Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/08/11 3:1 p.m.97 views

CVE-2022-20377

CVE-2022-20377 affects Android’s keymaster_ipc.cpp, enabling an attacker to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This configuration flaw can lead to local elevation of privilege with no additional execution privileges required and without user interaction. Public r...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.97 views

CVE-2022-20569

CVE-2022-20569 affects the Android kernel, specifically the thermal cooling device stats update path in the thermal_sysfs.c driver. The issue is described as an out-of-bounds write caused by improper input validation in the function thermal_cooling_device_stats_update, which could lead to local e...

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.97 views

CVE-2022-42542

CVE-2022-42542 affects Android 13 via the phNxpNciHal_core_initialized function in phNxpNciHal.cc, where a missing bounds check allows an out-of-bounds write that could enable local escalation of privilege with System execution privileges. Exploitation status is not detailed in the provided docum...

6.7CVSS6.7AI score0.00121EPSS
CVE
CVE
added 2023/06/06 5:12 a.m.97 views

CVE-2022-48392

CVE-2022-48392 affects Unisoc chipsets via the Android dialer service, where a missing permission check can enable local escalation of privilege without requiring extra execution privileges. The CVSS v3.1 vector is LV, LO, PRL, UI N, S U, C H, I H, A H, with a base score of 7.8 (HIGH). Affected i...

7.8CVSS7.7AI score0.00084EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.97 views

CVE-2022-48461

CVE-2022-48461 concerns a vulnerability in the sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service with System execution privileges. Public sources repeatedly describe the issue as a sensor-driver boundary-check defect in Unisoc/UNISOC-r...

4.4CVSS4.8AI score0.00083EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.97 views

CVE-2023-20849

The CVE-2023-20849 vulnerability is in the imgsys_cmdq component and is caused by missing valid range checking, leading to a use-after-free that can enable local privilege escalation with SYSTEM privileges. Exploitation requires user interaction. Affected context references MediaTek-related discl...

6.5CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.97 views

CVE-2023-32851

CVE-2023-32851 involves a MediaTek MediaTek decoder vulnerability: an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with user interaction required. The issue is tracked with patch ID ALPS08016652 (and Issue ID ALPS08016652); no exploitation details o...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2023/12/08 3:40 p.m.97 views

CVE-2023-48402

CVE-2023-48402 refers to a local elevation-of-privilege in the ppcfw_enable function of ppcfw.c due to a missing permission check. Exploitation requires no user interaction and could grant higher privileges on the device. Multiple sources (including Red Hat and NVD entries) corroborate the same d...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/12/08 3:40 p.m.97 views

CVE-2023-48403

Summary: CVE-2023-48403 describes a possible out-of-bounds read due to a heap buffer overflow in the function sms_DecodeCodedTpMsg of sms_PduCodec.c. This could enable remote information disclosure without user interaction, as exploitation does not require additional privileges. The vulnerability...

7.5CVSS7.2AI score0.00413EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.97 views

CVE-2024-27209

CVE-2024-27209 corresponds to a local elevation-of-privilege issue described as a possible out-of-bounds write caused by a heap buffer overflow. Public sources indicate this vulnerability affects Google Pixel/Android modem components and can be exploited with no user interaction to achieve privil...

8.4CVSS7.3AI score0.00092EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.97 views

CVE-2024-27222

CVE-2024-27222 affects Google Pixel Android components, specifically the FaceEnrollFoldPage.java onSkipButtonClick path. The issue is described as an Intent Redirect GRANT_URI_PERMISSIONS attack that could let a local attacker access a file the app cannot access, enabling local elevation of privi...

7.8CVSS7AI score0.0008EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.96 views

CVE-2015-8955

CVE-2015-8955 affects the Linux kernel on arm64 (arch/arm64/kernel/perf_event.c) prior to 4.1. The issue arises from events across multiple HW PMUs being mishandled, allowing local users to gain privileges or trigger a denial of service via an invalid pointer dereference. Impact is limited to loc...

7.3CVSS7.5AI score0.00219EPSS
CVE
CVE
added 2019/06/19 8:0 p.m.96 views

CVE-2019-2016

CVE-2019-2016 affects Android: the issue is in NFA_SendRawFrame within nfa_dm_api.cc, where improper input validation can cause an out-of-bounds write. This can lead to local privilege escalation with no additional privileges required, and exploitation requires user interaction. Affected Android ...

