Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/07/14 1:46 p.m.112 views

CVE-2021-0603

The CVE-2021-0603 entry describes a local elevation-of-privilege vulnerability in Android 11 affecting the ContactSelectionActivity.java onCreate path. A tapjacking/overlay scenario could allow a non-privileged app to gain access to contacts without user-permission, requiring user interaction for...

7.8CVSS7.6AI score0.00124EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.112 views

CVE-2021-0702

CVE-2021-0702 affects Android 11 in the Framework component tied to apexd.cpp RevertActiveSessions, enabling local information disclosure via an unintentional MediaStore downgrade. Exploitation requires user interaction, with the issue rated at MEDIUM severity (CVSSv3.1) and LOW/Med in CVSS2 depe...

5.5CVSS5.2AI score0.00124EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.112 views

CVE-2021-0969

The CVE-2021-0969 entry relates to a missing null check in AccessPoint.java:getTitle, causing a possible unhandled exception and remote DoS if a nearby Wi‑Fi AP provides invalid information. Affected product: Android (Android-10 and Android-11). Exploitation requires user interaction per the desc...

6.5CVSS6.4AI score0.00563EPSS
CVE
CVE
added 2022/01/14 7:10 p.m.112 views

CVE-2021-1049

CVE-2021-1049 affects Android via Unisoc components (slogmodem) in the Android SoC stack. The vulnerability is classified as High severity in the NVD entry, with CVSS v3.1/3.0 impacting network-based access with likely elevation of privileges or data disclosure, per associated entries. The connec...

10CVSS9.1AI score0.00666EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.112 views

CVE-2021-39729

The CVE-2021-39729 issue affects the TitanM chip in Android, caused by a missing bounds check that enables an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required, and exploitation does not require user interaction. Documents consistently desc...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.112 views

CVE-2021-39730

CVE-2021-39730 affects the Android kernel as described in multiple sources. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially allowing local information disclosure with system execution privileges. Exploitation requires local access; no user interaction is r...

4.4CVSS4.3AI score0.00107EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.112 views

CVE-2021-39734

CVE-2021-39734 is an Elevation of Privilege in Google Android telephony logic related to RCS messaging. The issue is described as stemming from a missing permission check in OneToOneChatImpl.java that could allow sending an RCS message without required permissions, enabling local privilege escala...

7.8CVSS7.6AI score0.00098EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.112 views

CVE-2022-20387

CVE-2022-20387 is listed in multiple sources as affecting Android on Unisoc Android SoC components. A connected Prion entry explicitly labels it as a “Code injection” issue, while the NVD/NVD-derived summaries indicate Android SoC/Android as the affected context with high-severity implications in...

9.8CVSS9AI score0.0042EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.112 views

CVE-2022-20440

CVE-2022-20440 affects Android’s Messaging component, where an unauthorized broadcast could lead to a Local Denial of Service. The issue is documented across multiple feeds (NVD/RH/NCSC/PT-PCI/etc.) with no specific exploit details provided in these excerpts. The Android Security Bulletin outline...

5.5CVSS5.5AI score0.0011EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.112 views

CVE-2022-22266

Technical details about CVE-2022-22266 are not publicly available in the connected documents; the description provided is the extent of information here. Monitor for updates.

4CVSS4AI score0.00102EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.112 views

CVE-2022-32594

CVE-2022-32594 concerns the Widevine component with an out-of-bounds write caused by an incorrect bounds check. Reported impact is local escalation of privileges requiring System execution privileges, with no user interaction needed. Connected sources confirm a patch exists (ALPS07446207/ALPS0744...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.112 views

CVE-2022-32596

CVE-2022-32596 describes an out-of-bounds write in Widevine caused by an incorrect bounds check, enabling possible local escalation to System privileges. Exploitation is described as requiring no user interaction (ATT&CK-like vector: local) with high confidentiality, integrity, and availability i...

