Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/06/28 12:0 a.m.94 views

CVE-2023-21225

CVE-2023-21225 affects the Android kernel (Pixel context) and describes a vulnerability where failure to lock display power allows bypassing the protected confirmation screen, enabling local privilege escalation with no additional execution privileges required. Exploitation requires user interact...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.94 views

CVE-2023-21227

CVE-2023-21227 describes an information disclosure in Android’s HTBLogKM in htbserver.c that can lead to local kernel information disclosure without extra privileges or user interaction. Publicly documented by NVD/Red Hat/CNVD and reflected in the Android Security Bulletin, this issue affects And...

7.5CVSS6.7AI score0.00294EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.94 views

CVE-2023-21236

CVE-2023-21236 affects the Android kernel in the aoc_service_set_read_blocked function of aoc.c, where a missing bounds check enables an out-of-bounds write. This can lead to local elevation of privileges requiring System level execution. The vulnerability is associated with Android kernel compon...

6.7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.94 views

CVE-2023-21263

CVE-2023-21263 affects Android/Kernel components. The vulnerability is in the function OSMMapPMRGeneric of pmr_os.c , describing a possible out-of-bounds write caused by an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges n...

9.8CVSS8.5AI score0.00414EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.94 views

CVE-2023-32848

CVE-2023-32848 affects MediaTek vdec (Video Decoder) with a type confusion that enables an out-of-bounds write. The described impact is local escalation of privilege requiring System execution privileges, with no user interaction needed. Public details confirm the vulnerability is tied to ALPS081...

6.7CVSS6.7AI score0.00104EPSS
CVE
CVE
added 2023/10/11 7:25 p.m.94 views

CVE-2023-35661

CVE-2023-35661 is described as an out-of-bounds read in the function ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp caused by a missing bounds check. This can lead to remote information disclosure without additional privileges or user interaction. The CVE description does not specify affected ...

7.5CVSS7.1AI score0.00359EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.94 views

CVE-2023-48342

CVE-2023-48342 affects the media service and describes a potential out-of-bounds write caused by a missing bounds check. The impact is local denial of service with System execution privileges required. The vulnerability is rated MEDIUM (CVSS 3.1: 4.4), with a Local attack vector and High availabi...

4.4CVSS4.7AI score0.00084EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.94 views

CVE-2024-20049

CVE-2024-20049 affects the flashc component in MediaTek-chip devices. The vulnerability is caused by an uncaught exception in flashc, enabling possible local information disclosure with System privileges required for exploitation; no user interaction is needed. A patch is available (Patch ID: ALP...

4.4CVSS6AI score0.00101EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.94 views

CVE-2024-29778

CVE-2024-29778 : Vulnerability in ProtocolPsDedicatedBearInfoAdapter::processQosSession (protocolpsadapter.cpp) with a missing bounds check causing an out-of-bounds read. This could enable local information disclosure and require baseband firmware compromise; exploitation does not require user in...

4.7CVSS5.9AI score0.00075EPSS
CVE
CVE
added 2024/11/13 5:13 p.m.94 views

CVE-2024-31337

CVE-2024-31337 affects PVRSRVRGXKickTA3DKM in rgxta3d.c. The vulnerability arises from improper input validation, enabling arbitrary code execution and local kernel privilege escalation with no extra privileges or user interaction required. The issue is discussed across multiple catalogs (NVD/And...

8.4CVSS7.4AI score0.00109EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.93 views

CVE-2015-3105

CVE-2015-3105 affects Adobe Flash Player and related AIR/SDK components. The vulnerability enables arbitrary code execution or memory-corruption-induced DoS via unspecified vectors in Flash Player and AIR across Windows, macOS, Linux, and Android, with affected versions listed in the initial desc...

10CVSS7.6AI score0.96079EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.93 views

CVE-2015-5580

CVE-2015-5580 corresponds to a memory corruption vulnerability in Adobe Flash Player and related AIR components, reported as APSB15-23. Affected products include Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/OS X, and before 11.2.202.521 on Linux, plus Adobe AIR before 19.0...

10CVSS7.8AI score0.0394EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.93 views

CVE-2015-6636

The CVE-2015-6636 issue affects Android Mediaserver. A remote attacker could execute arbitrary code or trigger memory corruption by processing a crafted media file in Mediaserver, on Android 5.x up to 5.1.1 (LMY49F) and Android 6.0 up to 2016-01-01. Root cause: memory corruption in mediaserver wh...

