Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/01/17 11:4 p.m.113 views

CVE-2018-9384

CVE-2018-9384 is documented in the Pixel/Android security context as a kernel‑level issue (Kernel components → Upstream kernel) that could enable bypassing KASLR, potentially allowing local information disclosure with SYSTEM privileges. The description consistently notes a “unusual root cause” an...

4.4CVSS6AI score0.00103EPSS
CVE
CVE
added 2025/01/17 11:14 p.m.113 views

CVE-2018-9464

CVE-2018-9464 is an Elevation of Privilege in the Google Android Kernel (Taimen bootloader) identified across multiple trackers. The vulnerability arises from a missing permission check, enabling local access to read protected files and escalate privileges with no additional execution privileges ...

7.8CVSS8.1AI score0.00103EPSS
CVE
CVE
added 2020/07/17 8:10 p.m.113 views

CVE-2020-0226

CVE-2020-0226 affects Android 10 in the Media Framework. The flaw is a type-confusion–induced out-of-bounds write in Client.cpp:createWithSurfaceParent, enabling local escalation of privilege in the graphics server without requiring user interaction. Documents at NVD/Red Hat/CVE listings confirm ...

7.8CVSS7.7AI score0.00273EPSS
CVE
CVE
added 2020/10/14 1:4 p.m.113 views

CVE-2020-0415

CVE-2020-0415 affects Android’s SystemUI: a permission bypass via an unsafe PendingIntent could enable local information disclosure of contacts with user privileges, requiring no user interaction for exploitation. The vulnerability is listed in the 2020-10 Android security bulletin under System a...

5.5CVSS5AI score0.00168EPSS
CVE
CVE
added 2020/10/14 1:7 p.m.113 views

CVE-2020-0421

CVE-2020-0421 is an Elevation of Privilege vulnerability in the Android Framework (affecting Android 8.0–11) that could allow a locally malicious app to bypass user interaction requirements and gain additional permissions. The root cause is described as an out-of-bounds write in String8.cpp (appe...

7.8CVSS7.7AI score0.00266EPSS
CVE
CVE
added 2020/12/14 9:51 p.m.113 views

CVE-2020-0468

CVE-2020-0468 affects Android’s TelephonyRegistry.java, where a missing permission check allows a local bypass of location permissions, enabling local information disclosure with no user interaction. Multiple connected sources (NVD entry, Red Hat advisory RH:CVE-2020-0468, OSV listing ASB-A-15848...

5.5CVSS5.1AI score0.00143EPSS
CVE
CVE
added 2020/12/14 9:52 p.m.113 views

CVE-2020-0469

CVE-2020-0469 affects Android 11; the issue is in addEscrowToken within LockSettingsService.java, causing a logic error that may lose the synthetic password and trigger a local denial-of-service without extra privileges or user interaction. Public references in the NVD/RH/OSV entries confirm the ...

5.5CVSS5.4AI score0.00138EPSS
CVE
CVE
added 2021/06/14 7:35 p.m.113 views

CVE-2021-0324

CVE-2021-0324 is associated with Android/Unisoc components in the 2021 May Android bulletin. Sources catalog it under Unisoc Framework with High severity (per patch-level details), affecting Android devices via the Android SoC/Unisoc stack. The connected records do not provide concrete technical ...

10CVSS9AI score0.00535EPSS
CVE
CVE
added 2021/04/13 6:23 p.m.113 views

CVE-2021-0429

CVE-2021-0429 affects Android and stems from a use-after-free in ALooper.cpp (function pollOnce), causing memory corruption that could enable local escalation of privilege without requiring user interaction. Reported impact notes indicate affected Android versions include Android-9, Android-10, A...

7.8CVSS7.8AI score0.00126EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.113 views

CVE-2021-0508

CVE-2021-0508 describes a race-condition–driven use-after-free in DrmPlugin.cpp. The flaw affects Android 8.1–11 and can enable local escalation of privilege with no additional execution privileges required and without user interaction. The provided sources (NVD/NVD-derived, OSV entry) confirm th...

7CVSS7AI score0.00178EPSS
CVE
CVE
added 2021/10/06 2:10 p.m.113 views

CVE-2021-0595

The CVE-2021-0595 issue affects Android (Framework) via the RootWindowContainer.lockAllProfileTasks path, enabling local elevation of privilege by accessing the work profile without a PIN after login. Exploitation is local and requires no user interaction. Affected Android versions include 8.1, 9...

7.8CVSS7.7AI score0.00198EPSS
CVE
CVE
added 2021/10/06 2:11 p.m.113 views

CVE-2021-0598

CVE-2021-0598 refers to an Android vulnerability in ConfirmConnectActivity.java where tapping a dialog could allow a tapjacking/overlay attack to pair with untrusted Bluetooth devices, potentially enabling local privilege escalation. Affected products: Android versions 11, 10, 9, and 8.1. Root ca...

