Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/02 10:11 p.m.432 views

CVE-2025-22438

CVE-2025-22438 affects Android’s InputDispatcher.cpp, in the afterKeyEventLockedInterruptable path, where a use-after-free issue is reported. The vulnerability could enable local elevation of privilege with no additional execution privileges and no user interaction required, per the linked source...

7.8CVSS6.4AI score0.00082EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.432 views

CVE-2025-26450

CVE-2025-26450 affects Android-related code in onInputEvent of IInputMethodSessionWrapper.java. The issue allows an untrusted app to inject key and motion events to the default IME due to a missing permission check, enabling local privilege escalation with no additional privileges required. User ...

7.8CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.432 views

CVE-2025-26462

CVE-2025-26462 corresponds to a logic error in AccessibilityServiceConnection.java that can cause a background activity launch and local privilege escalation without user interaction. Multiple trusted sources (NVD, Red Hat, OSV) confirm the Issue, with CVSS v3.1: Local, Low UI, High impact on con...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.432 views

CVE-2025-26463

CVE-2025-26463 affects Android components where the vulnerability is in the function or flow that handles allowPackageAccess across multiple files, leading to resource exhaustion. The underlying impact is a local persistent denial of service with no additional execution privileges needed and no u...

5.5CVSS5.9AI score0.0008EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.431 views

CVE-2024-49739

CVE-2024-49739 describes an out-of-bounds write in the function MMapVAccess within pmr_os.c, caused by insufficient input validation. This could enable local privilege escalation with no required user interaction. The CVE is reflected across multiple sources (NVD, Red Hat, OSV) and is associated ...

4CVSS6.4AI score0.00102EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.431 views

CVE-2025-22442

CVE-2025-22442 describes a race-condition in multiple functions of DevicePolicyManagerService.java that could allow installation of unauthorized apps into a newly created work profile, causing local elevation of privilege without extra execution privileges. The issue is classified as EoP with loc...

7CVSS6.3AI score0.00063EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.431 views

CVE-2025-26422

CVE-2025-26422 affects Android’s WindowManagerService (dumpsys) where a missing permission check could allow a local elevation of privilege. The public description notes that exploitation requires local access with no extra privileges and no user interaction. Android security bulletin entries for...

4CVSS6.2AI score0.00086EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.430 views

CVE-2025-22417

CVE-2025-22417 affects Android where finishTransition in Transition.java can bypass touch filtering via a tapjacking/overlay attack, enabling local elevation of privilege with no extra execution privileges required. Exploitation requires user interaction. Documents consistently describe this as a...

7.3CVSS6.3AI score0.00077EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.430 views

CVE-2025-26430

CVE-2025-26430 affects SpaAppBridgeActivity (Android). A logic error in getDestinationForApp may allow cross-user file reveal, enabling local elevation of privilege with no extra privileges and no user interaction. Documents indicate this CVE is addressed in Android security bulletins with 2025-0...

7.8CVSS6.3AI score0.00079EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.429 views

CVE-2024-49730

CVE-2024-49730 affects Android components involving FuseDaemon.cpp, where a memory corruption leads to an out-of-bounds write. This can enable local privilege escalation with no user interaction required. The issue is documented across multiple feeds (NVD/Red Hat/OSV, etc.) and is addressed in An...

7.8CVSS6.4AI score0.00083EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.429 views

CVE-2025-22431

CVE-2025-22431 is an Android Framework DoS vulnerability arising from a logic error in multiple locations that can prevent dialing emergency services under limited circumstances. The impact is local denial of service until reboot, with exploitation not requiring user interaction. The Android Secu...

5.5CVSS5.5AI score0.00077EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.429 views

CVE-2025-26424

The CVE CVE-2025-26424 concerns VpnManager.java in the Android framework, where a logic error enables cross-user data leakage. The impact is local information disclosure without extra privileges or user interaction. Exploitation details are not provided in the connected documents, and there is no...

4CVSS5.1AI score0.00092EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.429 views

CVE-2025-26448

The CVE-2025-26448 vulnerability is an information disclosure flaw: in CursorWindow.cpp, writeToParcel can trigger an out-of-bounds read due to uninitialized data. The impact is local information exposure without extra execution privileges, and exploitation does not require user interaction. Affe...

5.5CVSS5AI score0.00079EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.428 views

CVE-2024-49720

CVE-2024-49720 affects Android permissions handling in Permissions.java, where a logic error could allow a local attacker to override the user’s location permission state. The issue enables local escalation of privilege without additional execution privileges and without user interaction. Connect...