10CVSS9.5AI score0.0206EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.93 views

CVE-2015-6646

CVE-2015-6646 affects the Android/Linux kernel System V IPC implementation. The issue allows local attackers to cause a denial of service through global kernel resource consumption due to improper interaction between IPC resource allocation and the memory manager (internal bug 22300191). The Nexu...

7.8CVSS5.7AI score0.006EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.93 views

CVE-2017-0557

CVE-2017-0557 is an information-disclosure vulnerability in libmpeg2 within Android’s Mediaserver. A local attacker could access data outside of the app’s permission level due to a flaw in Mediaserver’s handling of media processing. Affected Android versions include 6.0, 6.0.1, 7.0, and 7.1.1. Th...

5.5CVSS5.2AI score0.00597EPSS
CVE
CVE
added 2019/06/19 8:1 p.m.93 views

CVE-2019-2017

CVE-2019-2017 : In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check, enabling local elevation of privilege with no additional execution privileges required. Exploitation requires user interaction. Affected are Android versions 7...

7.8CVSS7.7AI score0.00201EPSS
CVE
CVE
added 2020/03/10 8:4 p.m.93 views

CVE-2020-0055

Summary (CVE-2020-0055) : Affected software is Android 10. The issue is in the function l2c_link_process_num_completed_pkts of l2c_link.cc , where a missing bounds check allows a possible out-of-bounds read. This can lead to local information disclosure without additional execution privileges; us...

5.5CVSS5.7AI score0.00166EPSS
CVE
CVE
added 2020/06/04 11:24 p.m.93 views

CVE-2020-13839

CVE-2020-13839 describes a buffer overflow in a custom AT command handler on LG mobile devices running Android OS 7.2, 8.x, 9, and 10 with MTK chipsets. The underlying issue is a code execution vulnerability caused by improper handling of AT commands, allowing an attacker to execute arbitrary cod...

10CVSS9.5AI score0.00869EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.93 views

CVE-2021-0527

CVE-2021-0527 concerns a memory management driver issue where a use-after-free can cause memory corruption, enabling local privilege escalation without additional privileges. The vulnerability is described across multiple sources as affecting Android devices with MediaTek memory management driver...

7.8CVSS7.8AI score0.00116EPSS
Web
CVE
CVE
added 2022/03/30 4:2 p.m.93 views

CVE-2021-39781

CVE-2021-39781 affects Android 12L with a vulnerability in SmsController permitting information disclosure via a permissions bypass, enabling local escalation of privilege and SMS sending without extra privileges. The issue is documented in Android 12L security release notes; mitigation is provid...

7.8CVSS7.4AI score0.00107EPSS
CVE
CVE
added 2022/05/03 8:1 p.m.93 views

CVE-2022-20099

CVE-2022-20099: In the aee daemon, there is an out-of-bounds write caused by improper input validation, enabling local escalation of privilege to SYSTEM with no user interaction required. Patch ALPS06296442 issued. Connected references corroborate the issue; exploitation details are not provided ...

7.8CVSS7.7AI score0.00107EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.93 views

CVE-2022-20159

CVE-2022-20159 affects the Android kernel via the asn1_ec_pkey_parse function in acropora/crypto/asn1_common.c. The issue is an out-of-bounds read caused by an incorrect bounds check, which can lead to local information disclosure with system privileges (no user interaction required). Exploitatio...

4.9CVSS4.3AI score0.00113EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.93 views

CVE-2022-20174

CVE-2022-20174 affects the Android kernel on Exynos GS101. The issue is in the function exynos_secEnv_init in mach-gs101.c , where an incorrect bounds check may cause an out-of-bounds read. This can lead to local information disclosure with system execution privileges required; exploitation is de...

4.4CVSS4.2AI score0.00111EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.93 views

CVE-2022-20200

CVE-2022-20200 affects Android 12L’s SoftApManager.updateApState, where a missing permission check can leak hotspot state. This enables local information disclosure with no extra privileges and no user interaction. The vulnerability is documented across multiple sources (NVD/Red Hat/PRION/Pixel b...

5.5CVSS5AI score0.00103EPSS
CVE
CVE
added 2022/08/11 3:0 p.m.93 views

CVE-2022-20371

Summary: CVE-2022-20371 affects the Android kernel, specifically the dm_bow_dtr path in dm-bow.c, due to a race-condition use-after-free. The vulnerability enables local escalation of privilege to System by exploiting a race condition, with no user interaction required. Documents consistently des...

