Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/03/07 12:0 a.m.99 views

CVE-2023-20620

CVE-2023-20620 affects the MediaTek ADSP component (MediaTek chips) due to a logic error, enabling local privilege escalation with SYSTEM execution privileges and no user interaction. The issue is associated with patch ALPS07554558 (ALPS07554558; Issue ALPS07554558). Public exploitation details a...

4.1CVSS4.7AI score0.00068EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.99 views

CVE-2023-20754

CVE-2023-20754 affects MediaTek keyinstall: an out-of-bounds write caused by an integer overflow in keyinstall could enable local privilege escalation with SYSTEM privileges and no user interaction. Multiple sources (including Red Hat and Android security bulletin mappings) corroborate the issue ...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.99 views

CVE-2023-20832

The CVE-2023-20832 entry relates to gps with a potential out-of-bounds write due to a missing bounds check. Impact is local privilege escalation with System privileges required and no user interaction. A fix is referenced as Patch ID ALPS08014144 / Issue ID ALPS08013530; apply the patch to mitiga...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.99 views

CVE-2023-20983

CVE-2023-20983 affects Android (Android-13) in the Bluetooth stack: in btm_ble_rand_enc_complete (btm_ble.cc) there is an out-of-bounds read due to a missing bounds check, enabling local information disclosure with system privileges. Exploitation is reported as local (AV:L, AC:L, PR:H, UI:N) with...

4.4CVSS4.2AI score0.00109EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.99 views

CVE-2023-32872

The CVE-2023-32872 issue is in MediaTek’s keyInstall module. It describes an out-of-bounds write caused by a missing bounds check, potentially enabling local privilege escalation to SYSTEM with no user interaction required. Public references in the connected documents consistently state this as a...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.99 views

CVE-2023-35659

CVE-2023-35659 affects the kernel through the DevmemIntChangeSparse function in devicemem_server.c. The connected sources describe a logic error that can cause arbitrary code execution, enabling local escalation of privilege with no additional privileges or user interaction required. Multiple fee...

7.8CVSS7.4AI score0.00102EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.99 views

CVE-2024-20010

The CVE-2024-20010 entry describes a MediaTek vulnerability in the keyInstall module caused by type confusion, enabling local privilege escalation to SYSTEM without user interaction. Patch ALPS08358560 (Issue ALPS08358560) is referenced as the fix. Connected documents corroborate the local-privil...

6.7CVSS6.6AI score0.00087EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.99 views

CVE-2024-20090

CVE-2024-20090 is a MediaTek vdec vulnerability: an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with SYSTEM privileges; no user interaction is required. Patch ALPS09028313; Issue MSV-1703. Related documents confirm vdec involvement in MediaTek comp...

6.7CVSS7.2AI score0.00088EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.99 views

CVE-2024-20092

CVE-2024-20092 concerns MediaTek MediaTek vdec vulnerability: a missing bounds check causes an out-of-bounds write, enabling local elevation of privilege with System execution privileges. No user interaction required. The issue is documented across multiple sources (NVD, Red Hat, Vuln enrichment,...

7.8CVSS7.2AI score0.00083EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.99 views

CVE-2024-34725

The CVE-2024-34725 entry describes a race condition in DevmemIntUnexportCtx of devicemem_server.c that can allow arbitrary code execution and local privilege escalation in the kernel, with no extra privileges or user interaction required. Connected records (Red Hat, NVD, CVE lists, OSV) confirm t...

7.4CVSS7.4AI score0.00071EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.99 views

CVE-2024-34729

CVE-2024-34729 is linked to PowerVR-GPU in the Android ecosystem. The connected sources describe a logic error that could enable arbitrary code execution, resulting in local privilege escalation in kernel-related contexts. Exploitation details are not provided in the documents, and a specific pat...

8.4CVSS7.4AI score0.00111EPSS
CVE
CVE
added 2011/08/09 7:0 p.m.98 views

CVE-2008-7298

The CVE-2008-7298 entry concerns the Android browser. It describes a vulnerability where the browser cannot properly restrict modifications to cookies established during HTTPS sessions, enabling a man-in-the-middle to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP respon...

5.8CVSS6.6AI score0.0099EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.98 views

CVE-2015-3104

CVE-2015-3104 is an integer overflow in Adobe Flash Player (Windows, macOS, Linux) and related Adobe AIR/SDK components. The flaw allows arbitrary code execution via unspecified vectors and affects Flash Player versions prior to 13.0.0.292, 14.x up to 18.x before 18.0.0.160 (Windows/macOS) and pr...

