Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/06/21 4:1 p.m.107 views

CVE-2021-0504

CVE-2021-0504 describes an out-of-bounds read in the Bluetooth AVRCP parser (avrc_pars_browse_rsp in avrc_pars_ct.cc) due to a missing bounds check. This could enable remote information disclosure on Android 11 devices without additional execution privileges and with no user interaction (attack v...

6.5CVSS6.1AI score0.00281EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.107 views

CVE-2021-0921

CVE-2021-0921 is a Android 11 elevation-of-privilege issue in ParsingPackageImpl.java caused by an input validation mismatch during parcel serialization/deserialization. The vulnerability enables local attackers to gain additional privileges with no user interaction required. Multiple connected s...

7.8CVSS7.7AI score0.00127EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.107 views

CVE-2021-0927

CVE-2021-0927 describes a local elevation-of-privilege in Android’s TvInputManagerService, triggered by a logic error in requestChannelBrowsable. The vulnerability affects Android 8.1, 9, 10, 11 and 12 and could allow a local attacker to bypass permissions with no user interaction. Public documen...

7.8CVSS7.7AI score0.00128EPSS
CVE
CVE
added 2022/02/11 5:41 p.m.107 views

CVE-2021-39688

The CVE-2021-39688 entry concerns the Android kernel, with an out-of-bounds read vulnerability that could allow local information disclosure without requiring additional privileges and without user interaction. The affected area is described as Android kernel components, affecting Android-based d...

5.5CVSS5.1AI score0.00111EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.107 views

CVE-2021-39749

CVE-2021-39749 affects Android 12L WindowManager; it allows starting non-exported/protected activities due to a missing permission check, enabling local privilege escalation with no additional privileges and no user interaction. A PoC demonstrates cross-app activity startup via TaskFragment/Choos...

7.8CVSS7.8AI score0.00192EPSS
CVE
CVE
added 2022/06/15 1:17 p.m.107 views

CVE-2021-39806

CVE-2021-39806 affects Android 12L, with a memory corruption risk due to a double free in closef of label_backends_android.c. The issue could enable local escalation of privilege during servicemanager startup if an initialization failure is triggered, with no additional execution privileges requi...

7.8CVSS7.7AI score0.00104EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.107 views

CVE-2022-20205

CVE-2022-20205 describes an information-disclosure issue in Android where isFileUri in FileUtil.java may bypass the file:// scheme check due to improper input validation. The vulnerability allows local information disclosure without extra privileges, with exploitation not requiring user interacti...

5.5CVSS5.1AI score0.0011EPSS
CVE
CVE
added 2022/09/13 7:14 p.m.107 views

CVE-2022-20389

CVE-2022-20389 is tied to Android SoC/Unisoc components. The connected documents specify affected areas as Android SoC and Unisoc Android components, with a high severity rating (CVE-2022-20389) and no publicly disclosed exploit details in the provided sources. There are no vendor/product version...

9.8CVSS9AI score0.0042EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.107 views

CVE-2022-20586

CVE-2022-20586 describes an elevation of privilege in the Android kernel due to improper input validation in the function valid_out_of_special_sec_dram_addr within drm_access_control.c. The vulnerability could allow local escalation of privilege without any additional execution privileges, with a...

7.8CVSS7.7AI score0.00125EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.107 views

CVE-2022-44426

CVE-2022-44426 describes a local denial-of-service condition due to a missing bounds check in the WLAN driver. The primary impact is local DoS in WLAN services; exploitation details are not provided in the sources. CVSSv3.1 metrics from the NVD indicate a base score of 5.5 (Medium) with LOCAL acc...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.107 views

CVE-2023-20698

CVE-2023-20698 affects MediaTek "keyinstall" with an out-of-bounds read caused by a missing bounds check. Impact is local information disclosure with system privileges needed; no user interaction. Patch ALPS07589144 addresses the issue. Connected sources consistently reference keyinstall across m...

4.4CVSS4.2AI score0.00091EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.107 views

CVE-2023-21162

CVE-2023-21162 affects the PowerVR GPU driver (Imagination Technologies) via RGXUnbackingZSBuffer in rgxta3d.c. The issue is a use-after-free that could enable arbitrary code execution and local kernel privilege escalation without extra interaction. Public exploitation details aren’t provided in ...

9.8CVSS8.8AI score0.00414EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.107 views

CVE-2023-32836

The CVE-2023-32836 entry relates to MediaTek ALPS08126725 affecting the display component. The root cause is an integer overflow leading to an out-of-bounds write, enabling local escalation of privilege with System privileges required; no user interaction is needed. Patch ALPS08126725 is referenc...

