Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/12/15 6:6 p.m.117 views

CVE-2021-39657

CVE-2021-39657 concerns an out-of-bounds read in the Android kernel’s ufshcd_eh_device_reset_handler (ufshcd.c). The issue enables local information disclosure with System privileges required, and does not require user interaction to exploit. The provided connected documents reiterate the same de...

4.4CVSS5.3AI score0.00153EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.117 views

CVE-2021-39716

CVE-2021-39716 is present in multiple feeds. The Pixel Update Bulletin categorizes it under Modem with type ID and Moderate severity, indicating a Modem-related issue in Pixel devices; remediation is via Google’s 2022-03-05 patch level. However, the NVD entry lists the affected component as Andro...

7.5CVSS7.4AI score0.00377EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.117 views

CVE-2021-39733

CVE-2021-39733 affects the Android kernel audio path (audiometrics.c) via amcs_cdev_unlocked_ioctl. The vulnerability is a possible out-of-bounds write caused by improper input validation, which could enable local elevation of privilege to SYSTEM if exploited. Exploitation is described as local w...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.117 views

CVE-2022-20437

CVE-2022-20437 affects Android Messaging. The issue is a denial-of-service vulnerability caused by an unauthorized broadcast within Messaging, leading to Local DoS on affected devices. Affected platform: Google Android (Android OS family with Messaging component). Root cause described as a flaw i...

5.5CVSS5.4AI score0.00156EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.117 views

CVE-2022-32619

The CVE-2022-32619 issue is an out-of-bounds write in MediaTek’s keyinstall component caused by an incorrect bounds check, enabling local escalation of privilege with System-level privileges required; exploitation reportedly does not require user interaction. The vulnerability is identified in Me...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2023/07/12 11:23 p.m.117 views

CVE-2023-21240

Technical details are not publicly available in the provided connected documents. CVE-2023-21240 is described as a boot loop/resource exhaustion DoS in Policy.java with no exploitation vectors, affected versions, or fixes disclosed here.

5.5CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2023/07/12 11:33 p.m.117 views

CVE-2023-21256

Summary: CVE-2023-21256 concerns Android’s SettingsHomepageActivity.java, where a logic error could let an attacker launch arbitrary activities from Settings, enabling local elevation of privilege. The vulnerability requires user interaction to exploit and is described across multiple sources (NV...

7.8CVSS7.7AI score0.00108EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.117 views

CVE-2023-45775

CVE-2023-45775 describes an out-of-bounds write in CreateAudioBroadcast within broadcaster.cc that enables local privilege escalation without user interaction. Affected component appears in Android source code; vulnerability details are consistent across multiple sources (NVD, Red Hat, CNVD, OSV)...

7.8CVSS7.8AI score0.00124EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.117 views

CVE-2023-45781

CVE-2023-45781 is described across multiple connected sources as an information-disclosure vulnerability in Google Android, caused by an out-of-bounds read in parse_gap_data() within utils.cc. Exploitation requires local access (local Vector) with low privileges and does not require user interact...

5.5CVSS5AI score0.0013EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.117 views

CVE-2024-25987

The CVE-2024-25987 entry describes an out-of-bounds write in the pt_sysctl_command function of pt.c due to an incorrect bounds check. This can enable local privilege escalation with system execution privileges needed, and exploitation does not require user interaction. The available documents do ...

6.7CVSS7AI score0.00084EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.117 views

CVE-2024-27206

CVE-2024-27206 describes a potential out-of-bounds read caused by a missing bounds check, enabling remote information disclosure without privileges or user interaction. The connected sources reference this issue in the context of Google/Pixel Android security updates, but the provided documents d...

7.5CVSS6.4AI score0.00344EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.117 views

CVE-2024-34741

The CVE-2024-34741 issue concerns Android’s WindowState.java function setForceHideNonSystemOverlayWindowIfNeeded. A logic error could allow message content to be visible on the screensaver when lock-screen visibility is restricted, enabling local elevation of privilege with no extra execution pri...

7.8CVSS6.7AI score0.00154EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.117 views

CVE-2024-49745

CVE-2024-49745: In growData of Parcel.cpp, an out-of-bounds write may allow local privilege escalation without user interaction. Exploitation details are not provided in the documents; no active exploit status is stated. Android security bulletins (2025-01-01 and 2025-01-05 patch levels) include ...

7.8CVSS6.9AI score0.0008EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.116 views

CVE-2018-9552

CVE-2018-9552 affects Android Media Framework (ihevcd_sao_shift_ctb in ihevcd_sao.c). The issue is an out-of-bounds write caused by missing bounds checks, potentially allowing information disclosure. Affected Android versions span 7.0–9 (Android-7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9); exploitation could...