6.7CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.112 views

CVE-2022-44428

CVE-2022-44428 affects the wlan driver and is tied to a missing bounds check, enabling local denial of service in wlan services. Documents consistently describe the vulnerability as a local issue with a base score of 5.5 (MEDIUM) and local attack vector, but do not provide concrete exploit detail...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.112 views

CVE-2022-44436

CVE-2022-44436 describes a missing permission check in the Android messaging service, enabling a local denial-of-service in the contacts service with no extra execution privileges required. Root cause: permission verification gap in the messaging component. Impact: local DoS; no remote code execu...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.112 views

CVE-2022-47488

CVE-2022-47488 affects the spipe drive component in Unisoc chipsets, with an out-of-bounds write caused by a missing bounds check that could enable local DoS with system execution privileges. The connected documents confirm the issue but provide no publicly available fix/version details; some sou...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.112 views

CVE-2023-21058

CVE-2023-21058 concerns the Android kernel component lcsm_bcm_assist.c (function lcsm_SendRrAcquiAssist ). A missing bounds check can cause an out-of-bounds write, leading to remote code execution with no additional privileges and no user interaction required. The description in the connected OSV...

9.8CVSS9.2AI score0.00489EPSS
CVE
CVE
added 2023/07/12 11:24 p.m.112 views

CVE-2023-21241

CVE-2023-21241 describes an out-of-bounds write caused by an integer overflow in rw_i93_send_to_upper() within rw_i93.cc, enabling local privilege escalation with no extra execution privileges or user interaction. Public docs consistently tie this to Android components and patch-level fixes. The ...

7.8CVSS7.8AI score0.00099EPSS
CVE
CVE
added 2023/07/12 11:25 p.m.112 views

CVE-2023-21243

CVE-2023-21243 is a buffer overflow in the Android PasspointConfiguration.java code path (validateForCommonR1andR2) that can inflate a config file’s size without limits, enabling a local denial-of-service condition. Exploitation requires user interaction, and exploitation status is not indicated ...

5.5CVSS5.5AI score0.00108EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.112 views

CVE-2023-32873

The CVE-2023-32873 issue affects MediaTek’s keyInstall module, where a missing bounds check enables an out-of-bounds write that could lead to local escalation of privilege with SYSTEM privileges. Exploitation details are not provided in the connected documents. Impact is described as requiring no...

6.7CVSS7AI score0.00085EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.112 views

CVE-2024-20026

CVE-2024-20026 affects the MediaTek MediaTek MTK da module (as indicated by multiple feeds) and is caused by improper input validation in the da component. The flaw could allow local information disclosure with system execution privileges required for exploitation, and no user interaction is need...

4.2CVSS6AI score0.00083EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.112 views

CVE-2024-20104

CVE-2024-20104 affects MediaTek DA (the DA component in MediaTek chipsets). It describes an out-of-bounds write due to a missing bounds check, potentially enabling local privilege escalation without additional execution privileges; user interaction is required to exploit. The entry cites patch AL...

8.4CVSS7.2AI score0.00089EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.112 views

CVE-2024-25985

The CVE-2024-25985 issue affects the bigo_unlocked_ioctl path in bigo.c, described as a Use-After-Free caused by a missing bounds check. The impact is local privilege escalation with high severity (CVSS: LOCAL, NONE user interaction). Documents in multiple feeds (NVD, Red Hat, PRION, OSV) consist...

8.4CVSS7AI score0.0009EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.112 views

CVE-2024-27210

CVE-2024-27210 involves an out-of-bounds write in the policy_check function of fvp.c that can enable local privilege escalation with no user interaction. The vulnerability is associated with Google Pixel/Android components per multiple sources, but none of the connected documents provide concrete...

7.8CVSS7AI score0.0008EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.112 views

CVE-2024-27219

CVE-2024-27219 concerns a vulnerability in the tmu_set_pi function of tmu.c where a missing bounds check allows an out-of-bounds write. The issue enables local privilege escalation with no additional execution privileges required and does not require user interaction. Public technical details in ...

8.4CVSS7AI score0.00107EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.112 views

CVE-2024-27234

CVE-2024-27234 describes an out-of-bounds read in the function family 'fvp_set_target' in fvp.c due to a missing bounds check. This leads to potential local information disclosure without extra execution privileges or user interaction. The provided documents do not specify affected product versio...

5.9CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.112 views

CVE-2024-31322

Summary of CVE-2024-31322 : In Android’s AccessibilityManagerService.updateServicesLocked, improper input validation can let an app be hidden from Settings while still retaining the Accessibility Service, enabling local elevation of privilege with no extra execution privileges required. Exploitat...

7.8CVSS6.8AI score0.00103EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.112 views

CVE-2024-34720

CVE-2024-34720 affects Google Android: a logic error in com_android_internal_os_ZygoteCommandBuffer.cpp (ZygoteCommandBuffer.nativeForkRepeatedly) may enable arbitrary code execution in any app’s zygote processes, causing local privilege escalation with no extra privileges or user interaction req...

