c) where a use-after-free can cause arbitrary code execution, enabling local escalation of privilege with no additional privileges and no user interaction. The NVD entry rates this as CRITICAL (CVS...

9.8CVSS8.8AI score0.00398EPSS
CVE
CVE
added 2023/07/12 11:30 p.m.118 views

CVE-2023-21249

The vulnerability is in Google Android's Framework, specifically OneTimePermissionUserManager.java, where a permissions bypass can cause a one‑time permission to be retained. This could enable local elevation of privilege with User execution privileges required and no user interaction. Public tec...

5.5CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2023/09/11 8:9 p.m.118 views

CVE-2023-35667

CVE-2023-35667 affects Android’s NotificationAccessSettings.java, specifically the updateList method. The logic error can allow hiding approved notification listeners, enabling local elevation of privilege with no extra execution privileges and no user interaction required. The vulnerability is d...

7.8CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.118 views

CVE-2023-45776

CVE-2023-45776 affects Android in the CreateAudioBroadcast function (broadcaster.cc) with an out-of-bounds write caused by a missing bounds check. This enables local escalation of privilege (attack vector: local; user interaction: none; required privileges: low; impact: high). Public references a...

7.8CVSS7.8AI score0.00124EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.118 views

CVE-2024-20027

CVE-2024-20027 concerns a MediaTek MediaTek da module issue described as an out-of-bounds write due to improper input validation. This could allow local escalation of privilege with SYSTEM execution privileges required; exploitation reportedly does not require user interaction. The available docu...

7.9CVSS7AI score0.00111EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.118 views

CVE-2024-25992

CVE-2024-25992 is a out-of-bounds read in tmu_tz_control of tmu.c caused by a missing bounds check. The vulnerability enables local escalation of privilege with no additional execution privileges required and does not require user interaction. The provided connected sources (Red Hat, NVD, PRION, ...

7.8CVSS6.9AI score0.00105EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.118 views

CVE-2024-25993

CVE-2024-25993 involves a missing bounds check in the tmu_reset_tmu_trip_counter function, causing an out-of-bounds write that could enable local privilege escalation with no extra privileges or user interaction required. Public docs attribute this to Pixel/Android components and classify the imp...

8.4CVSS7AI score0.00125EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.118 views

CVE-2024-27218

CVE-2024-27218 describes an out-of-bounds read in update_freq_data (TBD module), enabling local information disclosure without extra privileges and with no user interaction. Connected sources consistently cite a missing bounds check as the root cause and local disclosure as the impact. The Androi...

6.2CVSS6AI score0.00084EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.118 views

CVE-2024-31325

CVE-2024-31325 is listed in the Android Framework as an Elevation of Privilege (EoP) vulnerability with a local attack vector. The issue arises from a logic error that can reveal images across different users’ data, enabling local privilege escalation without additional execution privileges. Affe...

7.8CVSS6.8AI score0.00107EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.118 views

CVE-2024-34737

CVE-2024-34737 affects Android via a logic error in ensureSetPipAspectRatioQuotaTracker within the framework’s ActivityClientController.java, potentially allowing local privilege escalation by generating unmovable/undeletable pip windows. Exploitation requires local access; user interaction is no...

7.8CVSS6.8AI score0.00091EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.118 views

CVE-2024-43768

CVE-2024-43768 affects Google Android Skia: in SkDeflate.cpp’s skia_alloc_func there is an out-of-bounds write caused by an integer overflow. This could enable local escalation of privilege with no additional execution privileges and no user interaction required. Remediation: patch updates exist ...

7.8CVSS7.2AI score0.00169EPSS
CVE
CVE
added 2025/04/07 3:14 a.m.118 views

CVE-2025-20657

CVE-2025-20657 relates to MediaTek MediaTek vdec with a permission bypass caused by improper input validation. The issue could enable local escalation of privilege if an attacker already has SYSTEM privileges; exploitation reportedly does not require user interaction. Connected sources (RH, NVD, ...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.117 views

CVE-2014-9803

CVE-2014-9803 affects the Linux kernel and Android deployments using affected kernels prior to 3.15-rc5-next-20140519 (notably on Nexus 5X/6P before 2016-07-05). The issue arises in arch/arm64/include/asm/pgtable.h where execute-only pages are mishandled, enabling a local attacker to gain privile...

9.3CVSS7.1AI score0.00635EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.117 views

CVE-2015-8944

CVE-2015-8944 concerns the Linux kernel up to version 4.7 (as used in Android on Nexus 6/7 devices before 2016-08-05). The ioresources_init function in kernel/resource.c uses weak permissions for /proc/iomem, allowing local users to read this file and obtain sensitive information. The description...