6.7CVSS6.7AI score0.00085EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.107 views

CVE-2024-20100

CVE-2024-20100 concerns a possible out-of-bounds write in the MediaTek wlan driver, caused by improper input validation. The issue could allow remote code execution with no privileges or user interaction required. Connected sources consistently identify the affected component as the MediaTek WLAN...

9.8CVSS7.9AI score0.00323EPSS
CVE
CVE
added 2024/09/27 7:37 a.m.107 views

CVE-2024-39432

CVE-2024-39432 affects Unisoc UMTS RLC driver; root cause is a missing bounds check causing an out-of-bounds read. According to Red Hat and NVD entries, this can lead to remote DoS with system privileges. PT-2024-9414 adds that exploitation could enable remote code execution and full system compr...

8.3CVSS7AI score0.00176EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.107 views

CVE-2024-43085

The CVE-2024-43085 entry concerns Android’s UsbDeviceManager.java: In handleMessage a logic error could allow local privilege escalation by reading device contents over USB without unlocking, with no user interaction required. Affected component is the Android USB subsystem; impact is local eleva...

7.8CVSS7.3AI score0.00112EPSS
CVE
CVE
added 2020/02/21 1:38 a.m.106 views

CVE-2014-7914

The CVE-2014-7914 entry concerns the Android Bluetooth stack (btif_dm.c) prior to version 5.1. The root cause is improper enforcement of the temporary nature of Bluetooth pairing, which can be bypassed by an attacker via crafted Bluetooth packets after a user taps a crafted NFC tag. Documented im...

8.1CVSS7.8AI score0.00475EPSS
CVE
CVE
added 2019/06/19 7:51 p.m.106 views

CVE-2019-2005

CVE-2019-2005 affects Android 8.0–9, where in onPermissionGrantResult of GrantPermissionsActivity.java a missing permission check can lead to a local elevation of privilege on a locked device. Exploitation requires user interaction; no additional execution privileges are needed. NVD lists CVSSv3 ...

8.8CVSS8.2AI score0.00644EPSS
CVE
CVE
added 2020/12/14 10:7 p.m.106 views

CVE-2020-0019

CVE-2020-0019 affects Broadcom Nexus firmware in Android SoCs, where an insecure default password may allow local information disclosure in the kernel without extra privileges or user interaction. Exploitation is local; impact is confidentiality loss as described by CVSS metrics. The available do...

5.5CVSS5AI score0.00166EPSS
CVE
CVE
added 2020/05/14 8:9 p.m.106 views

CVE-2020-0096

CVE-2020-0096 is an Android local privilege-escalation (StrandHogg 2.0) rooted in startActivities of ActivityStartController.java. The flaw allows a confused deputy to execute code with a privileged context on Android 8.0–9.0, with no user interaction required. Affected products/versions are Andr...

7.8CVSS7.6AI score0.00631EPSS
CVE
CVE
added 2020/08/11 7:30 p.m.106 views

CVE-2020-0251

CVE-2020-0251 : An out-of-bounds read due to an incorrect bounds check in the Android Multimedia Processing Driver (Android SoC). Per the CVE entry, it is rated HIGH (CVSS v3.1 base 7.5). Connected documents corroborate the component as the Multimedia Processing Driver in Android; no exploitation...

7.8CVSS7.3AI score0.00486EPSS
CVE
CVE
added 2020/09/18 3:22 p.m.106 views

CVE-2020-0294

CVE-2020-0294 affects Android; in WallpaperManagerService.bindWallpaperComponentLocked there is a permission bypass caused by an unsafe PendingIntent. The issue allows local elevation of privilege with user privileges required, and does not require user interaction. Affected Android versions incl...

5.5CVSS5.7AI score0.00168EPSS
CVE
CVE
added 2020/09/17 3:48 p.m.106 views

CVE-2020-0386

CVE-2020-0386 concerns an Elevation of Privilege in Android related to a tapjacking risk in RequestPermissionActivity.java. The issue arises in onCreate where an insecure default value could enable a local attacker to manipulate Bluetooth discoverability, requiring user interaction for exploitati...

5.5CVSS5.6AI score0.00385EPSS
CVE
CVE
added 2020/11/10 12:49 p.m.106 views

CVE-2020-0441

CVE-2020-0441 affects Android framework’s Notification.java (Message and toBundle) where improper input validation can cause resource exhaustion and remote DoS without user interaction. Affected: Android 8.0–11 (Android-8.0, -8.1, -9, -10, -11). Impact: denial of service requiring device reset as...

