Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/01/06 3:17 a.m.111 views

CVE-2024-20140

CVE-2024-20140 concerns MediaTek power module code with a missing bounds check, causing an out-of-bounds write. This can enable local escalation of privilege to System level without user interaction, as described across NVD/Red Hat/OSV/NCSC and related advisories. The root cause is an out-of-boun...

6.7CVSS7.3AI score0.0008EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.111 views

CVE-2024-20143

CVE-2024-20143 affects V6 DA with an out-of-bounds write caused by a missing bounds check. The issue could allow local escalation of privilege on devices with physical access and requires user interaction to exploit. Patch ALPS09167056 (MSV-2069) is available. Red Hat and OSV entries corroborate ...

6.6CVSS7.1AI score0.0011EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.111 views

CVE-2024-23711

CVE-2024-23711 describes a logic error in DevmemXIntUnreserveRange within devicemem_server.c that enables arbitrary code execution and local kernel privilege escalation without extra privileges or user interaction. Multiple sources (NVD, Red Hat, OSV) corroborate the same root cause. Impact is hi...

7.8CVSS7.4AI score0.00104EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.111 views

CVE-2024-27233

CVE-2024-27233 affects the ppcfw_init_secpolicy function in ppcfw.c, describing a possible permission bypass caused by uninitialized data that could enable local privilege escalation with no extra privileges and no user interaction. Connected sources (Red Hat, NVD, PRION, CVE listings) corroborat...

7.8CVSS7AI score0.00081EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.111 views

CVE-2024-31311

CVE-2024-31311 affects Google Android; the flaw is an out-of-bounds write in the function increment_annotation_count within stats_event.c, caused by a missing bounds check. This can enable local elevation of privilege with no additional execution privileges and without user interaction. Affected ...

7.8CVSS6.9AI score0.00095EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.111 views

CVE-2024-34733

CVE-2024-34733 involves DevmemXIntMapPages in devicemem_server.c, with an integer overflow that could enable arbitrary code execution and local kernel-level privilege escalation. Exploitation is described as requiring local access with no user interaction. The Red Hat entry confirms the same desc...

8.4CVSS8AI score0.00089EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.111 views

CVE-2024-34734

CVE-2024-34734 describes an Elevation of Privilege in Android related to FooterActionsViewModel.kt (onForegroundServiceButtonClicked): an insecure default value could allow disabling the active VPN from the lockscreen with local impact and no user interaction. The vulnerability is tracked in mult...

7.8CVSS6.8AI score0.00086EPSS
CVE
CVE
added 2017/04/04 4:54 a.m.110 views

CVE-2014-9922

CVE-2014-9922 affects the Linux kernel’s eCryptfs subsystem, where the combination of eCryptfs and an overlayfs stack can let a local user gain privileges. The issue is triggered by a vulnerability in fs/ecryptfs/main.c and fs/overlayfs/super.c, with impact described as local privilege escalation...

9.3CVSS7.2AI score0.01265EPSS
CVE
CVE
added 2020/10/14 1:6 p.m.110 views

CVE-2020-0377

CVE-2020-0377 targets Android Bluetooth stack: in gatt_process_read_by_type_rsp of gatt_cl.cc, a missing bounds check allows an out-of-bounds read, enabling remote information disclosure on Bluetooth servers without extra privileges. Affected: Android 8.0–11 (Android-8.0, 8.1, 9, 10, 11) per the ...

7.8CVSS7AI score0.01891EPSS
CVE
CVE
added 2021/04/13 6:22 p.m.110 views

CVE-2021-0431

CVE-2021-0431 : A vulnerability in Android’s Bluetooth AVRCP API (avrc_api.cc) enables an out-of-bounds read in avrc_msg_cback due to a missing bounds check. This could allow a remote attacker controlling a paired device to disclose memory contents without executing code or requiring user interac...

7.5CVSS7AI score0.01712EPSS
CVE
CVE
added 2021/04/13 6:25 p.m.110 views

CVE-2021-0436

CVE-2021-0436: In CryptoPlugin::decrypt (CryptoPlugin.cpp) on Android, there is a possible out-of-bounds read caused by integer overflow, potentially leading to local information disclosure without extra privileges. Affected: Android devices (Android-8.1, 9, 10, 11). Impact is information disclos...

5.5CVSS5AI score0.00124EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.110 views

CVE-2021-0523

CVE-2021-0523 affects Android (notably Android-10/Android-11) via a tapjacking/overlay fault in WifiScanModeActivity.java that could enable Wi‑Fi scanning without consent, leading to local elevation of privilege with user execution required. Documents confirm the root cause (overlay/tapjacking in...