7.3CVSS7.3AI score0.00115EPSS
CVE
CVE
added 2021/07/14 1:45 p.m.113 views

CVE-2021-0602

CVE-2021-0602 affects Android 10 and 11 via WifiNetworkDetailsFragment.onCreateOptionsMenu, enabling guest users to view/modify configured APs due to a permissions bypass. This can cause local elevation of privilege with no extra execution privileges or user interaction. Exploitation details are ...

7.8CVSS7.6AI score0.00141EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.113 views

CVE-2021-0872

CVE-2021-0872 affects Imagination Technologies PowerVR kernel driver (PowerVR-GPU) via PVRSRVBridgeRGXKickVRDM. The issue is a missing size check that enables an integer overflow, leading to out-of-bounds heap access and local escalation of privilege with no extra privileges or user interaction r...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.113 views

CVE-2021-0919

CVE-2021-0919 : Android systems (Android 9–11) are affected by a vulnerability in getService of IServiceManager.cpp, where an integer overflow can trigger an unhandled exception, leading to local denial of service and making the lockscreen unusable. Exploitation requires user interaction, and the...

5CVSS5AI score0.00113EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.113 views

CVE-2021-0955

CVE-2021-0955 affects Android 11 where the race condition in the function path pf_write_buf within FuseDaemon.cpp can cause memory corruption leading to local elevation of privilege without user interaction. The issue is documented in multiple feeds (NVD/Red Hat/OSV) with the same root cause and ...

7CVSS7.1AI score0.00088EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.113 views

CVE-2021-39660

Technical details about CVE-2021-39660 are not provided in the supplied documents. The materials reference an Android kernel race condition with local privilege escalation but no specifics on affected product versions or fixes. Monitor for updates.

7CVSS7.2AI score0.00071EPSS
CVE
CVE
added 2022/08/24 1:42 p.m.113 views

CVE-2021-39815

CVE-2021-39815 concerns the PowerVR-GPU driver in Android. Unprivileged apps can allocate pinned memory, unpin it, and continue using the page in GPU calls, allowing kernel memory corruption without privileges. CVSSv3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H assigns a base score of 9.8 (CRITICAL) wi...

9.8CVSS8.7AI score0.00355EPSS
CVE
CVE
added 2022/05/03 8:6 p.m.113 views

CVE-2022-20108

CVE-2022-20108 concerns a vulnerability in the voice service where an out-of-bounds write occurs due to a stack-based buffer overflow. The consequence is local escalation of privilege to System level, with no user interaction required for exploitation. Public details consistently describe this as...

6.7CVSS6.8AI score0.00129EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.113 views

CVE-2022-20168

Summary: CVE-2022-20168 is listed in the Pixel 2022-06 bulletin as a DoS issue affecting the Modem component in Android devices (Pixel). The underlying document set identifies the issue under the Pixel Security patches with the DoS impact in the Modem area. Affected context (as per provided sourc...

7.8CVSS7.4AI score0.00367EPSS
CVE
CVE
added 2022/08/11 2:58 p.m.113 views

CVE-2022-20237

The CVE-2022-20237 entry affects Android kernel code, specifically the BuildDevIDResponse function in miscdatabuilder.cpp. A missing bounds check can cause an out-of-bounds write, which the provided documents state could enable remote code execution without extra privileges or user interaction. T...

9.8CVSS9.3AI score0.00546EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.113 views

CVE-2022-20435

CVE-2022-20435 is an Android vulnerability described as an unauthorized service in the system service that, due to missing permission checks, can lead to local elevation of privilege and potentially a system reboot. Connected OSV entries (ASB-A-242248367 and ASB-A-242248369) corroborate an unauth...

7.8CVSS7.4AI score0.00154EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.113 views

CVE-2022-32620

CVE-2022-32620 affects MediaTek’s mpu component, caused by a logic error that can cause memory corruption. This may enable local escalation of privilege to System level with no user interaction required. Patch ALPS07541753 (Issue ALPS07541753) is referenced; exploitation status is not detailed in...

6.7CVSS6.8AI score0.00135EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.113 views

CVE-2022-38690

CVE-2022-38690: In the kernel camera driver, a memory corruption can occur due to improper locking, leading to local denial of service. This is described across multiple sources (NVD/OSV-like entries and PRION) and is specifically tied to the camera driver component; no exploitation details or pa...

5.5CVSS5.5AI score0.00067EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.113 views

CVE-2022-42756

CVE-2022-42756 concerns a buffer overflow in the sensor driver caused by a missing bounds check, potentially enabling local denial of service in the kernel. The primary sources (NVD, Red Hat, PRION, cvelist, and Android bulletin) describe the issue consistently as a buffer overflow in the sensor ...