7.8CVSS7.5AI score0.00108EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.112 views

CVE-2024-34732

This CVE (CVE-2024-34732) concerns the Android kernel’s RGXMMUCacheInvalidate routine in rgxmem.c, where a race condition can enable arbitrary code execution and local privilege escalation without extra privileges or user interaction. The vulnerability description is consistently reported across ...

8.4CVSS8AI score0.00073EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.112 views

CVE-2024-40655

CVE-2024-40655 is an Android framework issue in the CallScreeningServiceHelper.java, where a permissions bypass could allow maintaining a while-in-use permission in the background, enabling local elevation of privilege with no extra execution privileges. Exploitation requires user interaction. Th...

7.8CVSS7.1AI score0.0008EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.112 views

CVE-2024-40662

CVE-2024-40662 affects the Android framework Uri.java, where improper input validation in the scheme handling can allow crafting a malformed Uri object. The result is local privilege escalation with no additional privileges or user interaction required. The CVSS v3.1 score is 7.8 (HIGH) with LOCA...

7.8CVSS7.2AI score0.00098EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.112 views

CVE-2024-40670

CVE-2024-40670 affects PowerVR-GPU (Imagination Technologies) as documented in the Android bulletin. The issue is described as a use-after-free caused by a race condition, enabling local elevation of privilege with no user interaction. The CVSS v3.1 base score is 8.4 (HIGH) with local attack vect...

8.4CVSS7.5AI score0.00082EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.111 views

CVE-2018-9385

CVE-2018-9385 affects the Linux/Android kernel: in driver_override_store of bus.c there is an out-of-bounds write due to an incorrect bounds check, enabling local privilege escalation with SYSTEM privileges. Exploitation reportedly does not require user interaction. Connected advisories (Unity Li...

7.8CVSS7.4AI score0.00255EPSS
CVE
CVE
added 2020/01/08 6:25 p.m.111 views

CVE-2020-0001

CVE-2020-0001 affects Android’s framework (ActivityManagerService.java, getProcessRecordLocked). The issue arises from improper handling of isolated apps, enabling local escalation of privilege without extra execution privileges. Impact is described as local elevation of privilege with high confi...

7.8CVSS7.7AI score0.00399EPSS
CVE
CVE
added 2020/09/17 3:42 p.m.111 views

CVE-2020-0399

The CVE-2020-0399 issue affects Android devices and stems from an unsafe PendingIntent in NotificationMgr.java’s showLimitedSimFunctionWarningNotification. This could allow a local permission bypass and local information disclosure without user interaction, affecting Android 8.0–11. The NVD entry...

5.5CVSS5AI score0.00183EPSS
CVE
CVE
added 2020/10/14 1:4 p.m.111 views

CVE-2020-0410

CVE-2020-0410: In SapServer.java setNotification, a PendingIntent misconfiguration enables a local permission bypass that could lead to information disclosure with user privileges; exploitation requires no user interaction. Affected: Android 8.0–11 (per CVE entry). Impact: partial confidentiality...

5.5CVSS5AI score0.00157EPSS
CVE
CVE
added 2021/07/14 1:43 p.m.111 views

CVE-2020-0417

The CVE-2020-0417 entry describes a local elevation-of-privilege in Android related to GpsNetInitiatedHandler.setNiNotification. The underlying issue is an empty mutable PendingIntent that permits a permissions bypass. Affected Android versions are 8.1, 9, and 10. Exploitation is described as pos...

7.8CVSS7.7AI score0.00137EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.111 views

CVE-2021-0331

CVE-2021-0331 describes an overlay/tapjacking-type vulnerability in Android’s NotificationAccessConfirmationActivity.java. In onCreate, an insecure default value enables a possible overlay attack that could lead to local elevation of privilege and notification access with User execution privilege...

7.3CVSS7.2AI score0.00275EPSS
CVE
CVE
added 2021/04/13 6:17 p.m.111 views

CVE-2021-0443

CVE-2021-0443 : Apple Android flaw affecting ScreenshotHelper.java and related files where a race condition can cause an incorrectly saved screenshot, enabling local information disclosure across user profiles. Exploitation requires user interaction; impact is information disclosure with no extra...