7.3CVSS7.2AI score0.00118EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.110 views

CVE-2021-0699

Summary (CVE-2021-0699) An out-of-bounds write in HTBLogKM of TBD can lead to local kernel privilege escalation with no user interaction required. Connected sources indicate this vulnerability affects Imagination Technologies’ PowerVR-GPU components (PowerVR-GPU CVE-2021-0699) and is rated High s...

7.8CVSS7.6AI score0.00095EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.110 views

CVE-2021-39719

CVE-2021-39719 affects the Android kernel, specifically the lwis subsystem (lwis_top_register_io in lwis_device_top.c). The issue is described as a possible out-of-bounds write caused by an integer overflow, leading to local elevation of privilege with System execution privileges required. User i...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.110 views

CVE-2021-39727

CVE-2021-39727 describes an information-disclosure vulnerability in Android’s acropora/app/identity/libeic/EicPresentation.c, caused by a race condition in the function eicPresentationRetrieveEntryValue . The issue can enable local information disclosure with System-level privileges and does not ...

4.1CVSS4AI score0.00089EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.110 views

CVE-2022-20436

CVE-2022-20436 is an elevation-of-privilege vulnerability in Android involving an unauthorized service in the system service, where a component lacks permission checks, enabling Local EoP. The core issue is described across multiple sources as an Android/UNISOC Android component vulnerability aff...

7.8CVSS7.5AI score0.00154EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.110 views

CVE-2022-20438

CVE-2022-20438 affects the Android Messaging component. The issue is an unauthorized broadcast in Messaging that can cause a Local Denial of Service. According to the CVE entry, the vulnerability is exploitable with local access (attack vector: LOCAL), requires low privileges, and does not requir...

5.5CVSS5.4AI score0.00113EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.110 views

CVE-2022-26471

CVE-2022-26471 affects MediaTek telephony components. The root cause is a package/parcel format mismatch that enables local privilege escalation with no additional execution privileges or user interaction required. The NVD entry reports a CVSS v3.1 base score of 7.8 (High) with LOCAL attack vecto...

7.8CVSS7.7AI score0.00099EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.110 views

CVE-2022-32599

In CVE-2022-32599, a logic error in MediaTek’s rpmb component could cause an out-of-bounds write, leading to local escalation of privilege with System execution privileges required. The issue is described as a local, non-user-interaction vulnerability with a high-impact potential (confidentiality...

6.7CVSS6.7AI score0.00137EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.110 views

CVE-2022-32601

CVE-2022-32601 is a MediaTek telephony vulnerability caused by a parcel format mismatch that enables local escalation of privilege with no extra execution privileges required. Exploitation is described as local (AV:L, AC:L, PR:L) with no user interaction, and the impact is elevated privileges to ...

7.8CVSS7.7AI score0.00109EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.110 views

CVE-2022-39133

CVE-2022-39133 is described as a missing bounds check in the wlan driver, which could cause a local denial of service in wlan services. The NVD entry lists a CVSSv3.1 base score of 5.5 (Medium), with LOCAL attack vector, LOW attack complexity, LOW privileges required, no user interaction, and an ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.110 views

CVE-2023-20656

CVE-2023-20656 affects MediaTek geniezone: a logic error enables an out-of-bounds write that could allow local escalation of privilege with System privileges required. Public details in the sources indicate no user interaction is necessary. The issue is tracked with ALPS07571494 (Patch ID) and is...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.110 views

CVE-2023-40083

CVE-2023-40083 describes an out-of-bounds read in the Android utility function parse_gap_data (utils.cc). The underlying issue is a missing bounds check, enabling potential local information disclosure. Exploitation requires user privileges but does not require user interaction. Public references...

5.5CVSS5AI score0.00141EPSS
CVE
CVE
added 2023/12/08 3:41 p.m.110 views

CVE-2023-48409

Summary: CVE-2023-48409 affects the Mali KBase GPU kernel module on Google Pixel devices. The vulnerability is described as a possible out-of-bounds write triggered by an integer overflow in the function gpu_pixel_handle_buffer_liveness_update_ioctl within private/google-modules/gpu/mali_kbase/ma...

7.8CVSS7.8AI score0.00115EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.110 views

CVE-2024-20057

CVE-2024-20057 is a MediaTek keyInstall vulnerability caused by a missing bounds check that enables an out-of-bounds write, potentially leading to local privilege escalation with SYSTEM privileges. Exploitation is reported as not requiring user interaction. The issue is associated with MediaTek r...

7.2CVSS7AI score0.00286EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.110 views

CVE-2024-27221

CVE-2024-27221 describes an out-of-bounds write in the update_policy_data function caused by a missing bounds check, enabling local elevation of privilege without user interaction. Public references in the connected documents point to Google Pixel as affected, with the issue categorized as EoP an...

