Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/01/06 7:0 p.m.95 views

CVE-2015-5310

CVE-2015-5310 affects wpa_supplicant 2.x prior to 2.6. The WNM Sleep Mode code does not properly ignore key data in response frames when MFP was not negotiated, allowing remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service via a WNM Sleep Mode response....

4.3CVSS5.3AI score0.01165EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.95 views

CVE-2015-5578

The provided documents confirm CVE-2015-5578 affects Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/OS X, and before 11.2.202.521 on Linux, as well as Adobe AIR before 19.0.0.190 (and AIR SDK/Compiler before 19.0.0.190). The connected advisories indicate the root cause...

10CVSS7.8AI score0.04046EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.95 views

CVE-2016-2067

CVE-2016-2067 affects the Linux kernel MSM GPU driver: drivers/gpu/msm/kgsl.c in the MSM graphics driver (QuIC Android contributions) for kernel 3.x. The root cause is mishandling of the KGSL_MEMFLAGS_GPUREADONLY flag, which can create accidental read/write mappings. This enables a local attacker...

9.3CVSS7.4AI score0.00679EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.95 views

CVE-2019-1988

CVE-2019-1988 affects Android Framework related to a vulnerability in PNG handling. In SkSwizzler.cpp, a possible out-of-bounds write due to improper input validation could lead to remote code execution in the system_server, requiring user interaction to exploit. Affected Android versions include...

9.3CVSS8.8AI score0.0191EPSS
CVE
CVE
added 2020/09/17 3:23 p.m.95 views

CVE-2020-0123

CVE-2020-0123 describes a possible out-of-bounds write caused by an incorrect bounds check in the Android TV sound driver. The vulnerability affects Android TV components, with the root cause identified as a bounds-check fault in the sound subsystem, potentially enabling out-of-bounds writes. The...

10CVSS9AI score0.00635EPSS
CVE
CVE
added 2020/09/17 3:50 p.m.95 views

CVE-2020-0229

CVE-2020-0229 is an out-of-bounds write due to an incorrect bounds check in Android components, specifically affecting MediaTek mdla in the 2020-09-01/05 patch window. The vulnerability is categorized as High/CRITICAL impact with network attack requirements and no user interaction, per the NVD en...

10CVSS9AI score0.00564EPSS
CVE
CVE
added 2020/08/11 7:32 p.m.95 views

CVE-2020-0260

CVE-2020-0260 affects Android devices via the MediaTek Multimedia Processing Driver. The issue is an out-of-bounds read caused by an incorrect bounds check, enabling a potential memory access violation. The CVE is listed with high/severe impact (NVD: CVSSv3.1 base score 9.1, Critical) and Low/Net...

9.1CVSS8.7AI score0.00455EPSS
CVE
CVE
added 2020/11/10 12:53 p.m.95 views

CVE-2020-0446

CVE-2020-0446 refers to an Android vulnerability in the video decoder where a missing bounds check enables an out-of-bounds write. Affected component/area: MediaTek video decoder (Android SoC). Root cause: insufficient bounds checking in decoding paths leading to memory/write outside bounds. Impa...

9.8CVSS9AI score0.00529EPSS
CVE
CVE
added 2021/10/06 5:9 p.m.95 views

CVE-2021-25477

CVE-2021-25477 affects Mediatek RRC Protocol stack; improper error handling could cause a modem crash and remote DoS. Root cause described as error handling weakness in the Mediatek RRC stack prior to SMR Oct-2021 Release 1. Documented impact is network-exposed denial of service with potential av...

4.9CVSS5.2AI score0.00481EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.95 views

CVE-2022-20032

The CVE-2022-20032 entry concerns the vow driver, where a race condition may trigger memory corruption that could disclose local information and potentially grant SYSTEM-level execution privileges. Exploitation reportedly requires no user interaction. A patch/mitigation is listed as ALPS05852822 ...

4.1CVSS4.2AI score0.001EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.95 views

CVE-2022-20073

CVE-2022-20073 affects the preloader (usb) on MediaTek devices, where an integer underflow can trigger an out-of-bounds write. This can enable local escalation of privilege for an attacker with physical device access, with user interaction required for exploitation. The issue is documented with P...

6.6CVSS6.5AI score0.00169EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.95 views

CVE-2022-20176

CVE-2022-20176 affects the Android kernel, specifically the sjtag-driver.c module in the auth_store path. The root cause is a missing bounds check that allows a read of uninitialized memory. This can lead to a local information disclosure and, per the description, may enable system-level executio...