10CVSS7.7AI score0.05745EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.98 views

CVE-2015-5582

Summary: CVE-2015-5582 affects Adobe Flash Player and Adobe AIR components. A memory corruption vulnerability in Flash Player allows remote code execution or denial of service via parsing crafted media (SWF/MP4) payloads, with exploitable conditions indicated by related advisories. Affected produ...

10CVSS7.8AI score0.04046EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.98 views

CVE-2017-0381

CVE-2017-0381 is an information-disclosure vulnerability in silk/NLSF_stabilize.c within libopus used by Mediaserver, affecting Android versions 5.0.2–7.1. It could allow a local malicious app to access data outside its permissions. The concrete root: a flaw in Opus handling as described in the C...

9.3CVSS6.3AI score0.00904EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.98 views

CVE-2017-0737

The CVE-2017-0737 entry describes an elevation of privilege in Android's media framework (libstagefright) affecting Android versions 4.4.4 through 7.1.2. The vulnerability lies in the media framework and could allow a local attacker to execute code with elevated privileges in a privileged process...

7.8CVSS7.4AI score0.00435EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.98 views

CVE-2019-9423

The CVE-2019-9423 entry concerns an out-of-bounds write in OpenCV when using libpng, caused by a missing bounds check. Impact is local privilege escalation on Android 10, with no user interaction required. Public details specify the affected product as Android 10 (Android ID A-110986616); there i...

7.8CVSS7.7AI score0.00293EPSS
CVE
CVE
added 2020/07/17 8:11 p.m.98 views

CVE-2020-0231

CVE-2020-0231 is a MediaTek External Memory Interface elevation-of-privilege vulnerability in Android. The issue is an out-of-bounds write caused by an incorrect bounds check; it is listed with high to critical impact (CVSS v3.1: 9.8) and affects Android devices with the MTK External Memory Inter...

9.8CVSS9AI score0.00443EPSS
CVE
CVE
added 2020/09/17 3:55 p.m.98 views

CVE-2020-0342

CVE-2020-0342 is an Android vulnerability described as an out-of-bounds write caused by an incorrect bounds check. Connected sources show this entry associated with Android components including MediaTek ATF and Qualcomm closed-source components, with patches issued in the Android September 2020 s...

10CVSS9AI score0.00564EPSS
CVE
CVE
added 2020/11/10 12:53 p.m.98 views

CVE-2020-0447

CVE-2020-0447 is described in connected documents as an out-of-bounds write caused by a missing bounds check, linked to Android SoC component A-168251617. The OSV entry ASB-A-168251617 explicitly states the issue as an out-of-bounds write; other sources (NVD, Red Hat, CVE listings) reflect this d...

9.8CVSS9AI score0.00571EPSS
CVE
CVE
added 2021/06/22 11:2 a.m.98 views

CVE-2021-0540

CVE-2021-0540 describes an out-of-bounds write in Android’s hal_wrapper.cc, specifically in halWrapperDataCallback. The issue could enable local privilege escalation with system-level privileges and does not require user interaction. The description consistently refers to Android 11 (Android-11, ...

6.7CVSS6.7AI score0.00117EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.98 views

CVE-2021-0876

CVE-2021-0876 affects PVRSRVBridgePhysmemNewRamBackedLockedPMR in the PowerVR kernel driver on Android. The issue is a missing size check that enables an integer overflow, potentially allowing out-of-bounds heap access and local escalation of privilege with no extra privileges or user interaction...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.98 views

CVE-2022-20057

CVE-2022-20057 affects the btif component in MediaTek-based devices, where a memory corruption due to incorrect error handling could enable local privilege escalation with system execution privileges. Exploitation requires user interaction. The issue is associated with patch ALPS06271186 (ALPS062...

6.5CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2022/03/09 5:3 p.m.98 views

CVE-2022-20060

CVE-2022-20060: Affects MediaTek preloader (usb) across multiple MT chipsets (e.g., MT6761/6762/6765/6768/6771/6779/6781/6785/6833/6853/6873/6875/6877/6885/6889/6893/8183/8185/8321/8385/8666/8667/8675/8735a/8735b/8765/8766/8768/8786/8788/8789/8791/8797). Describes a missing proper image authentic...

6.6CVSS6.5AI score0.00134EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.98 views

CVE-2022-20151

CVE-2022-20151 is listed in Pixel security patches as an Information Disclosure (Type: ID) affecting the Modem component on Google Pixel devices. The Android bug ID associated is A-210712565. Public sources also flag it as related to the Android kernel in the CVE context, with no explicit exploit...