7.8CVSS6.4AI score0.00093EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.428 views

CVE-2025-26441

CVE-2025-26441 affects Google Android: an out-of-bounds read in the add_attr path of sdp_discovery.cc can cause remote information disclosure without extra privileges or user interaction. The issue is described across NVD, Red Hat, OSV, and CNVD/CVE aggregations, all citing a missing bounds check...

6.5CVSS5.5AI score0.00262EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.428 views

CVE-2025-26458

CVE-2025-26458 affects Android’s LocationProviderManager.java, where a logic error can trigger a background activity launch, enabling local elevation of privilege with no extra execution privileges or user interaction required. Multiple connected sources corroborate a local-privilege-escapable co...

7.8CVSS6.4AI score0.00086EPSS
CVE
CVE
added 2019/09/06 9:51 p.m.427 views

CVE-2019-9453

CVE-2019-9453 corresponds to an out-of-bounds read in the Android kernel F2FS touch driver, caused by improper input validation. This can enable local information disclosure and could potentially allow system-level privileges; exploitation requires local access with no user interaction. Publicly ...

4.4CVSS4.5AI score0.00179EPSS
CVE
CVE
added 2025/09/04 5:11 p.m.427 views

CVE-2025-26420

CVE-2025-26420 concerns Android’s GrantPermissionsActivity.java, where a permission overload vulnerability may allow an attacker to mislead a user into granting the wrong permission, enabling local privilege escalation. The issue is described across multiple feeds as affecting the System/Permissi...

4.4CVSS6.3AI score0.00084EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.427 views

CVE-2025-26432

CVE-2025-26432: A DoS vulnerability in Google Android arises from missing length checks in multiple locations, allowing local denial of service with no extra privileges and no user interaction. The issue is described across multiple CVE feeds; Android bulletin details assignability to patch level...

5.5CVSS5.5AI score0.00076EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.427 views

CVE-2025-26445

The CVE-2025-26445 entry concerns a vulnerability in Android’s ConnectivityService.java, specifically in offerNetwork, where a missing permission check can cause an information disclosure. The issue allows local information disclosure without additional execution privileges and does not require u...

5.5CVSS4.8AI score0.00074EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.427 views

CVE-2025-26449

CVE-2025-26449 is a Google Android DoS vulnerability due to resource exhaustion causing local denial of service with no user interaction. Public documents corroborate a local impact and DoS classification across Android components; the Android bulletin notes patch levels 2025-06-01 and 2025-06-05...

5.5CVSS5.7AI score0.00076EPSS
CVE
CVE
added 2025/09/04 5:14 p.m.426 views

CVE-2025-26443

CVE-2025-26443 affects Android’s HtmlToSpannedParser.parseHtml, where a logic error could permit installing apps without enabling installation from unknown sources. This is a local privilege escalation vulnerability (local vector, requires user interaction). The issue is tied to the parseHtml pat...

7.3CVSS6.4AI score0.00132EPSS
CVE
CVE
added 2025/09/04 5:15 p.m.426 views

CVE-2025-26453

CVE-2025-26453 concerns a cross-user information disclosure in Android Bluetooth code (BluetoothOppSendFileInfo.java) due to a logic error in isContentUriForOtherUser. The issue enables local information disclosure with no extra execution privileges and does not require user interaction. The prim...

5.5CVSS5AI score0.00084EPSS
CVE
CVE
added 2025/09/02 10:11 p.m.425 views

CVE-2025-22435

The CVE-2025-22435 issue affects the Android Bluetooth stack (avdt_msg_ind in avdt_msg.cc) where a type confusion leads to memory corruption. This can enable escalation of privilege on a paired device with no additional execution privileges and no user interaction required. CVSSv3.1 metrics indic...

9.8CVSS6.8AI score0.00237EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.419 views

CVE-2022-20141

CVE-2022-20141 (Android kernel) : In igmp.c, the function ip_check_mc_rcu has a use-after-free due to improper locking, enabling local escalation of privilege when opening/closing inet sockets without extra privileges. This vulnerability is associated with the Android kernel and upstream referenc...

7CVSS7.4AI score0.00141EPSS
CVE
CVE
added 2016/02/08 2:0 a.m.418 views

CVE-2016-0728

The CVE-2016-0728 issue affects the Linux kernel up to version 4.4.1, specifically in the keyring handling path join_session_keyring() within security/keys/process_keys.c. A flaw in object reference management in an error path can allow a local, unprivileged user to escalate privileges or cause a...

7.8CVSS6.5AI score0.03646EPSS
In wild
CVE
CVE
added 2018/08/07 9:0 p.m.418 views

CVE-2018-5383

CVE-2018-5383 is a Bluetooth input-validation vulnerability affecting Apple platforms (e.g., macOS High Sierra and later, iOS 11.4 and later; also appearing in tvOS/watchOS updates per Apple advisories). The issue arises from insufficient validation of elliptic-curve parameters used during Diffie...