4.4CVSS4.3AI score0.00111EPSS
CVE
CVE
added 2022/08/11 2:58 p.m.95 views

CVE-2022-20365

CVE-2022-20365 affects the Android kernel (Pixel device context) and is labeled Elevation of Privilege (EoP) in userland. The CVE entry is listed under Pixel Update Bulletin security patches, with the issue categorized as Moderate severity for the affected kernel component, and a patch level of 2...

9.8CVSS9.1AI score0.00321EPSS
CVE
CVE
added 2022/08/11 3:4 p.m.95 views

CVE-2022-20403

CVE-2022-20403 targets Google Pixel devices via the Android modem component. The Pixel security bulletin classifies it as RCE (critical) in the Modem with a high impact; the NVD entry records a CVSSv3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The initial records list Product: And...

9.8CVSS9.1AI score0.00349EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.95 views

CVE-2022-20514

CVE-2022-20514 affects Android 13 and is tied to the Idmap2Service.cpp code path. The issue is an out-of-bounds write caused by a use-after-free in acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator, which could enable local escalation of privilege ...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.95 views

CVE-2022-20525

CVE-2022-20525 affects Android 13 and points to a permissions bypass in enforceVisualVoicemailPackage inside PhoneInterfaceManager.java, causing a leak of the visual voicemail package name. The impact is local elevation of privilege with no extra execution privileges and no user interaction requi...

3.3CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.95 views

CVE-2022-20603

CVE-2022-20603 affects the Android kernel: a possible out-of-bounds write in SetDecompContextDb (RohcDeCompContextOfRbId.cpp) due to a missing bounds check. This could enable remote code execution with System privileges, with no user interaction required. Connected sources (NVD, Red Hat, PRION, O...

7.2CVSS7.4AI score0.00922EPSS
CVE
CVE
added 2022/03/08 1:47 p.m.95 views

CVE-2022-25822

Technical details about CVE-2022-25822 are not publicly available in the provided documents; monitor for updates.

6.2CVSS6.2AI score0.00086EPSS
CVE
CVE
added 2023/06/06 5:12 a.m.95 views

CVE-2022-48438

CVE-2022-48438 concerns the cp_dump driver, with a root cause described as a missing bounds check that enables a possible out-of-bounds write. The affected impact is a local denial of service with SYSTEM privileges required. Multiple connected sources (RH, NVD, PRION, Vulnrichment, CVE list, CNNV...

7.3CVSS4.7AI score0.00085EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.95 views

CVE-2022-48459

CVE-2022-48459 affects TeleService, where improper input validation can trigger a system crash, causing local denial of service without requiring additional privileges. The NVD entry records a CVSS v3.1 base score of 5.5 (Attack Vector: Local, Attack Complexity: Low, Privileges Required: Low, Use...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2023/02/15 12:0 a.m.95 views

CVE-2023-20949

CVE-2023-20949 affects the Android kernel: in s2mpg11_pmic_probe() of s2mpg11-regulator.c there is a heap buffer overflow that can cause an out-of-bounds read, enabling local information disclosure without additional privileges. Exploitation is described as local (AV:L, AC:L, PR:L, UI:N, S:U) wit...

5.5CVSS5.3AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.95 views

CVE-2023-21065

The CVE-2023-21065 issue affects the Android kernel’s fdt_next_tag function in fdt.c, causing a possible out-of-bounds write driven by an integer overflow. This could enable local elevation of privilege with system execution privileges required, and no user interaction is needed. No concrete reme...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/10/18 7:10 p.m.95 views

CVE-2023-35656

CVE-2023-35656 affects the Android protocol stack component protocolembmsadapter.cpp, where a missing bounds check enables an out-of-bounds read. This trust boundary flaw can cause remote information disclosure without user interaction, as described across multiple CVE feeds. The available docume...

7.5CVSS7AI score0.0026EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.95 views

CVE-2023-35690

CVE-2023-35690 affects RGXDestroyHWRTData in rgxta3d.c and can cause arbitrary code execution leading to local kernel privilege escalation with no user interaction. Connected sources confirm the issue and its kernel-level impact; no exploit details are provided beyond that. Android’s December 202...