6.4CVSS6.5AI score0.00072EPSS
CVE
CVE
added 2022/08/11 3:3 p.m.93 views

CVE-2022-20383

CVE-2022-20383 affects the Android kernel via AllocateInternalBuffers in g3aa_buffer_allocator.cc, where an integer overflow can cause an out-of-bounds write. This enables local privilege escalation with no extra user interaction required. Documents indicate the issue exists in the Android kernel...

7.8CVSS7.7AI score0.00099EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.93 views

CVE-2022-20527

CVE-2022-20527 affects Android 13 and is due to an out-of-bounds read in HalCoreCallback (halcore.cc) from NFC firmware caused by a missing bounds check. The issue enables local information disclosure with no additional execution privileges and no user interaction required (ATT&CK: Local, Privile...

5.5CVSS5AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.93 views

CVE-2022-20543

CVE-2022-20543 affects Android-13 on Google Pixel devices. The issue is a display crash loop caused by improper input validation in multiple locations, enabling local denial of service with system execution privileges required. Exploitation is local with no user interaction. The Pixel bulletin in...

2.3CVSS4AI score0.00164EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.93 views

CVE-2022-20581

CVE-2022-20581 affects the Pixel camera driver in the Android kernel. The issue is a use-after-free caused by a logic error, enabling local escalation of privilege with System-level execution privileges required. No user interaction is needed for exploitation. Documented exposure is limited to th...

6.7CVSS6.7AI score0.00182EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.93 views

CVE-2022-42502

CVE-2022-42502 : A missing bounds check in FacilityLock::Parse (simdata.cpp) enables a possible out-of-bounds write, leading to local escalation of privilege with System privileges required and no user interaction. Affected: Android kernel component (rild_exynos is referenced in related records)....

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.93 views

CVE-2023-20755

CVE-2023-20755 is a MediaTek keyinstall vulnerability. An out-of-bounds write caused by an integer overflow could allow local privilege escalation with System execution privileges, without user interaction. The issue is tracked as MediaTek ALPS07510064 (Issue ALPS07509605). Public references indi...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.93 views

CVE-2023-20844

CVE-2023-20844 affects the imgsys_cmdq component in MediaTek devices. The issue is an out-of-bounds read caused by missing valid range checking, potentially enabling local information disclosure with system-execution privileges required. Exploitation requires user interaction. The vulnerability i...

4.2CVSS4AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.93 views

CVE-2023-21067

CVE-2023-21067 is described as affecting the Android kernel in Pixel devices. The Pixel security bulletin lists CVE-2023-21067 under the Pixel section and ties fixes to the 2023-03-01 patch level, indicating a remediation exists there. The available documents do not provide explicit root cause de...

7.5CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.93 views

CVE-2023-32812

CVE-2023-32812 affects the gnss service in MediaTek contexts, with an out-of-bounds write caused by improper input validation. The resulting impact is local privilege escalation with SYSTEM privileges needed, and exploitation requires no user interaction. A patch is noted (ALPS08017365 / ALPS0801...

6.7CVSS6.5AI score0.00095EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.93 views

CVE-2023-32847

CVE-2023-32847 is a MediaTek audio module vulnerability described as an out-of-bounds write caused by a missing bounds check. It could enable local escalation of privilege and requires user interaction to exploit. A fix is identified as Patch ID ALPS08241940 (Issue ID ALPS08241940). The connected...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.93 views

CVE-2023-48344

CVE-2023-48344 is described across multiple sources as a local out-of-bounds read in the video decoder due to improper input validation, leading to local denial of service without requiring extra privileges. Public details are provided in the Android Jan 2024 security bulletin (listed under Uniso...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2023/12/08 3:39 p.m.93 views

CVE-2023-48399

CVE-2023-48399 describes an out-of-bounds read in ProtocolMiscATCommandAdapter::Init() (protocolmiscadapter.cpp) due to a missing bounds check. This can lead to local information disclosure and requires baseband firmware compromise for exploitation; no user interaction is needed. Multiple connect...

5.5CVSS5AI score0.001EPSS
CVE
CVE
added 2023/12/08 3:41 p.m.93 views

CVE-2023-48407

CVE-2023-48407 affects Google Pixel bootloader: a logic error may prevent the DCK from being deleted after factory reset, enabling local elevation of privilege with no user interaction. Exploitation details are not provided in the documents; the Pixel update bulletin lists CVE-2023-48407 as a boo...