9.3CVSS8.3AI score0.00796EPSS
CVE
CVE
added 2020/07/17 8:10 p.m.96 views

CVE-2020-0228

CVE-2020-0228 affects Android’s Recorder related service, with the root cause described as an improper configuration of that recorder component. Public summaries in the connected documents indicate an information-disclosure risk (evidence includes CNVD/Red Hat listings and NVD metrics) and classi...

7.5CVSS7.5AI score0.00413EPSS
CVE
CVE
added 2020/09/17 3:54 p.m.96 views

CVE-2020-0278

CVE-2020-0278 describes a possible out-of-bounds write due to an incorrect bounds check in Android components (notably ATF) as referenced in the 2020-09 Android bulletin. The NVD entry assigns a high/critical impact with remote network exploitation, no user interaction required. Connected records...

10CVSS9AI score0.00564EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.96 views

CVE-2021-0884

CVE-2021-0884 concerns the PowerVR kernel driver’s PVRSRVBridgePhysmemImportSparseDmaBuf function. A missing size check enables an integer overflow, which could permit out-of-bounds heap access and local escalation of privilege without additional execution privileges. Exploitation details (vector...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/07/12 11:16 p.m.96 views

CVE-2021-0948

CVE-2021-0948 affects the PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver. The issue allows returning uninitialized kernel memory to user space, meaning the contents of that memory could disclose sensitive information. Supported by multiple connected sources (NVD/Red Hat/CVE ecosy...

5.5CVSS5.3AI score0.00087EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.96 views

CVE-2022-20045

CVE-2022-20045 describes a vulnerability in Bluetooth where a use-after-free can cause a service crash, enabling local escalation of privilege with no extra execution privileges required and no user interaction. The issue is evidenced across multiple sources (NVD, Red Hat, CVE List). The underlyi...

7.8CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.96 views

CVE-2022-20054

The CVE-2022-20054 issue affects the ims service, with a missing permission check enabling a possible AT command injection that could allow local escalation of privilege without additional execution privileges or user interaction. Affected context is MediaTek-based platforms (as per multiple sour...

7.8CVSS7.9AI score0.00214EPSS
CVE
CVE
added 2022/05/03 7:57 p.m.96 views

CVE-2022-20088

The CVE-2022-20088 entry concerns the aee driver, where a reference count handling error may allow local privilege escalation to System level without user interaction. The issue is tied to incorrect error handling that can lead to a reference count mistake. A patch is identified as ALPS06209201 (...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.96 views

CVE-2022-20146

CVE-2022-20146 affects Android via the information disclosure in the uploadFile function of FileUploadServiceImpl.java, caused by a confused deputy that can expose private files locally without extra privileges. Exploitation is local and does not require user interaction. Public details in the co...

5.5CVSS5.1AI score0.00104EPSS
CVE
CVE
added 2022/06/15 1:18 p.m.96 views

CVE-2022-20148

Technical details are not publicly available in the provided connected documents for CVE-2022-20148. Monitor for updates from upstream/kernel advisories; no specifics on affected products, versions, or remediation are included.

6.9CVSS6.3AI score0.00115EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.96 views

CVE-2022-20173

Technical details about CVE-2022-20173 are not provided in the supplied documents. No specifics on affected components or impact. Monitor for updates.

10CVSS9AI score0.00483EPSS
CVE
CVE
added 2022/08/11 2:58 p.m.96 views

CVE-2022-20180

CVE-2022-20180 describes an elevation of privilege in Android kernel code, arising from a missing bounds check in mali_gralloc_reference.cpp that can allow arbitrary code execution on a local basis. The impact is local privilege escalation with high confidentiality/integrity/availability implicat...

7.8CVSS7.9AI score0.00095EPSS
CVE
CVE
added 2022/06/15 1:24 p.m.96 views

CVE-2022-20207

CVE-2022-20207 affects Android 12L via the static definition in GattServiceConfig.java , where an insecure default value permits a permission bypass leading to local elevation of privilege without user interaction. The issue is described across multiple sources (Android/Red Hat/NVD entries) as a ...