5.5CVSS4.8AI score0.00593EPSS
CVE
CVE
added 2019/06/19 8:3 p.m.117 views

CVE-2019-2020

CVE-2019-2020 affects Android devices and is caused by a missing bounds check in llcp_dlc_proc_rr_rnr_pdu within the llcp_dlc.cc module, leading to a possible out-of-bounds read and local information disclosure. Affected releases include Android-7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9.0. The vulnerabi...

7.1CVSS5.9AI score0.00772EPSS
CVE
CVE
added 2020/12/14 9:52 p.m.117 views

CVE-2020-0467

CVE-2020-0467 concerns a logic issue in Vpn.java (onUserStopped) on Android where user preferences could be reset, potentially causing local information disclosure of secure network traffic when not on VPN. Affected platforms include Android 8.1, 9, 10 and 11. Exploitation is described as requiri...

5.5CVSS5AI score0.00172EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.117 views

CVE-2021-0329

CVE-2021-0329: In several native functions called by AdvertiseManager.java, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server on Android 8.1–11. Exploitation is possible with local privileges; no user in...

7.8CVSS7.7AI score0.00257EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.117 views

CVE-2021-0477

CVE-2021-0477 describes an elevation-of-privilege vulnerability in Android: in ScreenshotNotificationsController.notifyScreenshotError, an unsafe PendingIntent could allow a local attacker to bypass protection and gain privileges without user interaction. Affected: Android 8.1, 9, 10, 11. Impact ...

7.8CVSS7.7AI score0.00135EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.117 views

CVE-2021-0482

CVE-2021-0482 concerns Android 11’s Media Framework. In BinderDiedCallback within MediaCodec.cpp there is memory corruption due to a use-after-free, enabling local elevation of privilege with no additional execution privileges required and no user interaction needed. The vulnerability is categori...

7CVSS7.1AI score0.00133EPSS
CVE
CVE
added 2021/07/14 1:43 p.m.117 views

CVE-2021-0486

CVE-2021-0486 concerns Android 10–11 where, in the PermissionManagerService.java more precisely in onPackageAddedInternal, there is a permissions bypass that allows possible access to external storage. The root cause is a local-elevation-of-privilege path that does not require user interaction. T...

7.8CVSS7.6AI score0.00109EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.117 views

CVE-2021-0582

CVE-2021-0582 is an information-disclosure vulnerability in the Android Wi‑Fi driver caused by a missing bounds check that enables a remote attacker in adjacent network range to read memory without executing code or requiring user interaction. Impact is confidentiality loss (high per CVSS‑3.1) wi...

6.5CVSS6.1AI score0.00297EPSS
CVE
CVE
added 2021/10/06 2:12 p.m.117 views

CVE-2021-0685

CVE-2021-0685 affects Android 11. In ParsedIntentInfo.java, there is a parcel serialization/deserialization mismatch due to unsafe deserialization, enabling local elevation of privilege with no extra execution privileges required. Exploitation requires local access; user interaction is not needed...

7.8CVSS7.7AI score0.00191EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.117 views

CVE-2021-0692

CVE-2021-0692 affects Android (Android-9/10/11) via a flaw in FirstScreenBroadcast.java: sendBroadcastToInstaller can trigger an activity launch through an unsafe PendingIntent, enabling local elevation of privilege with no extra execution privileges required. The issue is described as requiring ...

7.8CVSS7.7AI score0.00108EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.117 views

CVE-2021-0696

CVE-2021-0696 describes a use-after-free race in dllist_remove_node (TBD) leading to local privilege escalation on Android SoC. Connected records corroborate a race condition in dllist_remove_node with local-privilege escalation, affecting Android components (PowerVR-GPU listed in PT-2022-9122) a...

7CVSS7AI score0.00071EPSS
CVE
CVE
added 2022/08/24 1:37 p.m.117 views

CVE-2021-0891

CVE-2021-0891 affects the PowerVR-GPU driver in Android. An unprivileged app can trigger the driver to return uninitialized heap memory, enabling information disclosure. Exploitation is possible without privileges or user interaction over network. The issue is mapped in Android’s 2022-08-01/08-05...

7.5CVSS7.3AI score0.00262EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.117 views

CVE-2021-39657

CVE-2021-39657 concerns an out-of-bounds read in the Android kernel’s ufshcd_eh_device_reset_handler (ufshcd.c). The issue enables local information disclosure with System privileges required, and does not require user interaction to exploit. The provided connected documents reiterate the same de...

4.4CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.117 views

CVE-2021-39716

CVE-2021-39716 is present in multiple feeds. The Pixel Update Bulletin categorizes it under Modem with type ID and Moderate severity, indicating a Modem-related issue in Pixel devices; remediation is via Google’s 2022-03-05 patch level. However, the NVD entry lists the affected component as Andro...

7.5CVSS7.4AI score0.00377EPSS
Total number of security vulnerabilities8153