Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/03/24 12:0 a.m.101 views

CVE-2023-21061

CVE-2023-21061 affects the Android kernel (Pixel devices). The connected Pixel bulletin entry indicates this issue is a DoS vulnerability with a Moderate impact in the Wifi subcomponent. No exploitation/details are provided beyond the classification. A fix is indicated via the Pixel security patc...

7.5CVSS7.4AI score0.00289EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.101 views

CVE-2023-21166

CVE-2023-21166: Use-after-free in RGXBackingZSBuffer (rgxta3d.c) of the PowerVR GPU driver can enable arbitrary code execution and local kernel privilege escalation without extra user interaction. Public details across the connected entries confirm the issue and its impact (no explicit exploit sp...

9.8CVSS8.8AI score0.00414EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.101 views

CVE-2023-48350

CVE-2023-48350 describes a vulnerability in the video decoder where a missing bounds check can lead to an out-of-bounds write, resulting in local denial of service without additional privileges. The issue is consistently reported across sources (NVD/Red Hat/PRION/VulnEnrichment/CVE lists), all id...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.101 views

CVE-2024-20101

CVE-2024-20101 affects the MediaTek WLAN stack; the vulnerability arises from improper input validation in the WLAN driver, causing an out-of-bounds write that could enable remote code execution with no privileges and no user interaction required. Public references in NVD/Red Hat and related bull...

9.8CVSS7.9AI score0.00312EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.101 views

CVE-2024-23715

CVE-2024-23715: Out-of-bounds write in PMRWritePMPageList within pmr.c triggers local kernel privilege escalation with no user interaction. Multiple sources (NVD, Red Hat, CNVD, CN)** corroborate a kernel-level issue described as a logic error enabling LPE. Affected component is the kernel; remed...

7.8CVSS6.8AI score0.00102EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.101 views

CVE-2024-27208

CVE-2024-27208 describes an out-of-bounds write due to a missing bounds check, enabling local privilege escalation with no user interaction. Public sources confirm this vulnerability is categorized as Elevation of Privilege (EoP) and listed under the Pixel security bulletin with subcomponent ACPM...

8.4CVSS7AI score0.00107EPSS
CVE
CVE
added 2024/08/15 9:56 p.m.101 views

CVE-2024-31333

The CVE-2024-31333 issue affects Google Android kernel code, specifically the MMU_AllocLevel path in mmu_common.c, where an integer overflow can lead to arbitrary code execution and local escalation of privilege without user interaction. Multiple connected sources (NVD, Red Hat, CNVD, CVE listing...

7.8CVSS7.4AI score0.001EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.101 views

CVE-2024-34748

Possible use-after-free in DevmemXReservationPageAddress of devicemem_server.c due to improper casting, enabling local kernel privilege escalation without extra privileges or user interaction. Affected: Linux kernel component described in multiple sources (CVE-2024-34748). Impact: local EoP with ...

8.4CVSS7.3AI score0.00089EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.101 views

CVE-2024-43086

CVE-2024-43086 affects Android’s AccountManagerService.java, where an issue in validateAccountsInternal could permit leaking account credentials to a third‑party app via a confused deputy, causing local information disclosure with no extra privileges or user interaction required. Public sources (...

5.5CVSS6.5AI score0.00094EPSS
CVE
CVE
added 2024/09/13 8:28 p.m.101 views

CVE-2024-44094

The CVE affects the function ppmp_protect_mfcfw_buf in code/drm_fw.c , with a root cause of improper input validation that can cause memory corruption . This leads to a local privilege escalation vulnerability with no additional execution privileges required and without user interaction. Several ...

7.8CVSS7.4AI score0.00077EPSS
CVE
CVE
added 2026/03/02 8:39 a.m.101 views

CVE-2026-20435

CVE-2026-20435 concerns a logic error in the preloader of MediaTek-based devices that allows reading device unique identifiers. The vulnerability can enable local information disclosure with physical access and no required user interaction or execution privileges. Affected component: preloader; u...

4.6CVSS6.1AI score0.00115EPSS
CVE
CVE
added 2019/06/19 8:13 p.m.100 views

CVE-2018-9561

CVE-2018-9561 affects Android components: in llcp_util_parse_connect of llcp_util.cc there is a missing bounds check that enables an out-of-bounds read leading to local information disclosure. Affected products include Android 7.0 through 9 (per NVD/Red Hat/CVE listings); exploitation requires us...

7.1CVSS5.9AI score0.00758EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.100 views

CVE-2018-9581

CVE-2018-9581 describes an information-disclosure flaw in Android where WiFi RSSI (and SSID) data are broadcast via intents (android.net.wifi.RSSI_CHANGE and android.net.wifi.STATE_CHANGE). This cross-process leakage can allow any on-device app to observe a user’s proximity/location context witho...