7.8CVSS7.7AI score0.00112EPSS
CVE
CVE
added 2022/08/11 3:4 p.m.96 views

CVE-2022-20404

CVE-2022-20404 is listed in Pixel bulletin data as affecting Android devices via the Modem component (Type: Information disclosure; Severity: Moderate). The vulnerable entry maps to CVE-2022-20404 with Android kernel context in the initial doc, but Pixel security bulletin categorizes it under the...

7.5CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2022/08/11 3:4 p.m.96 views

CVE-2022-20405

CVE-2022-20405 affects the Android kernel/modem stack used by Google Pixel devices, described as a Modem Elevation of Privilege vulnerability. Public details indicate a zero-click style chain that could downgrade the device’s cellular modem to 2G and potentially allow takeover of the handset via ...

9.8CVSS9.1AI score0.00306EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.96 views

CVE-2022-20443

CVE-2022-20443 concerns Android 13 where the hasInputInfo function in Layer.cpp may bypass user interaction via a tapjacking/overlay attack, enabling local escalation of privilege with no extra execution privileges and no user interaction required for exploitation. Affected product: Android 13 (A...

7.8CVSS7.7AI score0.00089EPSS
CVE
CVE
added 2022/11/17 12:0 a.m.96 views

CVE-2022-20460

CVE-2022-20460 affects the Android kernel (mprot_unmap) where improper input validation could corrupt the memory mapping. The consequence is local escalation of privilege, requiring System execution privileges, with no user interaction needed. The description appears across multiple sources (e.g....

6.7CVSS6.6AI score0.0009EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.96 views

CVE-2022-20528

Summary: CVE-2022-20528 affects Android-13 via a flaw in the FindParam path of HevcUtils.cpp causing an out-of-bounds read due to a missing bounds check. This can enable local privilege escalation with no additional execution privileges and no user interaction is required. The vulnerability is do...

3.3CVSS4.3AI score0.00118EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.96 views

CVE-2022-20532

In CVE-2022-20532, the vulnerability lies in MPEG4Extractor.cpp’s parseTrackFragmentRun() where an integer overflow can cause an out-of-bounds read. This may enable remote elevation of privileges without user interaction on Android 13 devices. Documented impact is high across confidentiality, int...

9.8CVSS8.8AI score0.00489EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.96 views

CVE-2022-42508

CVE-2022-42508 affects Android kernel components via ProtocolCallBuilder::BuildSendUssd, where a missing bounds check enables an out-of-bounds write. This can lead to local elevation of privilege with SYSTEMExecution privileges required; exploitation does not require user interaction. The availab...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.96 views

CVE-2022-42520

CVE-2022-42520: Use-after-free in Android’s ServiceInterface::HandleRequest (serviceinterface.cpp) can lead to local escalation of privilege to system level. Affected component: Android kernel/service interface; exploitation described as LOCAL with HIGH privileges required and no user interaction...

6.7CVSS6.6AI score0.00124EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.96 views

CVE-2022-42527

CVE-2022-42527 involves a crash in the Android kernel due to a missing null check in the function cd_SsParseMsg of cd_SsCodec.c. The issue could allow remote denial of service without requiring privileges or user interaction. The available sources consistently describe the affected component as p...

7.5CVSS7.3AI score0.00598EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.96 views

CVE-2022-42528

CVE-2022-42528 affects Android kernel (ffa_mrd_prot in shared_mem.c). A logic error can cause local information disclosure without additional privileges, with no user interaction required. The vulnerability is documented across multiple sources (Android Pixel kernel context, Red Hat/GNU reference...

5.5CVSS5.1AI score0.00095EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.96 views

CVE-2022-42531

CVE-2022-42531 affects the Android kernel component gs_ldfw_load.c, specifically the mmu_map_for_fw path. The issue is described as a mitigation bypass due to Permissive Memory Allocation, enabling local elevation of privilege without additional execution privileges or user interaction. The vulne...

7.8CVSS7.7AI score0.00138EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.96 views

CVE-2023-20734

CVE-2023-20734 affects the vcu module in MediaTek chips. The issue is described as an out-of-bounds write due to a missing bounds check, potentially enabling local escalation of privilege with SYSTEM privileges and no user interaction required. A patch is available (ALPS07645149; ALPS07645184). C...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.96 views

CVE-2023-20848

The CVE-2023-20848 entry concerns an out-of-bounds read in imgsys_cmdq caused by missing valid range checking, enabling local escalation of privileges with user interaction required. Documented impact is high for confidentiality/integrity/availability, and a patch ID (ALPS07340433) is noted as th...