7.5CVSS7.4AI score0.00358EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.98 views

CVE-2022-20175

CVE-2022-20175 is documented in the Pixel security bulletin under the Modem component, with Android bug ID A-209252491. It is classified as Information Disclosure (Type: ID) and rated Moderate; no exploit details are provided in the connected documents. The Pixel bulletin notes the patch level 20...

7.5CVSS7.4AI score0.00375EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.98 views

CVE-2022-20195

CVE-2022-20195 concerns the Android keystore library with an insecure deserialization flaw that can cause local denial of service. The description across sources notes the issue allows DoS with user interaction and affects Android 12L; exploitation requires user interaction while the Pixel bullet...

5CVSS5AI score0.00164EPSS
CVE
CVE
added 2022/08/11 2:59 p.m.98 views

CVE-2022-20366

CVE-2022-20366 affects the Android kernel component lwis_ioctl.c, in ioctl_dpm_clk_update, where an integer overflow can cause an out-of-bounds write. This is described as enabling local privilege escalation to SYSTEM level with no user interaction required. The vulnerability is documented across...

6.7CVSS6.7AI score0.00101EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.98 views

CVE-2022-20537

CVE-2022-20537 affects Android 13. In WifiScanModeActivity.java, the createDialog flow lacks a permission check, enabling a Guest user to enable location-sensitive settings and perform local privilege escalation without additional execution privileges or user interaction. Public exploitation deta...

3.3CVSS4.3AI score0.00109EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.98 views

CVE-2022-20607

CVE-2022-20607 affects Google Pixel devices via the Pixel cellular firmware. The issue is a missing bounds check that enables an out-of-bounds write, which could lead to remote code execution without user interaction, contingent on LTE authentication being present. The vulnerability is described ...

8.8CVSS8.9AI score0.00948EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.98 views

CVE-2022-23428

CVE-2022-23428 : An improper boundary check in the eden_runtime HAL service before SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. The vulnerability is documented across multiple sources (NVD, CNVD, Red Hat, etc.) and is associated with Google Android. Affected component:...

8.4CVSS7.8AI score0.00152EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.98 views

CVE-2022-42517

CVE-2022-42517 affects the Android kernel, specifically the MiscService::DoOemSetTcsFci function in miscservice.cpp. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure with System privileges required for exploitation and no user interactio...

4.4CVSS4.3AI score0.0012EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.98 views

CVE-2022-47337

CVE-2022-47337 affects the media service and is caused by a missing permission check, enabling local denial of service. The description consistently states a local DoS risk but does not provide exploit details, affected versions, or a verified patch within the supplied documents. Red Hat, NVD, an...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.98 views

CVE-2022-47487

CVE-2022-47487 affects UNISOC chipsets (thermal service). Root cause: missing bounds check leading to an out-of-bounds write. Impact: local denial of service with no additional execution privileges. Exploitation status and patch details are not provided in the supplied documents. No explicit reme...

5.5CVSS5.5AI score0.0009EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.98 views

CVE-2023-21062

CVE-2023-21062 describes an out-of-bounds read in the Android kernel, triggered by an incorrect bounds check in the DoSetTempEcc function of imsservice.cpp. The vulnerability can enable local escalation of privilege with System execution privileges required, and exploitation does not require user...

6.7CVSS6.6AI score0.00095EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.98 views

CVE-2023-21164

CVE-2023-21164 affects the DevmemIntMapPMR code path in devicemem_server.c within the PowerVR GPU driver stack on Android/ChromeOS. The issue is a use-after-free that can lead to arbitrary code execution and local escalation of privileges in the kernel, with no additional execution privileges or ...

9.8CVSS8.8AI score0.00414EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.98 views

CVE-2023-21218

CVE-2023-21218 : The vulnerability is in PMRChangeSparseMemOSMem of physmem_osmem_linux.c, where an incorrect bounds check allows an out-of-bounds write. This could enable local escalation of privilege in the Linux kernel without extra execution privileges or user interaction. Public sources in t...

9.8CVSS8.5AI score0.00414EPSS
CVE
CVE
added 2023/10/18 7:10 p.m.98 views

CVE-2023-35663

CVE-2023-35663 describes a vulnerability in Init of protocolnetadapter.cpp where a missing bounds check may cause an out-of-bounds read. This can lead to remote information disclosure without requiring user interaction, per the provided description. The affected software/component is tied to Andr...

