Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/06/11 4:42 p.m.115 views

CVE-2021-0484

CVE-2021-0484: In readVector of IMediaPlayer.cpp there is a missing bounds check allowing a read of uninitialized heap data, leading to local information disclosure without extra privileges. Affected: Android 8.1, 9, 10, 11. Exploitation does not require user interaction; mitigation in the linked...

5.5CVSS5AI score0.00133EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.115 views

CVE-2021-0485

CVE-2021-0485 : In Android 11, the getMinimalSize path in PipBoundsAlgorithm.java allows a permissions bypass that could bypass restrictions on background processes, enabling local escalation of privilege with no additional execution privileges and no user interaction required. The issue is docum...

7.8CVSS7.7AI score0.00191EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.115 views

CVE-2021-0487

CVE-2021-0487 affects Android 11 (Framework) where CalendarDebugActivity.java could export calendar data to SD card via a tapjacking/overlay attack, enabling local elevation of privilege without user interaction. The Android security bulletin notes this under Framework with Updated AOSP versions ...

7.8CVSS7.6AI score0.00119EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.115 views

CVE-2021-0505

CVE-2021-0505 affects Android 11 (Settings) with a missing permission check that could allow disabling an always-on VPN, enabling local elevation of privilege without user interaction. Documents consistently describe a local, low-exploitability EoP risk; no explicit exploit details or fixes are p...

7.8CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.115 views

CVE-2021-0573

Summary: CVE-2021-0573 affects the asf extractor on Android (notably MediaTek components). The root cause is an out-of-bounds write due to a missing bounds check, enabling local escalation of privilege with no user interaction. Impact (as stated): local privilege escalation with partial confident...

7.8CVSS7.7AI score0.00118EPSS
CVE
CVE
added 2021/07/14 1:46 p.m.115 views

CVE-2021-0585

CVE-2021-0585 is a documented Android vulnerability affecting Android 8.1–11 where an out-of-bounds write can occur in beginWrite/beginRead of MessageQueueBase.h due to improper input validation. This could enable local escalation of privilege to a system-level context without user interaction. T...

7.2CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2021/07/14 1:44 p.m.115 views

CVE-2021-0590

CVE-2021-0590 affects Android components where in NetworkMonitor.java’s sendNetworkConditionsBroadcast a privileged app could obtain WiFi BSSID/SSID without location permissions due to a missing permission check. The impact is local information disclosure with system-level privileges required; ex...

4.9CVSS4.2AI score0.00124EPSS
CVE
CVE
added 2021/07/14 1:44 p.m.115 views

CVE-2021-0597

CVE-2021-0597 describes an information-disclosure issue in Android where SipService.java’s notifyProfileAdded/notifyProfileRemoved can expose SIP account names due to a missing permission check. The vulnerability enables local information disclosure without extra execution privileges, and exploit...

5.5CVSS5AI score0.00127EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.115 views

CVE-2021-0687

Technical details about CVE-2021-0687 are not provided in the connected documents. The available description notes an Android ANR/DoS scenario arising from input validation in Layout.java; no product/version specifics or remediation are included here. Monitor for updates.

5CVSS4.9AI score0.00113EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.115 views

CVE-2021-39722

CVE-2021-39722 affects ProtocolStkProactiveCommandAdapter::Init in protocolstkadapter.cpp, with an out-of-bounds read caused by an incorrect bounds check. This could allow local information disclosure and requires system privileges, with no user interaction needed. Connected sources (OSV entry) c...

4.4CVSS4.3AI score0.00107EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.115 views

CVE-2021-39725

CVE-2021-39725 affects the Android kernel component gasket_page_table.c, specifically the function gasket_free_coherent_memory_all. The issue is memory corruption caused by a double free, enabling local escalation of privilege with System-level execution privileges required; exploitation is descr...

6.7CVSS6.8AI score0.00104EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.115 views

CVE-2021-39732

CVE-2021-39732 affects the Android kernel component copy_io_entries in lwis_ioctl.c. It describes an out-of-bounds write caused by an integer overflow, which could enable local privilege escalation without user interaction. The available connected documents confirm the issue’s presence in Android...

7.8CVSS7.7AI score0.00107EPSS
CVE
CVE
added 2022/08/05 3:14 p.m.115 views

CVE-2022-33729

CVE-2022-33729 affects Samsung devices with NFC ConfirmConnectActivity. The issue is an improper restriction of a broadcasting Intent in ConfirmConnectActivity, which leaks the MAC address of the connected Bluetooth device. The vulnerability is associated with NFC prior to SMR Aug-2022 Release 1....