8CVSS6.1AI score0.00802EPSS
CVE
CVE
added 2020/12/14 9:50 p.m.418 views

CVE-2020-0444

CVE-2020-0444 affects the Android kernel. The issue is in audit_free_lsm_field in auditfilter.c, caused by a logic error in audit_data_to_entry that may allow local escalation of privilege with no extra privileges or user interaction. The connected Nessus advisories (Unity Linux UTSA-2026-004184/...

7.8CVSS8AI score0.00213EPSS
CVE
CVE
added 2022/08/09 8:21 p.m.417 views

CVE-2022-20345

CVE-2022-20345 affects Android 12/12L with a vulnerability in the Bluetooth L2C BLE implementation. The issue is a missing bounds check in l2cble_process_sig_cmd (l2c_ble.cc) that can cause an out-of-bounds write, enabling remote code execution over Bluetooth without user interaction. Android bul...

8.8CVSS8.8AI score0.00396EPSS
CVE
CVE
added 2023/08/14 9:5 p.m.417 views

CVE-2023-21282

CVE-2023-21282 affects Google Android components via TRANSPOSER_SETTINGS in lpp_tran.h, with an out-of-bounds write caused by an incorrect bounds check. The impact is remote code execution with user interaction required, as stated in the CVE description and mirrored by multiple advisories (NVD en...

8.8CVSS8.9AI score0.01032EPSS
CVE
CVE
added 2023/08/14 8:59 p.m.416 views

CVE-2023-21265

CVE-2023-21265 affects Android’s trust management by listing multiple root CA certificates that must be disabled. The underlying issue enables remote information disclosure without additional execution privileges and requires no user interaction. Public documents describe the affected area as the...

7.5CVSS7.2AI score0.00278EPSS
CVE
CVE
added 2024/11/19 1:30 a.m.413 views

CVE-2024-50302

CVE-2024-50302 affects the Linux kernel HID core by leaving the HID report buffer potentially uninitialized, enabling possible memory leakage via crafted reports. The fixed behavior is to zero-initialize the report buffer at allocation time. Public advisories (including AstraLinux and AlmaLinux f...

5.5CVSS6.6AI score0.00809EPSS
In wild
CVE
CVE
added 2020/05/14 8:10 p.m.412 views

CVE-2020-0093

CVE-2020-0093 is a libexif vulnerability affecting Android 8.x–10, where a missing bounds check in exif_data_save_data_entry can cause an out-of-bounds read, leading to local information disclosure. The issue arises from an insufficient bounds check in exif-data.c; exploit requires user interacti...

5CVSS6AI score0.00301EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.407 views

CVE-2022-22265

Technical details about CVE-2022-22265 are not publicly provided in the connected documents. The sources mention the vulnerability at a high level; monitor official advisories for patches affecting Samsung NPU drivers.

7.8CVSS8AI score0.00392EPSS
In wild
CVE
CVE
added 2019/09/27 6:5 p.m.405 views

CVE-2019-9278

CVE-2019-9278 affects libexif. The vulnerability is an out-of-bounds write caused by an integer overflow in libexif, leading to remote escalation of privilege in the media content provider. Exploitation requires user interaction. Affected versions include Android-10 (and related platforms in the ...

8.8CVSS8.5AI score0.04059EPSS
CVE
CVE
added 2023/08/14 8:59 p.m.405 views

CVE-2023-21264

CVE-2023-21264 affects the Linux kernel (ARM64 KVM) where a memory access check in mem_protect.c can permit access to hypervisor memory due to the check being in the wrong place. The result is local elevation of privilege to System execution level, with exploitation not requiring user interaction...

6.7CVSS6.9AI score0.00151EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.402 views

CVE-2019-2219

CVE-2019-2219 affects the Android Framework, specifically when linked to NotificationManagerService and related files. The described issue is a local elevation of privilege due to a permission bypass that could allow recording audio from the background without user notification, requiring User ex...

4.7CVSS4.9AI score0.00148EPSS
CVE
CVE
added 2020/11/10 12:50 p.m.396 views

CVE-2020-0452

CVE-2020-0452 affects libexif; the issue is an out-of-bounds write caused by an integer overflow in exif-entry.c, potentially enabling remote code execution when processing remote image data. Multiple connected advisories (CentOS RHSA-2020:5402, ALSA-2020:5393 for AlmaLinux, Amazon Linux ALAS2-20...