4.7CVSS4.3AI score0.00132EPSS
CVE
CVE
added 2021/10/22 1:27 p.m.111 views

CVE-2021-0705

CVE-2021-0705 concerns the Android Framework component, specifically in sanitizeSbn of NotificationManagerService.java. The connected documents describe a vulnerability where an attacker could bypass Background Service Restrictions to keep a service running in the foreground while retaining grant...

7.8CVSS7.3AI score0.00251EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.111 views

CVE-2021-0925

CVE-2021-0925 is associated with Google Android 12. The vulnerability occurs in rw_t4t_sm_detect_ndef (rw_t4t.cc) and is an out-of-bounds read caused by an incorrect bounds check, leading to potential remote information disclosure without extra execution privileges or user interaction. Documents ...

7.8CVSS7AI score0.00956EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.111 views

CVE-2021-0926

CVE-2021-0926 is a vulnerability in the Android NFC path found in onCreate of NfcImportVCardActivity.java, where a missing permission check enables adding a contact without user consent. This constitutes a local elevation of privilege because it does not require additional execution privileges an...

7.8CVSS7.6AI score0.00115EPSS
CVE
CVE
added 2022/08/24 1:38 p.m.111 views

CVE-2021-0946

CVE-2021-0946 concerns a kernel information disclosure in Android via the PowerVR PVRSRVBridgePMRPDumpSymbolicAddr path. The vulnerable sequence allocates a heap buffer (puiMemspaceNameInt), fills it through PMR_PDumpSymbolicAddr, and copies the buffer to userspace. If PMR_PDumpSymbolicAddr fails...

7.5CVSS7.4AI score0.00272EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.111 views

CVE-2021-0958

CVE-2021-0958 affects Android 11 and 12, with a logic error in km_compat.cpp that could lead to a loss of potentially sensitive data and a local denial of service. Exploitation requires no user interaction, and the issue can be triggered locally with user privileges. The Red Hat/NVD entries corro...

4.4CVSS4.8AI score0.00107EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.111 views

CVE-2021-39792

CVE-2021-39792 concerns the Android kernel, specifically the function usb_gadget_giveback_request in core.c. It describes a race condition that can cause a use-after-free and an out-of-bounds read, potentially leading to local information disclosure with SYSTEM privileges required. No user intera...

4.1CVSS4AI score0.00089EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.111 views

CVE-2022-20388

CVE-2022-20388 affects Android SoC Unisoc components (Android platform) with high severity (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The Unisoc Android entry indicates this is an Android SoC issue with no public exploit details provided in the connected docs. The CVE is listed under the 20...

9.8CVSS9AI score0.0042EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.111 views

CVE-2022-39130

CVE-2022-39130 describes a possible out-of-bounds write in the face detect driver due to a missing bounds check, which could lead to local denial of service in the kernel. Public references in the provided documents identify the vulnerability across multiple sources (NVD entry and CVE record), wi...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.111 views

CVE-2022-47338

CVE-2022-47338 describes a missing permission check in the telecom service, leading to a local Denial of Service. Public sources consistently state the issue affects UNISOC/Android telecom components, with the impact described as local DoS and no remote exploit details provided in the supplied do...

7.1CVSS6.6AI score0.00088EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.111 views

CVE-2023-21054

CVE-2023-21054 affects the Android kernel, specifically the EUTRAN_LCS_ConvertLCS_MOLRReq path in LPP_CommonUtil.c. A logic error can cause an out-of-bounds write, which could lead to remote code execution with System-level privileges. No user interaction is required. Exploitation status and in-t...

7.2CVSS7.3AI score0.00539EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.111 views

CVE-2023-40089

CVE-2023-40089 concerns Android’s DevicePolicyManagerService.java, where getCredentialManagerPolicy can let a user select credential providers without proper permission checks. This enables local elevation of privilege with no extra execution privileges and no user interaction required. The Andro...

7.8CVSS7.7AI score0.00116EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.111 views

CVE-2024-20025

MediaTek da module vulnerability CVE-2024-20025: out-of-bounds write caused by an integer overflow, enabling local escalation to SYSTEM privileges with no user interaction. Patch ALPS08541686/Issue ALPS08541686 is listed as the fix. Multiple connected sources reiterate the same description; no ex...

6.7CVSS7AI score0.00087EPSS
Total number of security vulnerabilities8153