7.8CVSS7.4AI score0.01076EPSS
CVE
CVE
added 2020/12/14 9:53 p.m.106 views

CVE-2020-0457

CVE-2020-0457 is an out-of-bounds write due to a missing bounds check affecting Android devices, with a specific association to MediaTek components (vcu) in the 2020 Android security bulletin set. Connected sources indicate the issue is documented across NVD, Red Hat, CVE records, and OSV entries...

9.8CVSS9AI score0.00654EPSS
CVE
CVE
added 2021/04/13 6:24 p.m.106 views

CVE-2021-0471

CVE-2021-0471 : In Android, the decrypt_1_2 function in CryptoPlugin.cpp can trigger an out-of-bounds read due to an integer overflow, leading to local information disclosure without extra privileges or user interaction. Affected: Android 8.1, 9, 10, 11. No public details in the connected docs sp...

5.5CVSS5AI score0.00124EPSS
CVE
CVE
added 2021/10/06 2:10 p.m.106 views

CVE-2021-0686

CVE-2021-0686 affects Android 10/11 and involves RoleManagerService.getDefaultSmsPackage. A missing permission check could allow a local attacker to disclose information about the default SMS app for a different device user without user interaction. The vulnerability enables local information dis...

5.5CVSS5AI score0.00104EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.106 views

CVE-2021-0881

CVE-2021-0881 describes an integer overflow in the PowerVR kernel driver component PVRSRVBridgeRGXKickCDM that occurs due to a missing size check. This can enable out-of-bounds heap access and lead to local escalation of privilege without extra execution privileges or user interaction. The vulner...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.106 views

CVE-2021-0932

CVE-2021-0932 affects Android 10 via an unsafe PendingIntent in showNotification (NavigationModeController.java), enabling a possible confused deputy and local elevation of privilege with actions executed as the System UI, without user interaction. Public details consistently reference the same r...

7.8CVSS7.6AI score0.00121EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.106 views

CVE-2021-39656

CVE-2021-39656 affects the Linux kernel used by Android. A use-after-free in __configfs_open_file (file.c) arises from improper locking, enabling local privilege escalation with kernel execution privileges; no user interaction is required. The vulnerability is documented in upstream kernel refere...

6.7CVSS6.8AI score0.0012EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.106 views

CVE-2021-39687

Summary: CVE-2021-39687 affects Android kernel code in the driver path, specifically the HandleTransactionIoEvent in the actuator_driver.cc. The issue is a possible out-of-bounds read caused by a heap buffer overflow, which can lead to a local information disclosure without requiring user interac...

5.5CVSS5.3AI score0.00117EPSS
CVE
CVE
added 2022/05/03 8:6 p.m.106 views

CVE-2022-21743

CVE-2022-21743 affects the component referenced as ion , where an integer overflow can trigger a use-after-free vulnerability. This leads to potential local privilege escalation without requiring additional execution privileges or user interaction (per the provided descriptions). The issue is doc...

7.8CVSS7.7AI score0.00107EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.106 views

CVE-2022-39132

CVE-2022-39132 describes a probable out-of-bounds write in the kernel camera driver caused by a missing bounds check, enabling a local denial of service. The affected component is the camera driver; the root cause is an unchecked input/buffer access leading to memory write beyond bounds. The impa...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.106 views

CVE-2022-42770

CVE-2022-42770 describes a race condition in the WLAN driver that could cause a local denial of service. The vulnerability is referenced across multiple advisories (e.g., Red Hat CVE entry, NVD entry, and Unisoc/kernel listings) and is labeled with a MEDIUM severity (CVSSv3.1: 4.7; LOCAL access, ...

4.7CVSS4.6AI score0.00062EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.106 views

CVE-2022-48455

CVE-2022-48455 is a local vulnerability described as a possible out-of-bounds write in the wifi service due to a missing bounds check, leading to local denial of service without extra privileges. The primary sources (NVD/NVD-derived entries) show a CVSS v3.1 base score of 5.5 (Medium) with Local ...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.106 views

CVE-2023-20697

CVE-2023-20697 affects MediaTek devices via the keyinstall module, due to a missing bounds check that enables an out-of-bounds read. This can lead to local information disclosure with System privileges required; exploitation does not require user interaction. The patch referenced is ALPS07589148 ...

4.4CVSS4.2AI score0.00091EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.106 views

CVE-2023-21215

CVE-2023-21215 relates to a race condition in the PowerVR GPU driver (DevmemIntAcquireRemoteCtx in devicemem_server.c) that can allow arbitrary code execution and local kernel privilege escalation without user interaction. The available connected records confirm the vulnerability and its impact b...