5.9CVSS4.1AI score0.0009EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.115 views

CVE-2022-47331

CVE-2022-47331 concerns a race condition in the wlan driver. Connected document ASB-A-262503737 specifies a function lacking parameter checks that leads to an out-of-bounds write, which is tied to the same CVE entry and supports a local DoS impact via wlan services. Other connected entries reiter...

4.7CVSS4.6AI score0.00068EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.115 views

CVE-2023-20699

CVE-2023-20699 describes an out-of-bounds write in the MediaTek adsp module (affecting MediaTek-based devices) caused by a missing bounds check. Impact per sources: local escalation of privilege with System execution privileges required, no user interaction needed. Patch reference: ALPS07696073 (...

6.7CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2023/07/12 11:23 p.m.115 views

CVE-2023-21239

CVE-2023-21239 is in the Android Framework (Notification.java, visitUris) and enables local information disclosure via a confused deputy, leaking image data across user boundaries with no extra privileges and no user interaction required. Public details describe the root cause and affected AOSP v...

5.5CVSS5AI score0.0009EPSS
CVE
CVE
added 2023/10/11 8:37 p.m.115 views

CVE-2023-3781

CVE-2023-3781 describes a use-after-free write from improper locking in a kernel component, enabling local elevation of privilege without user interaction. The threat is local access required (attack vector LOCAL) with a high impact on confidentiality, integrity, and availability as per CVSS. The...

7.8CVSS7.8AI score0.00073EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.115 views

CVE-2024-20022

CVE-2024-20022 describes a missing bounds check in the lk module that could allow local escalation of privilege to SYSTEM-level execution. The issue is triggered locally (no user interaction required) and is corroborated across multiple connected sources (e.g., Red Hat advisory and other feeds) w...

6.7CVSS6.9AI score0.00123EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.115 views

CVE-2024-20145

CVE-2024-20145 affects MediaTek V6 DA, where a missing bounds check can lead to an out-of-bounds write. The issue enables local escalation of privilege with physical access and user interaction required for exploitation. Patch ALPS09290940 addresses the flaw (MSV-2040).

6.6CVSS7.1AI score0.0011EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.115 views

CVE-2024-27223

The CVE-2024-27223 issue is an information-disclosure vulnerability in the EUTRAN_LCS_DecodeFacilityInformationElement function of LPP_LcsManagement.c, caused by a missing bounds check that enables an out-of-bounds read. The impact is remote information disclosure after authenticating the cell co...

5.1CVSS6.4AI score0.0012EPSS
CVE
CVE
added 2020/08/11 7:27 p.m.114 views

CVE-2020-0242

CVE-2020-0242 describes a use-after-free in the Android media framework due to improper locking in NuPlayerDriver.cpp. The effect is local escalation of privilege in the media server with no additional execution privileges required, and exploitation requires local access (no user interaction). Af...

7.8CVSS7.7AI score0.00244EPSS
CVE
CVE
added 2020/08/11 7:29 p.m.114 views

CVE-2020-0250

CVE-2020-0250 affects Android 10 (Dialed in by CVE entry: In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, a missing permission check allows local information disclosure of location data without extra execution privileges or user interaction). Connected sources confirm details acro...

5.5CVSS5AI score0.00148EPSS
CVE
CVE
added 2020/08/11 7:32 p.m.114 views

CVE-2020-0258

CVE-2020-0258 affects Android 10 Framework specifically in AppZygote.java’s stopZygoteLocked path, where insufficient cleanup can lead to local information disclosure by a next-starting application. Exploitation is local and does not require user interaction; no exploit details are provided in th...

5.5CVSS5.1AI score0.00287EPSS
CVE
CVE
added 2020/09/17 3:46 p.m.114 views

CVE-2020-0396

CVE-2020-0396 is a system/component issue in Android Telephony related to an unsafe PendingIntent that can bypass permissions, enabling local information disclosure without user interaction. Affected Android versions include 8.0 (Oreo) through 11, with evidence in NVD and Android Security Bulleti...

5.5CVSS5AI score0.00183EPSS
CVE
CVE
added 2020/09/17 3:28 p.m.114 views

CVE-2020-0401

CVE-2020-0401 involves a missing permission check in setInstallerPackageName within PackageManagerService.java, enabling local escalation of privilege and granting spurious permissions without extra execution privileges. Affected: Android 8.0–11. Impact per sources: local privilege escalation wit...