3.3CVSS4.6AI score0.00154EPSS
CVE
CVE
added 2020/10/14 1:9 p.m.100 views

CVE-2020-0339

CVE-2020-0339 is confirmed as an out-of-bounds read caused by a missing bounds check, associated with Android/SoC component A-162980705. OSV entries explicitly describe the issue as an out-of-bounds read (ASB-A-162980705) and (ASB-A-162980455). Exploitation status is not provided in the supplied ...

9.4CVSS8.7AI score0.00582EPSS
CVE
CVE
added 2020/10/14 1:9 p.m.100 views

CVE-2020-0367

CVE-2020-0367 is documented as an out-of-bounds write due to a missing bounds check affecting Android components (notably Widevine) with Android ID A-162980455. Connected OSV records (ASB-A-162980455 and ASB-A-162980705) describe out-of-bounds write/read issues related to this same identifier. Pu...

9.4CVSS8.9AI score0.00472EPSS
CVE
CVE
added 2020/09/17 3:54 p.m.100 views

CVE-2020-0391

CVE-2020-0391 is an Android elevation-of-privilege issue in PackageManagerService.applyPolicy that allows arbitrary command execution as System due to an unenforced protected-broadcast. It enables local privilege escalation with no user interaction on Android 9–11. The Android bulletin notes this...

7.8CVSS7.8AI score0.00425EPSS
CVE
CVE
added 2021/10/06 2:12 p.m.100 views

CVE-2021-0636

CVE-2021-0636: Memory corruption when extracting an incorrectly formatted AVI file could crash playback and logs, potentially enabling a malicious actor to compromise user rights on Android 10. Connected sources (Red Hat, NVD, CVE listings) consistently reference Android 10 as the affected platfo...

7.8CVSS7.5AI score0.00301EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.100 views

CVE-2021-0878

The CVE-2021-0878 issue affects the PowerVR PVRSRVBridgeServerSyncGetStatus path in the PVRSRV kernel driver. The root cause is a missing size check that can trigger an integer overflow, enabling out-of-bounds heap access. This could enable local escalation of privilege without additional executi...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.100 views

CVE-2021-0882

The CVE-2021-0882 issue affects Android devices using the Imagination Technologies PowerVR PowerVR kernel driver (PVRSRVBridgeRGXKickSync). The root cause is a missing size check that enables an integer overflow, leading to out-of-bounds heap access. This can allow local escalation of privilege w...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.100 views

CVE-2021-0885

CVE-2021-0885 affects the PowerVR kernel driver (PVRSRVBridgeSyncPrimOpTake). The issue is a missing size check that enables an integer overflow, causing out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed, and exploitation is...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.100 views

CVE-2021-39746

CVE-2021-39746 affects Android 12L Framework, specifically a vulnerability in PermissionController caused by an unsafe PendingIntent. This could lead to local escalation of privilege with user execution privileges needed and no user interaction required, per the CVE description. Red Hat and Andro...

7.8CVSS7.8AI score0.00107EPSS
CVE
CVE
added 2022/05/03 8:2 p.m.100 views

CVE-2022-20101

CVE-2022-20101 describes a path traversal vulnerability in the aee daemon that can cause local information disclosure without requiring user interaction. The underlying issue is a path traversal flaw, enabling disclosure of sensitive data with local access. The exposure is supported by multiple s...

5.5CVSS5.1AI score0.00125EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.100 views

CVE-2022-20152

CVE-2022-20152 affects the TitanM chip in Android kernel space, describing an out-of-bounds write caused by a missing bounds check that enables local escalation of privileges to System with no user interaction required. Public details on affected patch level or remediation are not provided in the...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/08/11 3:2 p.m.100 views

CVE-2022-20381

Summary (concrete details available): CVE-2022-20381 is mapped to the Android kernel in Google Pixel devices and is classified as an Elevation of Privilege (EoP) issue within the kernel component. The vulnerability is tracked in the NVD entry with a high-impact profile (CVSSv3.1: CVSS:3.1/AV:N/AC...

9.8CVSS9AI score0.00306EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.100 views

CVE-2022-20510

CVE-2022-20510 affects Android 13 (Pixel devices) via a permissions bypass in DevicePolicyManagerService.getNearbyNotificationStreamingPolicy, enabling local information disclosure about other users’ notification streaming policy with no extra privileges or user interaction. The security entry no...