5.5CVSS5.4AI score0.00529EPSS
CVE
CVE
added 2019/06/19 7:56 p.m.116 views

CVE-2019-2008

CVE-2019-2008 affects Android’s Media framework, specifically the AudioFlinger.cpp createEffect path, where a race condition can cause a memory corruption leading to local elevation of privilege. Exploitation requires user interaction, and no extra privileges are needed. The issue impacts Android...

7.6CVSS7.7AI score0.00576EPSS
CVE
CVE
added 2020/10/14 1:7 p.m.116 views

CVE-2020-0422

CVE-2020-0422: Android system/framework vulnerability in NotificationImportExportListener.java due to an unsafe PendingIntent enables local information disclosure of contacts data with no user interaction; the issue is listed under the 2020-10-01/10-05 patch levels in the Android security bulleti...

3.3CVSS3.6AI score0.00166EPSS
CVE
CVE
added 2020/12/14 9:51 p.m.116 views

CVE-2020-0440

CVE-2020-0440 affects Android 11 and is detailed across several sources (NVD entry and related security bulletins). The vulnerability resides in DisplayManagerService.createVirtualDisplay where a missing permission check could allow a trusted virtual display to be created, enabling local elevatio...

7.8CVSS7.6AI score0.00167EPSS
CVE
CVE
added 2021/02/10 4:48 p.m.116 views

CVE-2021-0305

CVE-2021-0305 affects the Android PackageInstaller. The issue is a tapjacking vulnerability caused by an insecure default value, enabling local escalation of privilege with no extra execution privileges, requiring user interaction to exploit. Affected platforms include Android 8.1, 9, and 10. The...

9.3CVSS7.7AI score0.00517EPSS
CVE
CVE
added 2021/03/10 3:37 p.m.116 views

CVE-2021-0393

CVE-2021-0393 affects Android: out-of-bounds write in Scanner::LiteralBuffer::NewCapacity (scanner.cc) caused by an integer overflow. This could allow remote code execution when a malicious PAC file is supplied, without extra privileges and without user interaction. Affected Android versions incl...

7.8CVSS7.9AI score0.00961EPSS
CVE
CVE
added 2021/04/13 6:20 p.m.116 views

CVE-2021-0428

CVE-2021-0428 affects Android 10 and is tied to TelephonyManager.getSimSerialNumber. The issue arises from a missing permission check, enabling a local information disclosure with no user interaction required. Multiple sources (NVD, Red Hat, OSV) confirm the vulnerability and its local attack vec...

5.5CVSS5AI score0.00108EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.116 views

CVE-2021-0521

CVE-2021-0521 affects the Android PackageManagerService’s getAllPackages function, enabling local information disclosure of cross-user permissions due to a missing permission check. The impact is information disclosure with no additional execution privileges or user interaction required, i.e., a ...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.116 views

CVE-2021-0578

CVE-2021-0578 affects the Android WiFi driver (MediaTek components) with an out-of-bounds read caused by a missing bounds check. This could allow remote information disclosure by a nearby attacker without user interaction or additional privileges. Documents do not specify an affected version, exp...

6.5CVSS6.1AI score0.00297EPSS
CVE
CVE
added 2021/07/14 1:45 p.m.116 views

CVE-2021-0601

CVE-2021-0601 : Android Media Framework vulnerability in encodeFrames of avc_enc_fuzzer.cpp enables a possible out-of-bounds write due to a double free, leading to local information disclosure with no special privileges required. Exploitation requires no user interaction. Affected products/versio...

5.5CVSS5.1AI score0.00131EPSS
CVE
CVE
added 2022/08/24 1:36 p.m.116 views

CVE-2021-0887

CVE-2021-0887 describes a leak of kernel heap content in PVRSRVBridgeHeapCfgHeapConfigName due to uninitialized data, enabling local information disclosure without extra privileges or user interaction. This affects Android environments utilizing PowerVR-GPU components and is reflected across mult...

5.5CVSS5AI score0.00093EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.116 views

CVE-2021-0952

CVE-2021-0952 affects Android devices (Android 9–12) and stems from a vulnerability in doCropPhoto within PhotoSelectionHandler.java that enables a possible permission bypass via a confused deputy. This could allow local information disclosure of a user’s contacts with no additional execution pri...