7.8CVSS7.7AI score0.0011EPSS
CVE
CVE
added 2024/03/11 6:55 p.m.93 views

CVE-2024-27211

CVE-2024-27211 : Affects the AtiHandleAPOMsgType function in ati_Main.c. The vulnerability is an out-of-bounds write (OOB) caused by a missing null check, enabling local escalation of privilege with no additional execution privileges required and with no user interaction needed. Multiple sources ...

7.7CVSS7AI score0.00089EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.93 views

CVE-2024-29752

In CVE-2024-29752, the flaw resides in the function tmu_set_tr_num_thresholds inside tmu.c. It enables an out-of-bounds write due to a missing bounds check in this routine, which could allow a local escalation of privilege. The impact is described as local privilege escalation with no additional ...

7.8CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.93 views

CVE-2024-32905

CVE-2024-32905 affects Google Pixel devices via the circ_read path in link_device_memory_legacy.c, where an incorrect bounds check can cause an out-of-bounds write. This can enable remote code execution without user interaction. The Pixel security bulletin groups this under the cpif subcomponent ...

9.8CVSS7.5AI score0.00325EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.93 views

CVE-2024-32910

The CVE-2024-32910 issue affects Trusty/TEE in the Android stack (tipc.c: handle_msg_shm_map_req). It describes a possible stack data disclosure from uninitialized data in the SPI/TIPC path, enabling local information disclosure without extra privileges or user interaction. The Android Pixel bull...

5.5CVSS6AI score0.00076EPSS
CVE
CVE
added 2024/12/18 7:8 p.m.93 views

CVE-2024-47040

CVE-2024-47040 is a Use-After-Free in the Android Android Pixel stack involving the android.hardware.radio.sap.ISap/slot2 service. Root cause: a logic error leads to UAF, enabling local Elevation of Privilege with no user interaction. Documents provide no exploitation details or specific patch/ve...

10CVSS6.7AI score0.00179EPSS
CVE
CVE
added 2019/06/19 8:4 p.m.92 views

CVE-2019-2021

CVE-2019-2021 describes an information-disclosure flaw in the Android rw_t3t.cc component: in rw_t3t_act_handle_ndef_detect_rsp there is a missing bounds check that allows an out-of-bounds read. This could enable local information disclosure with no execution privileges required, and exploitation...

7.1CVSS5.9AI score0.00758EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.92 views

CVE-2021-0880

CVE-2021-0880 involves the PowerVR kernel driver’s PVRSRVBridgeRGXKickTA3D, where a missing size check can trigger an integer overflow and out-of-bounds heap access. This enables local escalation of privilege with no additional execution privileges required and without user interaction. Connected...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.92 views

CVE-2021-39769

CVE-2021-39769 concerns an information-disclosure vulnerability in Android 12L’s Device Policy component where there is a missing permission check that allows an app to determine whether another app is installed without query permissions. The issue enables local information disclosure without ext...

5.5CVSS5.5AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.92 views

CVE-2021-39773

CVE-2021-39773 affects Android 12L where VpnManagerService may disclose installed VPN packages via a side-channel information disclosure, enabling local information disclosure without extra execution privileges. The issue is described in Android 12L security release notes and related CVE listings...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.92 views

CVE-2022-20017

CVE-2022-20017 affects the ion driver and is described as an information-disclosure vulnerability caused by an incorrect bounds check, enabling local information disclosure without extra execution privileges and with no user interaction required. Documented impact per NVD/CVE listings: CVSSv3.1 b...

5.5CVSS5.1AI score0.00118EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.92 views

CVE-2022-20031

CVE-2022-20031 affects the fb driver with a use-after-free leading to memory corruption and local privilege escalation. Exploitation is reported to require no user interaction. Patch ALPS05850708/ALPS05850708 corrects the issue. Demonstrated impact is restricted to the described local escalation ...

7.8CVSS7.8AI score0.00118EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.92 views

CVE-2022-20056

CVE-2022-20056 affects the preloader (usb) on MediaTek-based devices, with an out-of-bounds write due to a missing bounds check. The issue can lead to local privilege escalation when an attacker has physical access, with user interaction required for exploitation. Impact is described as partial c...

6.6CVSS6.5AI score0.0013EPSS
Total number of security vulnerabilities8153