9.8CVSS8.8AI score0.00414EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.95 views

CVE-2023-48341

CVE-2023-48341 affects the video decoder. The issue is an out-of-bounds read caused by improper input validation, which could lead to a local denial of service without requiring additional privileges. The provided documents do not specify a fix or remediation details, and exploitation status is n...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.95 views

CVE-2023-48343

CVE-2023-48343 affects Unisoc Android devices with a vulnerability in the video decoder. The issue is an out-of-bounds write caused by improper input validation, leading to local denial of service without requiring additional privileges. Public details consistently describe this failure mode and ...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.95 views

CVE-2023-48348

CVE-2023-48348 concerns an issue in a video decoder where improper input validation can cause an out-of-bounds write, leading to a local denial of service with no extra privileges. The Red Hat and NVD entries describe the same vulnerability, and Android-related advisories (including Unisoc-listed...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.95 views

CVE-2024-29753

CVE-2024-29753 describes an out-of-bounds write in the function tmu_set_control_temp_step of tmu.c , caused by a missing bounds check. The issue enables local privilege escalation with no extra privileges and without user interaction. Connected sources identify this vulnerability within Google Pi...

7.7CVSS7.1AI score0.00093EPSS
CVE
CVE
added 2015/12/06 1:0 a.m.94 views

CVE-2015-6783

CVE-2015-6783 affects Google Chrome components on Android 5.x–6.x that use Crazy Linker. The vulnerability is in crazy_linker_zip.cpp FindStartOffsetOfFileInZipFile, where EOCD record search is faulty, allowing signature-validation bypass via a crafted ZIP archive. Public docs confirm this CVE wa...

4.3CVSS8.5AI score0.01233EPSS
CVE
CVE
added 2017/05/02 9:0 p.m.94 views

CVE-2015-9004

CVE-2015-9004 affects the Linux kernel up to version 3.18 (pre-3.19). The flaw is in kernel/events/core.c where improper handling of counter grouping enables local privilege escalation via crafted apps, involving perf_pmu_register and perf_event_open. The impact is local Privilege Escalation with...

9.3CVSS7.2AI score0.00845EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.94 views

CVE-2017-13165

CVE-2017-13165 is an elevation-of-privilege vulnerability in the Android kernel file system, affecting the Android kernel (Android ID A-31269937). It is documented across multiple sources (NVD, OSV/UBUNTU-CVE/CNVD) as an EoP issue. The Pixel/Nexus security bulletin lists CVE-2017-13165 under Kern...

7.8CVSS7.4AI score0.00137EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.94 views

CVE-2018-9415

CVE-2018-9415 affects the Android kernel’s bus.c, specifically in driver_override_store and driver_override_show, where a double free can occur due to improper locking. This can enable local escalation of privilege to SYSTEM without user interaction. The vulnerability follows from upstream kernel...

7.8CVSS7.4AI score0.00254EPSS
CVE
CVE
added 2019/06/19 8:1 p.m.94 views

CVE-2019-2018

CVE-2019-2018 affects Android devices via a bypass in resetPasswordInternal in DevicePolicyManagerService.java. The vulnerability allows bypass of password reset protection, with remote exploitation requiring user interaction. Affected Android versions are 8.1 and 9. The issue is documented in th...

9.3CVSS8.6AI score0.01205EPSS
CVE
CVE
added 2020/03/10 8:1 p.m.94 views

CVE-2020-0045

CVE-2020-0045 affects Android 10 framework components. The vulnerability is in StatsService::command where a race condition can cause memory corruption, enabling local escalation of privilege with System execution privileges required. Exploitation is described as local (AV:L, UI:N) with no user i...

6.9CVSS7.1AI score0.00117EPSS
CVE
CVE
added 2020/09/17 6:45 p.m.94 views

CVE-2020-0433

CVE-2020-0433 affects the Android/Linux kernel: use-after-free in blk_mq_queue_tag_busy_iter (blk-mq-tag.c) caused by improper locking, enabling local privilege escalation with no user interaction. Public details in the Initial document describe the flaw; connected Nessus advisories (Unity Linux/...

7.8CVSS8AI score0.00151EPSS
CVE
CVE
added 2020/11/10 12:50 p.m.94 views

CVE-2020-0453

CVE-2020-0453 affects Android:66? In updateNotification of BeamTransferManager.java, an unsafe PendingIntent permits a local permission bypass leading to information disclosure with user privileges. Impact is described in Android’s 2020-11-01 bulletin under System (ID: CVE-2020-0453) with affecte...

5.5CVSS5.1AI score0.0025EPSS
CVE
CVE
added 2021/02/05 11:38 p.m.94 views

CVE-2020-11836

Technical details about CVE-2020-11836 are not provided in the supplied documents; no specifics on affected components, root cause, or fixes are publicly available. Monitor for updates.