7.8CVSS7AI score0.00088EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.110 views

CVE-2024-27226

CVE-2024-27226 describes an out-of-bounds write in tmu_config_gov_params, caused by a missing bounds check. The vulnerability allows local privilege escalation with no additional privileges or user interaction required. Public references/entries across multiple sources (NVD, Red Hat, CVE list, OS...

8.4CVSS7AI score0.0009EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.110 views

CVE-2024-27237

CVE-2024-27237 involves a logic error in wipe_ns_memory() within nsmemwipe.c that can cause an incorrect size calculation. This flaw permits local information disclosure without requiring elevated privileges or user interaction. The vulnerability is described across multiple sources (NVD/Red Hat/...

5.5CVSS6AI score0.00088EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.110 views

CVE-2024-29757

The CVE-2024-29757 vulnerability is an Elevation of Privilege issue in Google Android Pixel firmware, caused by whitelisting of debugging certificates. Affected component (Pixel Companion) can bypass certain permissions, enabling local escalation of privilege without additional execution privileg...

7.3CVSS7AI score0.00081EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.110 views

CVE-2024-40660

CVE-2024-40660 concerns Android’s SurfaceFlinger.cpp: setTransactionState contains a logic error that can change protected display attributes. The vulnerability enables local escalation of privilege with no extra execution privileges required and no user interaction needed. Evidence across source...

7.8CVSS7.1AI score0.00114EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.109 views

CVE-2014-9900

CVE-2014-9900 affects the Linux kernel (ethtool_get_wol in net/core/ethtool.c) up to version 4.7. It can leak kernel memory due to uninitialized data, enabling local information disclosure. Reported impact seen on Android devices (Nexus 5/2013 era) with Android before 2016-08-05. Public advisorie...

5.5CVSS4.6AI score0.00519EPSS
CVE
CVE
added 2019/06/19 7:52 p.m.109 views

CVE-2019-1990

CVE-2019-1990 affects Android’s Media framework, specifically the ihevcd_fmt_conv_420sp_to_420p path in ihevcd_fmt_conv.c. The issue is an out-of-bounds write caused by a missing bounds check, enabling remote code execution with user interaction required. Affected Android versions: 7.0–9.0. The v...

9.3CVSS8.8AI score0.0137EPSS
CVE
CVE
added 2019/06/19 7:51 p.m.109 views

CVE-2019-2004

CVE-2019-2004 describes an information-disclosure flaw in Android’s framework via InputTransport.cpp (in publishKeyEvent, publishMotionEvent, and sendUnchainedFinishedSignal) caused by uninitialized data. The issue enables local information disclosure without user interaction and affects Android ...

5.5CVSS5.2AI score0.0017EPSS
CVE
CVE
added 2019/06/19 7:53 p.m.109 views

CVE-2019-2006

CVE-2019-2006 affects Android 9 where a memory corruption via use-after-free in the HalDeathHandlerHidl.cpp serviceDied can lead to local escalation of privilege in the audio server. Exploitation requires no user interaction; privileges required are NONE. The issue is categorized as Elevation of ...

10CVSS8.5AI score0.00716EPSS
CVE
CVE
added 2020/12/14 10:7 p.m.109 views

CVE-2020-0016

CVE-2020-0016 concerns Broadcom Nexus firmware where an insecure default password in the Broadcom middleware could permit local escalation of privilege in the kernel without user interaction. Affected context is tied to Android devices/SoCs using this firmware; exploitation is described as local,...

7.8CVSS7.6AI score0.00167EPSS
CVE
CVE
added 2020/09/17 3:43 p.m.109 views

CVE-2020-0393

CVE-2020-0393 affects Android during 9–11 in the Media Framework: decrypt and decrypt_1_2 in CryptoPlugin.cpp allow an out-of-bounds read due to a missing bounds check, enabling local information disclosure without user interaction. The issue is documented in multiple sources (NVD/NVD CVSS detail...

5.5CVSS5AI score0.00158EPSS
CVE
CVE
added 2020/09/17 3:43 p.m.109 views

CVE-2020-0395

CVE-2020-0395 affects Google/Android platforms (Android 8.0–11) in the EmergencyCallbackModeService.showNotification path. The root cause is an unsafe PendingIntent that enables a possible permission bypass, leading to local information disclosure under user privileges without user interaction. A...

5.5CVSS5AI score0.00175EPSS
CVE
CVE
added 2020/09/17 3:41 p.m.109 views

CVE-2020-0407

The CVE-2020-0407 entry concerns Android kernel/F2FS encryption where hardware that supports only 32-bit IVs leads to truncation to 32 bits for 64-bit IVs in certain implementations. This IV truncation can cause IV reuse, weakening disk encryption and potentially enabling local information disclo...