6.5CVSS6.5AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.96 views

CVE-2023-20994

CVE-2023-20994 affects Android 13 via an out-of-bounds write in the function _ufdt_output_property_to_fdt in ufdt_convert.c. The vulnerability stems from an incorrect bounds check, enabling a local escalation of privilege with System execution privileges required and no user interaction. The avai...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.96 views

CVE-2023-21027

CVE-2023-21027 affects PasspointXmlUtils.java on Android 13. A logic error enables an authentication misconfiguration that can lead to remote information disclosure without additional privileges and without user interaction. NVD CVSSv3.1 base score is 7.5 (HIGH) with network attack vector, no pri...

7.5CVSS7.2AI score0.00476EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.96 views

CVE-2023-21052

CVE-2023-21052 affects the Android kernel component ril_external_client.cpp (setToExternal). The issue is an out-of-bounds write caused by a missing bounds check in that function, enabling local privilege escalation with system-level execution privileges and no user interaction required. Exploita...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.96 views

CVE-2023-21075

CVE-2023-21075 affects the Android kernel; the vulnerability is in get_svc_hash inside nan.cpp, caused by an out-of-bounds write due to a heap buffer overflow. The impact is local elevation of privilege with System-level execution privileges required; exploitation is possible without user interac...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.96 views

CVE-2023-21395

CVE-2023-21395 involves a Bluetooth use-after-free bug that can trigger an out-of-bounds read, enabling remote information disclosure without user interaction or additional privileges. The vulnerability is documented across multiple feeds (NVD entry authoring the Bluetooth impact; Red Hat and oth...

6.5CVSS6.6AI score0.00182EPSS
CVE
CVE
added 2023/10/11 7:25 p.m.96 views

CVE-2023-35662

CVE-2023-35662 is a Pixel/Shannon baseband vulnerability described as an out-of-bounds write due to a buffer overflow that could enable remote code execution with no user interaction. The issue is reported as a Critical RCE in Google Pixel security guidance, and the Pixel Update Bulletin lists th...

9.8CVSS9.5AI score0.00426EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.96 views

CVE-2024-29746

CVE-2024-29746 affects the lpm_req_handler in lpm.c, with a possible out-of-bounds write caused by improper input validation. This can enable local elevation of privilege without user interaction. Connected sources (Red Hat, NVD, CVE lists, and Android Pixel bulletin) confirm the issue exists in ...

8.4CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.96 views

CVE-2024-29786

CVE-2024-29786 describes a potential remote code execution in Google Pixel devices due to an out-of-bounds write in the function pktproc_fill_data_addr_without_bm within link_rx_pktproc.c caused by a missing bounds check. The issue affects Pixel firmware/CPIF as listed in the Pixel bulletin; the ...

9.8CVSS7.5AI score0.00251EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.96 views

CVE-2024-32891

CVE-2024-32891 affects Google's Pixel/Android media.c, specifically the sec_media_unprotect function. The issue is described as a memory corruption caused by a race condition, which could enable local escalation of privilege without requiring additional privileges or user interaction. The availab...

7CVSS7AI score0.00085EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.96 views

CVE-2024-32895

CVE-2024-32895 affects the BCMFASTPATH component (dhd_msgbuf.c) with an out-of-bounds write caused by a missing bounds check. The documented impact is local elevation of privilege without additional execution privileges required, and exploitation reportedly requires no user interaction. Connected...

9.8CVSS6.9AI score0.00209EPSS
CVE
CVE
added 2026/04/06 6:20 p.m.96 views

CVE-2026-0049

CVE-2026-0049 centers on the Android Framework component LocalImageResolver.java, with the root cause in onHeaderDecoded leading to resource exhaustion and a possible persistent denial-of-service. Exploitation is local and does not require user interaction. Public references consistently describe...

6.2CVSS6AI score0.00101EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.95 views

CVE-2015-3100

Adobe Flash Player and related components are affected by a stack-based buffer overflow (CVE-2015-3100) that enables arbitrary code execution. Affected product/version range includes Flash Player prior to 13.0.0.292 and 14.x through 18.x prior to 18.0.0.160 on Windows/macOS, and prior to 11.2.202...

10CVSS7.9AI score0.07715EPSS
Total number of security vulnerabilities8153