5.5CVSS5.4AI score0.00148EPSS
CVE
CVE
added 2021/04/13 6:26 p.m.94 views

CVE-2021-0468

CVE-2021-0468 maps to an elevation of privilege in LK (Little Kernel) used on Android devices. The root cause is an insecure default value in LK, enabling local privilege escalation when an attacker has physical access and no additional execution privileges are required; exploitation may require ...

6.6CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2021/07/14 1:50 p.m.94 views

CVE-2021-0592

CVE-2021-0592 is a Widevine DRM code-execution vulnerability described across multiple sources as out-of-bounds writes caused by improper input validation in WideVine. The NVD entry lists a network attack vector with high impact and a base CVSS v3 score of 8.8 (I:H, A:H, C:H) and notes that user ...

9.3CVSS8.8AI score0.01065EPSS
CVE
CVE
added 2021/06/22 11:13 a.m.94 views

CVE-2021-0606

CVE-2021-0606 concerns the Android kernel DRM driver, specifically the function drm_syncobj_handle_to_fd in drm_syncobj.c. The issue is a use-after-free caused by incorrect refcounting, which can allow local escalation of privilege with system execution privileges required. User interaction is no...

6.7CVSS6.7AI score0.00156EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.94 views

CVE-2022-20164

CVE-2022-20164 is listed in the Pixel security bulletin as an Elevation of Privilege (EoP) affecting the Modem component, tied to the Android kernel. The connected Pixel bulletin entry confirms the issue is categorized as EoP for Modem with no public exploit details provided in the documents. The...

10CVSS9.1AI score0.00461EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.94 views

CVE-2022-20192

CVE-2022-20192 affects Android 12L and relates to grantEmbeddedWindowFocus in WindowManagerService, enabling a permissions bypass that could let an attacker change an input channel in the embedded hierarchy and escalate privileges locally without user interaction. The available documents describe...

7.8CVSS7.6AI score0.00112EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.94 views

CVE-2022-20193

Summary: CVE-2022-20193 affects Android 12L, in getUniqueUsagesWithLabels of PermissionUsageHelper.java, where a logic error could cause incorrect permission attribution. This may allow local escalation of privilege by conflating apps with User execution privileges. Impact : requires user interac...

7.3CVSS7.2AI score0.00125EPSS
CVE
CVE
added 2022/06/15 1:24 p.m.94 views

CVE-2022-20209

CVE-2022-20209 affects Android 12L in the hme_add_new_node_to_a_sorted_array function of hme_utils.c. The issue is an out-of-bounds read caused by a heap buffer overflow, enabling remote information disclosure without additional execution privileges. Exploitation is described as not requiring use...

7.5CVSS7.2AI score0.00754EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.94 views

CVE-2022-20521

CVE-2022-20521 concerns a Bluetooth DoS in Android 13 caused by a missing null check in sdpu_find_most_specific_service_uuid (sdp_utils.cc). The vulnerability can crash Bluetooth, leading to local denial of service with no additional privileges required; exploitation requires user interaction. Do...

5CVSS5AI score0.00165EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.94 views

CVE-2022-20530

CVE-2022-20530 affects Android 13, where a vulnerability in the strings.xml resource can bypass a permission and potentially disclose call logs remotely without extra execution privileges. The issue is described as a permission bypass with remote information disclosure and no user interaction req...

5.3CVSS5.1AI score0.00472EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.94 views

CVE-2022-20562

The CVE-2022-20562 entry concerns a logic error in ap_input_processor.c within the Android kernel’s audio processing path that could allow recording audio during a phone call, leading to local information disclosure. The vulnerability is classified as Information Disclosure with a Local attack ve...

3.3CVSS3.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.94 views

CVE-2022-20579

CVE-2022-20579 concerns Android devices with the rild_exynos/ril service legacy code. The issue is described as a stack clash in RadioImpl::setCdmaBroadcastConfig within ril_service_legacy.cpp that can cause memory corruption. The resulting impact is local escalation of privilege, granting System...

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2022/03/04 3:51 p.m.94 views

CVE-2022-23729

CVE-2022-23729 affects LG mobile devices when in factory state, allowing shell access without adb authentication. The issue is described consistently across multiple sources (NVD, Red Hat, CVE records, CNNVD) as an authentication flaw enabling direct shell access in factory mode. The Root Cause a...

7.8CVSS7.7AI score0.0011EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.94 views

CVE-2023-21225

CVE-2023-21225 affects the Android kernel (Pixel context) and describes a vulnerability where failure to lock display power allows bypassing the protected confirmation screen, enabling local privilege escalation with no additional execution privileges required. Exploitation requires user interact...

7.8CVSS7.7AI score0.00091EPSS
Total number of security vulnerabilities8153