7.5CVSS7.4AI score0.0026EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.98 views

CVE-2023-35686

The CVE-2023-35686 vulnerability affects PVRSRVRGXKickTA3DKM in rgxta3d.c, where improper input validation allows arbitrary code execution and local privilege escalation in the kernel. Exploitation is described as local with no additional privileges and no user interaction required. Multiple conn...

7.8CVSS7.4AI score0.00098EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.98 views

CVE-2023-48349

CVE-2023-48349 affects a video decoder in Android components (Unisoc subcomponent) with a root cause of a missing bounds check that allows an out-of-bounds write. This could lead to local denial of service without extra privileges. Public details in connected docs are limited to the generic descr...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2023/12/08 3:41 p.m.98 views

CVE-2023-48405

CVE-2023-48405 describes a logic error that allows the secure world to write to NS memory, enabling local elevation of privilege (System-level) without user interaction. The vulnerability is listed in Google Pixel security bulletin as CVE-2023-48405 with EoP impact (High) in the LDFW component. A...

6.7CVSS6.7AI score0.00109EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.98 views

CVE-2024-20091

CVE-2024-20091 affects MediaTek’s vdec component in the ALPS platform (ALPS09028313) due to a missing bounds check, enabling an out-of-bounds read that could lead to local information disclosure with system execution privileges and no user interaction required. Patch and issue IDs (MSV-1701) are ...

4.4CVSS6.2AI score0.00083EPSS
CVE
CVE
added 2024/09/13 8:28 p.m.98 views

CVE-2024-44095

CVE-2024-44095 affects Google Pixel/Android via the function ppmp_protect_mfcfw_buf in code/drm_fw.c, where a logic error can cause memory corruption and local privilege escalation without needing user interaction. The issue is classified as Elevation of Privilege (EoP) with high impact (confiden...

7.8CVSS7.2AI score0.00076EPSS
CVE
CVE
added 2020/01/08 6:26 p.m.97 views

CVE-2020-0002

CVE-2020-0002 affects Android Media framework (ih264d_init_decoder in ih264d_api.c) with a use-after-free causing an out-of-bounds write, enabling remote code execution. Impacted Android versions: 8.0–10. Exploitation requires user interaction or crafted media; CVSS indicates Network access, no p...

9.3CVSS8.8AI score0.01387EPSS
CVE
CVE
added 2020/12/14 9:53 p.m.97 views

CVE-2020-0455

CVE-2020-0455 is an out-of-bounds write caused by a missing bounds check in the MediaTek vcu component (MediaTek MTK ALPS05324771) within Android. The issue is listed under Android’s 2020-12 security bulletin with patches recommended for patch levels 2020-12-01 or later; exact affected device mod...

9.8CVSS9AI score0.00654EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.97 views

CVE-2021-0873

CVE-2021-0873 : A missing size check in PVRSRVBridgeRGXKickRS within the PowerVR kernel driver can cause an integer overflow, enabling out-of-bounds heap access. This may permit local escalation of privilege with no additional execution privileges required and without user interaction. The issue ...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.97 views

CVE-2021-0875

CVE-2021-0875 affects the PowerVR GPU stack (PVRSRVBridgeChangeSparseMem in the PowerVR kernel driver). The issue is a missing size check that can cause an integer overflow, enabling out-of-bounds heap access. This could lead to local elevation of privilege with no additional execution privileges...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.97 views

CVE-2021-39741

CVE-2021-39741 affects the Android Keymaster component on Android 12L, with an out-of-bounds write caused by a missing bounds check. This leads to local elevation of privilege with System execution privileges required; no user interaction is needed. The issue is listed in Android 12L security rel...

7.8CVSS7.9AI score0.00107EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.97 views

CVE-2022-20155

CVE-2022-20155 affects the Android kernel component ipu-core-jqs-msg-transport.c, specifically the function ipu_core_jqs_msg_transport_kernel_write_sync. The vulnerability arises from a race condition that can cause a use-after-free, enabling local escalation of privilege without additional execu...

7CVSS7AI score0.00083EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.97 views

CVE-2022-20196

The CVE-2022-20196 issue affects Android 12L’s gallery3d and Photos. It describes a permission bypass due to a confused deputy, enabling local information disclosure without extra execution privileges. Exploitation is reported to require user interaction. The Pixel update bulletin lists CVE-2022-...

5CVSS4.7AI score0.00116EPSS
Total number of security vulnerabilities8153