9.8CVSS8.8AI score0.00414EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.106 views

CVE-2023-32835

CVE-2023-32835 affects MediaTek devices, specifically the keyinstall module. The issue is a memory corruption due to a type confusion vulnerability, leading to local elevation of privilege with System execution privileges needed. Exploitation requires no user interaction per the initial descripti...

6.7CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.106 views

CVE-2024-27205

CVE-2024-27205 describes memory corruption due to a use-after-free, leading to local escalation of privilege with no user interaction. The available documents indicate a HIGH-severity, LOCAL-exploitation scenario with no exploitation prerequisites; no specific affected product/version or fix is p...

8.4CVSS7.2AI score0.0009EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.106 views

CVE-2024-27230

The vulnerability CVE-2024-27230 affects ProtocolPsKeepAliveStatusAdapter::getCode() in protocolpsadapter.cpp, with a missing bounds check causing an out-of-bounds read that could disclosures local information and requires baseband firmware compromise. Exploitation status is not detailed in the p...

5.1CVSS6AI score0.0008EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.106 views

CVE-2024-40652

The CVE-2024-40652 entry describes an elevation-of-privilege issue in Android’s SettingsHomepageActivity onCreate, where a missing permission check could allow provisioning-phase access to the Settings app. This enables local privilege escalation with UI interaction required for exploitation. Pub...

7.8CVSS7.1AI score0.0008EPSS
CVE
CVE
added 2024/09/11 12:9 a.m.106 views

CVE-2024-40657

CVE-2024-40657 affects the Android Framework, specifically the AccountTypePreferenceLoader.addPreferencesForType path. The issue can enable a confused deputy to disable apps for other users, causing local elevation of privilege with no extra execution privileges required and no user interaction n...

7.8CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.106 views

CVE-2024-40661

CVE-2024-40661 affects Android’s mayAdminGrantPermission in AdminRestrictedPermissionsUtils.java, enabling access to the microphone and leading to local elevation of privilege with no extra execution privileges required. Exploitation is local and does not require user interaction. Android bulleti...

7.8CVSS7.1AI score0.00096EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.106 views

CVE-2024-43090

CVE-2024-43090 affects the Android Framework component, describing a cross-user image read caused by a missing permission check. This leads to local information disclosure with user privileges required, as noted in multiple sources (Android OS CVE entry and related bulletins). The Android securit...

5CVSS6.2AI score0.00163EPSS
CVE
CVE
added 2025/09/04 6:34 p.m.106 views

CVE-2025-48581

CVE-2025-48581 corresponds to a logic error in the Android system component apexd.cpp, within the VerifyNoOverlapInSessions function, that can block security updates. The impact is local privilege escalation with no additional execution privileges required and no user interaction needed for explo...

8.4CVSS7.5AI score0.00184EPSS
CVE
CVE
added 2020/11/10 12:49 p.m.105 views

CVE-2020-0450

CVE-2020-0450 affects Android via rw_i93_sm_format in rw_i93.cc, where an out-of-bounds read can arise from uninitialized data. This could enable remote information disclosure over NFC with no additional execution privileges; exploitation requires user interaction. Affected Android versions inclu...

6.5CVSS6.1AI score0.0084EPSS
CVE
CVE
added 2021/03/10 3:38 p.m.105 views

CVE-2021-0394

CVE-2021-0394 is an out-of-bounds read in android_os_Parcel_readString8 caused by a missing bounds check, enabling local information disclosure without extra privileges. Affected: Android 11, 10, 9, 8.1; exploitation is local and does not require user interaction. Mitigation per the Android Secur...

5.5CVSS5AI score0.00264EPSS
CVE
CVE
added 2021/04/13 6:25 p.m.105 views

CVE-2021-0400

CVE-2021-0400 affects Android 9–11 in GnssLocationProvider.java. In injectBestLocation and handleUpdateLocation, there is improper input validation that could cause the device to report location data to emergency services incorrectly. Exploitation is local (attack vector: LOCAL) with no user inte...

5.5CVSS5.5AI score0.00129EPSS
CVE
CVE
added 2021/04/13 6:22 p.m.105 views

CVE-2021-0439

CVE-2021-0439 affects Android 11 and is tied to a vulnerability in setPowerModeWithHandle in com_android_server_power_PowerManagerService.cpp. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with no additional execution privileges and w...

7.8CVSS7.7AI score0.00119EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.105 views

CVE-2021-0649

CVE-2021-0649 affects Android 11: In Vpn.java’s stopVpnProfile, there is a permissions bypass leading to a possible VPN profile reset and local elevation of privilege (CONTROL_ALWAYS_ON_VPN) with no user interaction. The issue is classified as a local elevation of privilege; patches are reference...

7.8CVSS7.7AI score0.00122EPSS
Total number of security vulnerabilities8153