5.5CVSS5.1AI score0.00113EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.100 views

CVE-2022-24932

The CVE-2022-24932 entry concerns Samsung Setup wizard: an Improper Protection of Alternate Path vulnerability in the Setup wizard process allows a physical attacker to install packages before the wizard completes. Affected versions are Setup wizard versions prior to SMR Mar-2022 Release 1. The u...

4.6CVSS4.5AI score0.00106EPSS
CVE
CVE
added 2022/03/08 1:47 p.m.100 views

CVE-2022-25819

CVE-2022-25819 is an OOB read vulnerability in the hdcp2 device node prior to Samsung SMR Mar-2022 Release 1, allowing an attacker to view kernel stack memory. Affected component: hdcp2 device node; root cause: out-of-bounds read. Impact: potential kernel memory exposure. Remediation: Samsung pro...

5.5CVSS5.3AI score0.00106EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.100 views

CVE-2022-42505

CVE-2022-42505 arises from an out-of-bounds write in ProtocolMiscBuilder::BuildSetSignalReportCriteria within the Android kernel’s protocolmiscbuilder.cpp. The description indicates an incorrect bounds check allows a local escalation of privilege with System execution privileges required; exploit...

6.7CVSS6.7AI score0.00122EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.100 views

CVE-2022-42530

CVE-2022-42530 affects Pixel firmware, where an out-of-bounds read results from a missing bounds check. The vulnerability enables local information disclosure with System-level privileges, and does not require user interaction. The described impact and conditions are consistent with Android Pixel...

4.4CVSS4.3AI score0.00119EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.100 views

CVE-2023-32850

CVE-2023-32850 concerns MediaTek’s decoder component (MediaTek MTK ALPS08016659) where an integer overflow can cause an out-of-bounds write. This may enable local privilege escalation with user interaction required for exploitation. The available public details identify Patch ID ALPS08016659/Issu...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2023/12/08 3:41 p.m.100 views

CVE-2023-48408

The CVE-2023-48408 entry concerns ProtocolNetSimFileInfoAdapter() in protocolnetadapter.cpp, where a missing bounds check can trigger an out-of-bounds read. This vulnerability could enable local information disclosure and may require baseband firmware compromise to exploit. Exploitation is descri...

5.5CVSS5AI score0.001EPSS
CVE
CVE
added 2023/12/08 3:44 p.m.100 views

CVE-2023-48413

CVE-2023-48413 : A missing bounds check in Init of protocolnetadapter.cpp enables an out-of-bounds read. This can lead to remote information disclosure with system execution privileges required, and no user interaction is needed. Multiple connected sources (NVD, OSV, PRION, CVE lists) confirm the...

4.9CVSS4.9AI score0.00431EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.100 views

CVE-2024-20093

CVE-2024-20093 affects MediaTek vdec in MediaTek chipsets. Root cause: missing bounds check causing an out-of-bounds read, leading to local information disclosure with system execution privileges needed; no user interaction required. Patch: ALPS09028313 (MSV-1699). Connected sources (Red Hat/NVD)...

4.4CVSS6.2AI score0.00102EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.100 views

CVE-2024-20106

CVE-2024-20106 affects MediaTek’s m4u component. The issue is a missing bounds check causing a possible out-of-bounds write, enabling local privilege escalation with System-level privileges and no user interaction required. A patch is available: ALPS08960505 (MSV-1590). Other connected records co...

6.7CVSS7.2AI score0.00084EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.100 views

CVE-2024-27212

CVE-2024-27212 describes an out-of-bounds write in the init_data path (component listed as TBD) due to a missing bounds check. This leads to local privilege escalation with no additional privileges or user interaction required, as stated across multiple sources (NVD/Red Hat/OSV and Pixel bulletin...

7.8CVSS7AI score0.00104EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.100 views

CVE-2024-43081

The CVE-2024-43081 issue affects Google Android and is tied to the function installExistingPackageAsUser in InstallPackageHelper.java. The root cause is a logic error that allows a carrier restriction bypass, enabling local elevation of privilege with no extra execution privileges and no user int...

7.8CVSS7.2AI score0.00104EPSS
CVE
CVE
added 2024/12/18 7:4 p.m.100 views

CVE-2024-47039

CVE-2024-47039 describes an out-of-bounds read in the BootControl.cpp isSlotMarkedSuccessful path of the android.hardware.boot.IBootControl default service. The underlying issue is a missing bounds check in BootControl.cpp, enabling local information disclosure without additional execution privil...

10CVSS6.1AI score0.00195EPSS
CVE
CVE
added 2013/07/09 5:0 p.m.99 views

CVE-2013-4787

Android 1.6–4.2 (Donut to Jelly Bean) contains a flaw in verifying APK cryptographic signatures: an APK.modified file with duplicate Zip entries may be installed despite one entry being validated, enabling arbitrary code execution via the Master Key vulnerability. The issue arises from inconsiste...