4.4CVSS4.3AI score0.00108EPSS
CVE
CVE
added 2021/02/10 4:49 p.m.109 views

CVE-2021-0335

CVE-2021-0335 affects Google's Android 11 Media Framework. The vulnerability arises from an out-of-bounds write in C2SoftHevcDec.cpp caused by a use-after-free, enabling remote information disclosure without additional execution privileges. Exploitation requires user interaction. The issue is doc...

6.5CVSS6.2AI score0.00842EPSS
CVE
CVE
added 2021/03/10 3:37 p.m.109 views

CVE-2021-0395

CVE-2021-0395 affects Android 11 in StopServicesAndLogViolations (reboot.cpp): memory corruption via use-after-free, enabling local privilege escalation with no additional execution privileges and no user interaction. Exploitation status not detailed in the provided documents. The issue is addres...

7.8CVSS7.8AI score0.00127EPSS
CVE
CVE
added 2021/04/13 6:19 p.m.109 views

CVE-2021-0446

CVE-2021-0446 affects Android 11, specifically the ImportVCardActivity. The vulnerability allows bypassing user consent via a tapjacking/overlay attack, enabling local escalation of privilege with user-execution privileges needed. The exploit requires user interaction. Root cause is an overlay-ba...

7.3CVSS7.3AI score0.00117EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.109 views

CVE-2021-0466

CVE-2021-0466 is an Android 10 information-disclosure vulnerability. It resides in startIpClient of ClientModeImpl.java and could expose a device identifier to a proximal attacker without remote code execution or user interaction. The Red Hat and NVD entries confirm the issue affects Android 10 a...

7.5CVSS7.1AI score0.01441EPSS
CVE
CVE
added 2021/06/14 7:35 p.m.109 views

CVE-2021-0467

CVE-2021-0467 affects Chromecast bootROM with an out-of-bounds write caused by an incorrect bounds check. This allows local escalation of privilege in the bootloader with physical USB access and no user interaction. The Android bulletin notes fixes at 2021-05-01/2021-05-05 patch levels; no exploi...

6.8CVSS6.6AI score0.00127EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.109 views

CVE-2021-0650

CVE-2021-0650 : In WT_InterpolateNoLoop of eas_wtengine.c, an incorrect bounds check allows an out-of-bounds read, potentially enabling remote information disclosure without extra privileges. Affected: Android 9–11 (as listed). Exploitation requires user interaction. No exploit details provided; ...

7.1CVSS6.1AI score0.00926EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.109 views

CVE-2021-0799

CVE-2021-0799 affects Android 12. In ActivityThread.java, there is a reported vulnerability allowing collision of the content provider’s authorities, enabling local elevation of privilege with no extra execution privileges required. Impact is described as local privilege escalation; exploitation ...

7.8CVSS7.6AI score0.0012EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.109 views

CVE-2021-0879

CVE-2021-0879 involves the PVRSRVBridgeRGXTDMSubmitTransfer path of the PowerVR kernel driver. A missing size check enables a potential integer overflow, leading to out-of-bounds heap access. This could allow local escalation of privilege without additional execution privileges and without user i...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2023/06/15 12:0 a.m.109 views

CVE-2021-0945

CVE-2021-0945 concerns the PowerVR kernel driver (Imagination Technologies) where a missing bounds check in PMRCreate can overwrite heap memory via PhysmemNewRamBackedPMR. This vulnerability could enable local escalation of privilege with no extra execution privileges required and no user interac...

9.8CVSS8.5AI score0.00316EPSS
CVE
CVE
added 2022/08/11 2:58 p.m.109 views

CVE-2022-20158

CVE-2022-20158 affects the Android kernel in the backing-dev.c component (bdi_put and bdi_unregister). The issue is a use-after-free leading to memory corruption, with the documented impact of local privilege escalation to SYSTEM level. Exploitation is described as local (AV:L, UI:N) with no user...

6.7CVSS6.7AI score0.00117EPSS
CVE
CVE
added 2022/01/21 6:17 p.m.109 views

CVE-2022-23728

CVE-2022-23728 concerns an LG smartphone vulnerability where an attacker can reset the device using AT Command during the reboot process (LG ID LVE-SMP-210011). The CVSSv3.1 vector indicates physical access, low complexity, no privileges required, and no user interaction, with impact on integrity...

6.6CVSS6.3AI score0.00104EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.109 views

CVE-2022-26472

The CVE-2022-26472 entry describes a local elevation of privilege in MediaTek IMS due to a parcel format mismatch. Affected component: ims on MediaTek chips; root cause: parcel format mismatch enabling local EoP with no user interaction and no additional execution privileges required (per the ini...

7.8CVSS7.7AI score0.00138EPSS
Total number of security vulnerabilities8153