7.8CVSS7.6AI score0.00278EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.114 views

CVE-2021-0328

CVE-2021-0328 describes a Bluetooth vulnerability in Android’s GattService.java where onBatchScanReports and deliverBatchScan fail to perform a required permissions check. This permits retrieval of Bluetooth scan results without the necessary permissions, enabling local escalation of privilege wi...

7.8CVSS7.6AI score0.00236EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.114 views

CVE-2021-0330

CVE-2021-0330 is an Android vulnerability affecting storaged.cpp in the Android framework, where an improper locking leads to a possible use-after-free in add_user_ce and remove_user_ce. This could enable local escalation of privilege in storaged without additional execution privileges or user in...

7.8CVSS7.7AI score0.00257EPSS
CVE
CVE
added 2021/03/10 3:39 p.m.114 views

CVE-2021-0391

CVE-2021-0391 affects Android Open Source Project: the vulnerability resides in the UI flow of ChooseTypeAndAccountActivity (onCreate in ChooseTypeAndAccountActivity.java). It allows learning whether an account exists via a tapjacking/overlay attack, without requiring permissions. Impact: local e...

7.8CVSS7.6AI score0.00657EPSS
CVE
CVE
added 2021/04/13 6:22 p.m.114 views

CVE-2021-0435

CVE-2021-0435 describes a heap data leak in the Android Bluetooth stack: in avrc_proc_vendor_command within avrc_api.cc, uninitialized data can leak heap data, enabling remote information disclosure with no extra privileges and without user interaction. Affected Android versions include Android-1...

7.5CVSS7AI score0.01712EPSS
CVE
CVE
added 2021/07/14 1:43 p.m.114 views

CVE-2021-0441

CVE-2021-0441 affects the Android 11 Framework: a permission bypass in onCreate of PermissionActivity.java caused by a confusing UI, enabling local elevation of privilege. The vulnerability targets the Framework component and, per the CVSS data, can require user interaction (UI) for exploitation ...

7.3CVSS7.3AI score0.00116EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.114 views

CVE-2021-0580

CVE-2021-0580 pertains to a vulnerability in the Android WiFi driver (MediaTek component) where a missing bounds check enables an out-of-bounds read, potentially allowing remote information disclosure to a proximal attacker without extra privileges or user interaction. The issue is described as a...

6.5CVSS6.1AI score0.00297EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.114 views

CVE-2021-0644

CVE-2021-0644 concerns an information disclosure in Android 10/11. In SubscriptionController.java, the function conditionalRemoveIdentifiers allows retrieval of a trackable identifier due to a missing permission check, enabling local information disclosure with user privileges. Exploitation requi...

5.5CVSS5.1AI score0.00111EPSS
CVE
CVE
added 2021/11/18 2:54 p.m.114 views

CVE-2021-0672

CVE-2021-0672 describes an information-disclosure flaw in the Android Browser app due to a missing permission check, enabling local data exposure without user interaction. Root cause: permission check omission in the Browser component; impact: local information disclosure; exploitability: local, ...

5.5CVSS5.1AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.114 views

CVE-2021-0922

CVE-2021-0922 : The Android framework vulnerability resides in PackageManagerService.java, in enforceCrossUserOrProfilePermission, where a missing permission check can bypass INTERACT_ACROSS_PROFILES. This enables local escalation of privilege on Android 11 without user interaction. Documents con...

7.8CVSS7.7AI score0.00105EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.114 views

CVE-2021-0943

CVE-2021-0943 affects Android, with the MMU_MapPages function showing an out-of-bounds write due to improper input validation. This could lead to local escalation of privilege without extra execution privileges, and exploitation requires no user interaction. Sources consistently describe the vuln...

7.8CVSS7.7AI score0.00099EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.114 views

CVE-2021-39814

CVE-2021-39814 affects Android kernel: in ppmp_validate_wsm of drm_fw.c there is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with System execution privileges required and no user interaction. Documents indicate a local attack with high impact (C...

7.2CVSS6.7AI score0.00113EPSS
CVE
CVE
added 2022/05/10 8:17 p.m.114 views

CVE-2022-20121

CVE-2022-20121 describes an information-disclosure vulnerability in Android related to the USCCDMPlugin/USCCDMService. The root cause is a missing permission check in getNodeValue of USCCDMPlugin.java, enabling local disclosure of ICCID with no extra execution privileges and without user interact...

5.5CVSS5.4AI score0.00098EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.114 views

CVE-2022-20432

CVE-2022-20432 is documented in multiple feeds with concrete technical details: it targets UNISOC components in the Android Telephony stack, where a missing authorization check in a system service leads to Local Elevation of Privilege. The UNISOC entry places the vulnerability under Telephony wit...