7.7CVSS5.6AI score0.00093EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.113 views

CVE-2022-47461

CVE-2022-47461 affects the telephony stack (com.android.phone) where a missing permission check in the telephone service can enable local elevation of privilege. The CVSS data indicate LOCAL attack vector, requiring HIGH privileges and potentially impacting confidentiality, integrity, and availab...

6.7CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.113 views

CVE-2023-21035

The connected Nessus entry (UNPATCHED_CVE_2023_21035.NASL) provides concrete technical details: CVE-2023-21035 affects Android 13 and is linked to BackupHelper.java, where a permissions-bypass could allow an app to access permissions previously granted to another app sharing the same package name...

7.8CVSS7.7AI score0.00109EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.113 views

CVE-2023-21342

CVE-2023-21342 is an Android framework issue in RemoteSpeechRecognitionService that enables launching an activity from the background due to a logic error. This causes local elevation of privilege with no additional privileges or user interaction required. The CVSS vector (LOCAL, LOW attack compl...

7.8CVSS7.6AI score0.00149EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.113 views

CVE-2023-32837

CVE-2023-32837 is a MediaTek JPEG decoding accelerator vulnerability in the mtk_jpeg driver exposed to unprivileged userland on devices like Xiaomi 11T and Asus ROG 6D. The flaw is an out-of-bounds read/write in an array of structs, caused by a race between the JPEG_DEC_IOCTL_HYBRID_START path (w...

7.8CVSS7.7AI score0.00123EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.113 views

CVE-2024-20020

OP-TEE (Trusted Execution Environment) vulnerability CVE-2024-20020 involves an out-of-bounds write caused by an incorrect bounds check. This could enable local information disclosure with System execution privileges required, and no user interaction is needed. The issue is tracked with patch ALP...

4.4CVSS6.1AI score0.0012EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.113 views

CVE-2024-20028

CVE-2024-20028 is a MediaTek-related issue affecting the MediaTek stack’s “da” module, described as an out-of-bounds write due to lack of validation. The vulnerability could enable local escalation of privilege with System execution privileges and does not require user interaction. Affects MediaT...

6.6CVSS6.9AI score0.00273EPSS
CVE
CVE
added 2024/05/07 9:3 p.m.113 views

CVE-2024-23709

CVE-2024-23709 describes a heap-buffer-overflow/out-of-bounds write in multiple locations that can lead to remote information disclosure without additional execution privileges, with user interaction required for exploitation. Connected sources confirm Android’s Android Security Bulletin details:...

6.5CVSS6.8AI score0.00786EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.113 views

CVE-2024-31326

CVE-2024-31326 affects the Android Framework. The issue is a logic error in policy migration code that can lead to local elevation of privilege without extra privileges or user interaction. The Android bulletin notes this as an EoP vulnerability with High severity, and lists updated AOSP versions...

7.8CVSS7AI score0.00133EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.113 views

CVE-2024-31332

CVE-2024-31332 affects Google Android Framework components, where a missing permission check allows bypassing restrictions on adding new Wi‑Fi connections. This enables local elevation of privilege with no extra execution privileges and no user interaction. Root cause: permission check gaps in mu...

8.4CVSS6.9AI score0.00103EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.113 views

CVE-2024-34719

CVE-2024-34719 is a local elevation-of-privilege vulnerability in Google Android involving a permissions bypass due to a missing null check. It affects Android Framework components and is rated High for impact (EoP) with local attack vector and no user interaction required. The Red Hat and Androi...

8.4CVSS6.9AI score0.00114EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.113 views

CVE-2024-34742

The CVE-2024-34742 issue affects Google Android, specifically a logic error in shouldWrite within OwnersData.java that can prevent MDM policies from being persisted, potentially causing a local denial of service without extra privileges. The vulnerability is described across multiple sources (NVD...

5.5CVSS6.3AI score0.00078EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.112 views

CVE-2017-0406

CVE-2017-0406 is a remote code execution vulnerability in Android's Mediaserver (libhevc) that can be triggered by processing a specially crafted media file, leading to memory corruption and potential code execution within the Mediaserver process. Reported impact is critical (CVE-2017-0406) with ...

9.3CVSS7.6AI score0.01856EPSS
CVE
CVE
added 2020/08/11 7:28 p.m.112 views

CVE-2020-0247

CVE-2020-0247 affects Android devices via Threshold::getHistogram in ImageProcessHelper.java. A crash loop could cause local denial of service with user interaction required for exploitation; no exploit details are provided. Affected Android versions listed: 8.0, 8.1, and 10. Patching guidance co...

5.5CVSS5.3AI score0.0014EPSS
CVE
CVE
added 2020/08/11 7:28 p.m.112 views

CVE-2020-0248

CVE-2020-0248 is an information-disclosure vulnerability in Android 10 involving the InstantAppNotifier’s postInstantAppNotif path. The root cause is a PendingIntent handling error that enables a local attacker to bypass permissions, leading to local information disclosure without user interactio...