5CVSS4.8AI score0.00137EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.116 views

CVE-2021-0966

CVE-2021-0966 affects Android 11 and 12. It arises from BuildParcelFields in generate_cpp.cpp, allowing a crafted parcelable to reveal uninitialized memory in a target process and cause local information disclosure across Binder transactions without extra privileges or user interaction. Impact is...

5.5CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.116 views

CVE-2022-20153

Summary (CVE-2022-20153) In the Android kernel, the vulnerability occurs in the function rcu_cblist_dequeue of rcu_segcblist.c , where improper locking can cause a use-after-free. This can enable local escalation of privilege with SYSTEM execution privileges required, and exploitation does not re...

7.2CVSS6.5AI score0.00123EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.116 views

CVE-2022-20430

CVE-2022-20430 is mapped to UNISOC components, with the vulnerability labeled as High severity in Telephony. The root cause per provided documents is a missing authorization/permission check in a system service, enabling Local Privilege Elevation. The Android context is indicated, with references...

7.8CVSS7.5AI score0.00111EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.116 views

CVE-2022-42771

Technical details about CVE-2022-42771 are not publicly provided in the supplied documents. The entries reference a WLAN driver race condition causing local DoS, but no vendor, version, or patch information is included here. Monitor for updates.

4.7CVSS4.6AI score0.00062EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.116 views

CVE-2022-44425

CVE-2022-44425 is a UNISOC/ wlan-driver issue described as a missing bounds check in the wlan driver, leading to local denial of service in wlan services. Public sources (NVD/NIST entry) assign a CVSSv3.1 base score of 5.5 (Medium) with LOCAL attack vector, LOW attack complexity, LOW privileges r...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.116 views

CVE-2022-44438

CVE-2022-44438 affects the Android messaging service (in Unisoc contexts) where a missing permission check can allow a local denial of service in the contacts service without extra privileges. Root cause: inadequate access control in the messaging component. Impact: local DoS as described in mult...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/07/12 11:32 p.m.116 views

CVE-2023-21254

CVE-2023-21254 affects Android Framework in the getCurrentState path of OneTimePermissionUserManager.java. The issue allows holding one-time permissions after the app is killed due to a logic error, enabling local privilege escalation with no extra execution privileges and without user interactio...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.116 views

CVE-2023-21366

Technical details (affected products, exact vulnerable component, versions, exploit specifics) are not publicly available in the provided Connected documents for CVE-2023-21366. Monitor for updates.

5.5CVSS5.8AI score0.00083EPSS
CVE
CVE
added 2023/12/08 3:45 p.m.116 views

CVE-2023-48421

CVE-2023-48421 affects Google Pixel GPU driver code: gpu_pixel_handle_buffer_liveness_update_ioctl in private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c. Root cause is an out-of-bounds write due to improper input validation, enabling local privilege escalation with no extra priv...

7.8CVSS7.8AI score0.00106EPSS
CVE
CVE
added 2023/12/08 3:46 p.m.116 views

CVE-2023-48423

CVE-2023-48423 : The vulnerability is an out-of-bounds write in the function dhcp4_SetPDNAddress of dhcp4_Main.c caused by a missing bounds check. This could enable remote code execution with no additional privileges and without user interaction. Public documents (NVD, OSV) reiterate the same des...

9.8CVSS9.4AI score0.00475EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.116 views

CVE-2024-20056

CVE-2024-20056 affects MediaTek preloader: insecure default value enables local privilege escalation to SYSTEM, with no user interaction required. Patch ALPS08528185/ALPS08528185 issued; details on exploitation not provided in the connected docs.

6.7CVSS6.9AI score0.00091EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.116 views

CVE-2024-20105

Summary (CVE-2024-20105): In the MediaTek m4u component, there is a potential out-of-bounds write due to a missing bounds check. This could enable local escalation of privilege to the System level, with no user interaction required. The CVE is associated with patch ID ALPS09062027 and issue MSV-1...

6.7CVSS7.3AI score0.00085EPSS
CVE
CVE
added 2025/02/03 3:23 a.m.116 views

CVE-2024-20142

CVE-2024-20142 concerns MediaTek MT8893 V5 DA where a missing bounds check in the V5 DA module can cause an out-of-bounds write. The resulting impact is local escalation of privilege if an attacker gains physical access to the device; exploitation requires user interaction. The initial documents ...

6.6CVSS6.9AI score0.00102EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.116 views

CVE-2024-23696

The CVE-2024-23696 issue is tied to the RGXCreateZSBufferKM function in rgxta3d.c, where a use-after-free leads to possible arbitrary code execution and local elevation of privilege in the kernel. Exploitation reportedly requires local access with no extra privileges and no user interaction. Conn...