7.8CVSS7.5AI score0.00154EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.114 views

CVE-2022-23426

Samsung DeX Home (and DeX for PC) prior to SMR Feb-2022 Release 1 contains a vulnerability that uses PendingIntent to access files with system privileges. This is a local privilege escalation with partial confidentiality/integrity impact per the sources. There are no exploit details provided in t...

6CVSS5.9AI score0.00105EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.114 views

CVE-2022-32598

CVE-2022-32598 affects the Widevine component, where an incorrect bounds check can cause an out-of-bounds write. This enables local escalation to SYSTEM privileges with no user interaction required. A patch/mitigation reference is PATCH ID: ALPS07446228 (Issue ALPS07446228); no further product/ve...

6.7CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.114 views

CVE-2022-39134

CVE-2022-39134 is described in the sources as a use-after-free vulnerability caused by a race condition in the audio driver, leading to local denial of service in the kernel. Public documents confirm the issue exists and affect kernel/audio pathways, with a CVSS v3.1 score of 4.7 (Medium) reflect...

4.7CVSS4.7AI score0.00062EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.114 views

CVE-2023-20842

CVE-2023-20842 affects MediaTek devices via the core component described as /imgs y s_cmdq/ . The vulnerability is an out-of-bounds write caused by missing valid range checking in imgsys_cmdq, which can enable local privilege escalation with System execution privileges after user interaction. No ...

6.5CVSS6.6AI score0.00094EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.114 views

CVE-2024-25984

The CVE-2024-25984 issue affects Google/Android devices, referencing a heap-buffer overflow in the dumpBatteryDefend path of dump_power.cpp that can trigger an out-of-bounds read and local information disclosure without user interaction or extra privileges. Public sources (Pixel security bulletin...

6.2CVSS6.3AI score0.0009EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.114 views

CVE-2024-31335

The CVE-2024-31335 entry concerns a logic error in DevmemIntChangeSparse2 within devicemem_server.c that can enable arbitrary code execution with local privilege elevation in the kernel. Connected sources indicate affected components include Android’s kernel-related stack and PowerVR-GPU subcompo...

8.4CVSS7.4AI score0.00122EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.114 views

CVE-2024-34738

CVE-2024-34738 affects Android’s Framework via AppOpsService.java, enabling unprivileged apps to read their own restrictRead app-op states because of a logic error. This can lead to local elevation of privilege with no extra execution privileges or user interaction required. Connected sources cor...

7.8CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.114 views

CVE-2024-43084

CVE-2024-43084 is a Google Android information-disclosure flaw described across multiple sources as a confused-deputy in visitUris. Affected area is listed under Android security data with an information disclosure (ID) or library/Framework contexts, enabling local access to sensitive data withou...

6.2CVSS6.5AI score0.00095EPSS
CVE
CVE
added 2024/09/13 8:28 p.m.114 views

CVE-2024-44093

CVE-2024-44093 describes a memory corruption vulnerability in the function ppmp_unprotect_buf within drm/code/drm_fw.c. Exploitation could enable local privilege escalation without additional execution privileges or user interaction. The issue is referenced across multiple feeds (NVD, Red Hat, CV...

7.8CVSS7.3AI score0.00076EPSS
CVE
CVE
added 2025/02/03 3:23 a.m.114 views

CVE-2025-20635

CVE-2025-20635 concerns MediaTek V6 DA with a missing bounds check in the DA module, enabling a possible out-of-bounds write and local elevation of privilege if an attacker has physical access to the device. Exploitation requires user interaction; no remote/vector details are provided. The patch ...

6.6CVSS6.6AI score0.00102EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.113 views

CVE-2017-11089

CVE-2017-11089: A buffer overread in nl80211_set_station occurs when a user-space app sends NL80211_ATTR_LOCAL_MESH_POWER_MODE with data smaller than 4 bytes. Affected: Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel. Root cause and exact vendor-specific fixes a...

7.5CVSS7.1AI score0.00967EPSS
CVE
CVE
added 2024/11/27 9:45 p.m.113 views

CVE-2018-9349

CVE-2018-9349 describes an out-of-bounds read in the mv_err_cost function of mcomp.c, leading to denial of service with no additional privileges. Exploitation requires user interaction. The available documents do not specify affected products/versions or a patched release; no concrete remediation...

6.5CVSS6.5AI score0.00224EPSS
Total number of security vulnerabilities8153