9.8CVSS9.2AI score0.03189EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.382 views

CVE-2021-0512

CVE-2021-0512 is a Linux kernel/Android-hid input issue: out-of-bounds write caused by a heap buffer overflow in __hidinput_change_resolution_multipliers of hid-input.c, enabling local privilege escalation with no user interaction. Affected: Android kernel HID input path; exploitation described a...

7.8CVSS7.8AI score0.00282EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.374 views

CVE-2023-20938

CVE-2023-20938 affects the Android kernel via binder_transaction_buffer_release in binder.c, causing a use-after-free due to improper input validation. This can enable local privilege escalation with no extra execution privileges required and without user interaction; the advisory consistently no...

8.1CVSS7.5AI score0.00332EPSS
CVE
CVE
added 2020/12/14 9:51 p.m.370 views

CVE-2020-0465

CVE-2020-0465 refers to the Android kernel HID multitouch vulnerability. In hid-multitouch.c, there is an out-of-bounds write due to a missing bounds check, which could enable local privilege escalation with no additional privileges and no user interaction required. The description confirms affec...

7.2CVSS7.6AI score0.00268EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.367 views

CVE-2017-13156

CVE-2017-13156 is an Android UART-style APK signature bypass (Janus) that allows an attacker to inject or modify an APK without breaking its V1 signature, enabling installation updates with attacker-controlled code. The vulnerability affects Android 5.1.1 through 8.0 (ART), enabling elevation of ...

7.8CVSS7.4AI score0.20089EPSS
CVE
CVE
added 2020/03/10 7:56 p.m.366 views

CVE-2020-0034

CVE-2020-0034 describes an out-of-bounds read in libvpx’s vp8_decode_frame (decodeframe.c) due to improper input validation that could leak information remotely if error correction is enabled. The vulnerability is exploitable remotely with no user interaction and could lead to information disclos...

7.8CVSS7AI score0.01897EPSS
CVE
CVE
added 2023/07/12 11:53 p.m.365 views

CVE-2023-21400

CVE-2023-21400 affects the Linux kernel io_uring subsystem, specifically in multiple functions within io_uring.c where improper locking on rings with IOPOLL can cause kernel memory corruption. This memory corruption could enable local privilege escalation to kernel System execution privileges wit...

6.7CVSS7.1AI score0.00252EPSS
CVE
CVE
added 2021/06/22 11:13 a.m.348 views

CVE-2021-0605

CVE-2021-0605 is a kernel vulnerability disclosed in the Android/Linux kernel: in pfkey_dump of af_key.c, there is a missing bounds check causing a local out-of-bounds read that can disclose kernel information. Exploitation requires local privileges; no user interaction is needed. Connected advis...

4.9CVSS4.9AI score0.00201EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.345 views

CVE-2024-32896

The CVE-2024-32896 issue is a local Elevation of Privilege (EoP) in the Android Framework affecting Pixel devices, caused by a logic error that could enable privilege escalation with no extra execution privileges. Exploitation requires user interaction per the description, with the Android bullet...

8.1CVSS6.8AI score0.0301EPSS
In wild
CVE
CVE
added 2025/01/28 7:13 p.m.330 views

CVE-2024-40673

CVE-2024-40673 affects Google Android (System component via ZipFile.java) with improper input validation of dynamic code loading, enabling remote code execution without privileges or user interaction. Public details confirm the issue and reference Android security bulletin guidance indicating pat...

6.5CVSS8.7AI score0.00281EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.328 views

CVE-2023-20951

CVE-2023-20951 is an Android RCE issue caused by an out-of-bounds write in gatt_process_prep_write_rsp (gatt_cl.cc). The vulnerability affects Android 11–13 and can enable remote code execution with no privileges and no user interaction, per multiple sources. The Android Security Bulletin (March ...

9.8CVSS9.2AI score0.00489EPSS
CVE
CVE
added 2025/01/28 7:13 p.m.327 views

CVE-2024-40676

CVE-2024-40676 affects Google Android. The issue lies in checkKeyIntent of AccountManagerService.java, which can bypass the intent security check and allow installing an unknown app due to a confused deputy. This enables local elevation of privilege without requiring execution privileges or user ...

7.7CVSS7.5AI score0.00168EPSS
CVE
CVE
added 2019/07/08 5:36 p.m.322 views

CVE-2019-2107

CVE-2019-2107 affects the Android media framework. The issue is an out-of-bounds write in ihevcd_parse_pps (ihevcd_parse_headers.c) that can lead to remote code execution with no additional privileges, requiring user interaction to exploit. Affected Android versions include 7.0 through 9. Public ...

9.3CVSS8.7AI score0.08926EPSS
Total number of security vulnerabilities8153