9.3CVSS7.7AI score0.5892EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.99 views

CVE-2018-9445

CVE-2018-9445 describes a path traversal/privilege escalation chain in Android. The root issue: readMetadata in Utils.cpp can be fed a crafted label via blkid output that Vold uses to build a mount path, allowing a USB mass storage device to influence the path used for mounting (UUID/TYPE) and en...

7.2CVSS6.7AI score0.0082EPSS
CVE
CVE
added 2019/06/19 8:5 p.m.99 views

CVE-2019-2003

CVE-2019-2003 affects Android platforms (7.0–9) and is described across multiple sources (NVD, Red Hat, CVE entries, and Android bulletin) as an elevation of privilege/remote code execution risk via Linkify.java in addLinks, enabling phishing-like misdirection. Root cause is an unusual issue in L...

9.3CVSS8.7AI score0.0137EPSS
CVE
CVE
added 2020/12/14 10:5 p.m.99 views

CVE-2020-0456

CVE-2020-0456 is an out-of-bounds write due to a missing bounds check affecting Android with Android SoC A-170378843 (MediaTek vcu). CVSS v3.1 shows 9.8 (CRITICAL); CVSS v2 shows 7.5 (HIGH). Exploitation remotely over network without user interaction; impact on confidentiality, integrity, and ava...

9.8CVSS9AI score0.00654EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.99 views

CVE-2021-0883

The CVE-2021-0883 entry affects the PVRSRVBridgeCacheOpQueue in the PowerVR kernel driver. A missing size check can cause an integer overflow, enabling out-of-bounds heap access and local escalation of privilege without extra execution privileges. Impact is described as local EoP with high confid...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.99 views

CVE-2021-0951

CVE-2021-0951 concerns an integer overflow in the DevmemIntHeapAcquire function (Android-related). The vulnerability could enable arbitrary code execution and local privilege escalation without extra privileges or user interaction. Public details in the provided documents identify the affected st...

7.8CVSS7.9AI score0.00098EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.99 views

CVE-2021-39812

CVE-2021-39812 affects the Android kernel component where a use-after-free leads to an out-of-bounds read, enabling local escalation of privileges without user interaction. The issue is documented in Pixel Update Bulletin entries against the affected Pixel/Android kernel and is mitigated by apply...

7.8CVSS7.6AI score0.00113EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.99 views

CVE-2022-20034

CVE-2022-20034 refers to a vulnerability in Preloader XFLASH on MediaTek devices caused by improper certificate validation, enabling local privilege escalation if an attacker has physical access and no extra privileges or user interaction are required. Connected documents corroborate the issue as...

6.8CVSS6.6AI score0.00095EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.99 views

CVE-2022-20050

The CVE-2022-20050 entry refers to a vulnerability in connsyslogger where improper link resolution enables symbolic link following, leading to local escalation of privilege with System execution privileges required. Exploitation is described as local with no user interaction needed. Affected comp...

6.7CVSS6.6AI score0.00131EPSS
CVE
CVE
added 2022/05/03 8:5 p.m.99 views

CVE-2022-20106

The CVE-2022-20106 entry concerns the MM service, with a heap-based buffer overflow causing an out-of-bounds write that could enable local privilege escalation to SYSTEM. Exploit details or in-the-wild activity are not provided in the documents. No user interaction is required. Remediation refere...

6.7CVSS6.8AI score0.00129EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.99 views

CVE-2022-20167

CVE-2022-20167 is listed in the Google Pixel security bulletin as a modem component Elevation of Privilege vulnerability (High) affecting Pixel devices. The connected Pixel bulletin entry confirms the issue type and severity but does not provide explicit exploit details in the available documents...

10CVSS9AI score0.00461EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.99 views

CVE-2022-20191

CVE-2022-20191 is a Google Pixel modem vulnerability described as a Remote Code Execution issue in the Pixel modem, affecting Android kernel components. It is rated CRITICAL (CVSSv3.1: 9.8) with network exploitation and no required user interaction. The Pixel Update Bulletin assigns a fix via pat...

10CVSS9AI score0.00483EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.99 views

CVE-2022-42535

CVE-2022-42535 affects Android 13 (Pixel devices mentioned). Description: In MmsSmsProvider.java, there is potential access to restricted tables due to SQL injection, leading to local information disclosure. Exploitation requires local access with low privileges; user interaction is not required....

5.5CVSS5.5AI score0.00151EPSS
Total number of security vulnerabilities8153