5.5CVSS5AI score0.00173EPSS
CVE
CVE
added 2020/08/11 7:29 p.m.112 views

CVE-2020-0249

CVE-2020-0249 is an Android Framework information-disclosure flaw present in postInstantAppNotif of InstantAppNotifier.java, caused by a PendingIntent error that can enable a local attacker to bypass permissions and access local information. Affected Android versions include 8.0, 8.1, 9, and 10. ...

5.5CVSS5AI score0.00173EPSS
CVE
CVE
added 2020/10/14 1:10 p.m.112 views

CVE-2020-0376

CVE-2020-0376 has concrete details in connected documents: it is an out-of-bounds read due to a missing bounds check affecting MediaTek components in Android, specifically MTK ISP within Android SoC. The root cause is a missing bounds check leading to a possible local information disclosure; expl...

9.4CVSS8.7AI score0.00582EPSS
CVE
CVE
added 2020/10/14 1:5 p.m.112 views

CVE-2020-0378

CVE-2020-0378 affects Android System (PasspointManager.java: onWnmFrameReceived) with a missing permission check that could lead to local information disclosure of location data. Underlying cause is an insufficient permission check in a code path handling Passpoint/WLAN Frame processing. Document...

5.5CVSS5AI score0.00165EPSS
CVE
CVE
added 2020/09/17 3:46 p.m.112 views

CVE-2020-0397

The CVE-2020-0397 entry describes a permission bypass in Android’s CarrierServiceStateTracker.getNotificationBuilder due to an unsafe PendingIntent, enabling local information disclosure with low attack complexity. Affected are Android 8.0–11 variants (Android-8.0, 8.1, 9, 10, 11) per the officia...

5.5CVSS5AI score0.00175EPSS
CVE
CVE
added 2020/11/10 12:47 p.m.112 views

CVE-2020-0418

CVE-2020-0418 affects Android 10 and is tied to a logic error in Utils.java (getPermissionInfosForGroup) that can enable local elevation of privilege. The vulnerability, described as a local EoP with high severity in the 2020-11 Android Bulletin, requires local access but not user interaction to ...

7.8CVSS7.6AI score0.00256EPSS
CVE
CVE
added 2020/11/10 12:47 p.m.112 views

CVE-2020-0443

CVE-2020-0443 affects Android via LocaleList.LocaleList.java. The issue is a forced reboot from an uncaught exception, enabling local DoS with no user interaction required. Affected versions include Android 8.0–11; the vulnerability is listed under the 2020-11-01/11-05 patch levels in the Android...

5.5CVSS5.3AI score0.00328EPSS
CVE
CVE
added 2021/03/10 3:40 p.m.112 views

CVE-2021-0390

CVE-2021-0390 is described as a local elevation-of-privilege issue in Android arising from a missing permission check in multiple methods of WifiNetworkSuggestionsManager.java. The flaw could allow a background user on the same device, with no additional execution privileges, to modify the set of...

7.8CVSS7.6AI score0.00238EPSS
CVE
CVE
added 2021/03/10 3:41 p.m.112 views

CVE-2021-0392

CVE-2021-0392 is documented with concrete details in the connected data: Android platform (versions Android-9, Android-10, Android-11) is affected by a memory corruption due to a double free in main.cpp. This vulnerability is categorized as an Elevation of Privilege (local) with the potential to ...

7.8CVSS7.8AI score0.00245EPSS
CVE
CVE
added 2021/04/13 6:26 p.m.112 views

CVE-2021-0444

CVE-2021-0444 affects Android devices (Android-11, Android-8.1, Android-9, Android-10). In QuickContactActivity.java, onActivityResult returns an extra Intent unnecessarily, leading to local information disclosure of contact data without elevated privileges. Exploitation requires user interaction...

5.5CVSS5.1AI score0.00144EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.112 views

CVE-2021-0472

CVE-2021-0472 concerns a local elevation-of-privilege in Android 9–11 due to a permissions bypass in shouldLockKeyguard (LockTaskController.java) that could allow exiting App Pinning without a PIN and without user interaction. The issue is limited to the Framework component and is described as en...

7.8CVSS7.6AI score0.00204EPSS
CVE
CVE
added 2021/08/17 6:28 p.m.112 views

CVE-2021-0574

The vulnerability CVE-2021-0574 affects the asf extractor in Android (MediaTek components) where an out-of-bounds write occurs due to a missing bounds check. This can lead to local elevation of privilege with no user interaction required; exploitation details are not provided in the documents. Re...

7.8CVSS7.7AI score0.00118EPSS
Total number of security vulnerabilities8153