8.4CVSS7.4AI score0.00104EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.116 views

CVE-2024-23708

CVE-2024-23708 describes an elevation of privilege in Android via a Clipboard/NotificationManager issue. In multiple functions of NotificationManagerService.java, there is a way to access clipboard messages without showing a toast, enabling local escalation of privilege without extra execution pr...

9.8CVSS7AI score0.00343EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.116 views

CVE-2024-31339

CVE-2024-31339 affects Google Android: a memory corruption via use-after-free in multiple functions of StatsService.cpp can lead to local escalation of privilege with no user interaction. The issue impacts the Statsd component and is listed in Android Security Bulletin details for 2024-07-01/07-0...

7.8CVSS7AI score0.00115EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.115 views

CVE-2018-9489

CVE-2018-9489 affects Android where, upon wifi state changes, WifiStateMachine.sendNetworkStateChangeBroadcast broadcasts an intent that includes detailed wifi network information. The root cause is information disclosure via system broadcasts that do not require execution privileges or user inte...

7.5CVSS6.9AI score0.00987EPSS
CVE
CVE
added 2019/06/19 7:54 p.m.115 views

CVE-2019-2007

CVE-2019-2007 affects Android Audio stack via FifoControllerBase.cpp, where getReadIndex/getWriteIndex allow an out-of-bounds write caused by an integer overflow. This leads to local elevation of privilege in the audio server with no extra user interaction. Affected Android versions include 8.1 a...

10CVSS8.5AI score0.00921EPSS
CVE
CVE
added 2020/10/14 1:6 p.m.115 views

CVE-2020-0246

CVE-2020-0246 affects Android Framework code (UiccAccessRule.getCarrierPrivilegeStatus). A missing permission check could allow local information disclosure of EID data without extra privileges; exploitation requires local access. The issue is listed in the 2020-10 Android security bulletin and w...

5.5CVSS5AI score0.00168EPSS
CVE
CVE
added 2020/08/11 7:30 p.m.115 views

CVE-2020-0252

CVE-2020-0252 is a memory-corruption (use-after-free) issue affecting the MediaTek Multimedia Processing Driver in Google Android. The Red Hat/Red Hat-derived and CVE catalogs classify it as an Elevation of Privilege (High) vulnerability. The Android security bulletin for 2020-08-01/08-05 lists M...

10CVSS9.1AI score0.00564EPSS
CVE
CVE
added 2020/09/17 3:25 p.m.115 views

CVE-2020-0384

CVE-2020-0384 affects Android 8.0–11, with a vulnerability in the Media Framework: In Parse_art of eas_mdls.c, an incorrect bounds check allows an out-of-bounds write in the media extractor, enabling information disclosure. Exploitation requires user interaction and could occur without extra exec...

5.5CVSS5.3AI score0.00645EPSS
CVE
CVE
added 2020/10/14 1:5 p.m.115 views

CVE-2020-0413

The CVE-2020-0413 issue affects Android devices (Android 8.0–11) and is caused by a missing bounds check in gatt_process_read_by_type_rsp within gatt_cl.cc, leading to a possible out-of-bounds read that could disclose memory contents via a remote Bluetooth connection without user interaction. The...

7.5CVSS7AI score0.01494EPSS
CVE
CVE
added 2020/11/10 12:52 p.m.115 views

CVE-2020-0449

The CVE affects Android’s Bluetooth stack, specifically the btm_sec_disconnected path in btm_sec.cc. A use-after-free leads to memory corruption that could enable remote code execution in the Bluetooth server, requiring user interaction to exploit. Affected Android versions include 8.0–11 (Androi...

9.3CVSS8.8AI score0.01286EPSS
CVE
CVE
added 2020/12/14 9:52 p.m.115 views

CVE-2020-0470

Summary of CVE-2020-0470 : A heap-based buffer overflow in the Android Media Framework function restoration.c:extend_frame_highbd can cause a out-of-bounds write, leading to remote information disclosure with no full compromise, requiring some user interaction for exploitation. Affected products/...

5.5CVSS5.5AI score0.00691EPSS
CVE
CVE
added 2021/02/10 4:48 p.m.115 views

CVE-2021-0338

CVE-2021-0338 affects Android (Android-10 and Android-11) in the SystemSettingsValidators component. It describes a denial-of-service condition caused by missing bounds checks on UI settings, enabling a local DoS with user-execution privileges. Exploitation is possible without user interaction. M...

5.5CVSS5.3AI score0.00144EPSS
Total number of security vulnerabilities8153