Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/05/03 8:5 p.m.92 views

CVE-2022-20107

CVE-2022-20107 affects the subtitle service and is caused by an integer overflow that can crash the application, enabling local denial of service with SYSTEM privileges. The vulnerability is exploitable locally (attack vector: LOCAL, attack complexity: LOW) and does not require user interaction. ...

4.9CVSS4.7AI score0.00116EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.92 views

CVE-2022-20188

CVE-2022-20188 concerns the Android kernel in Pixel/Android devices. Public data in NVD shows CVSSv3.1 base score 7.5 (Network attack, no user interaction, confidentiality impact High; integrity/availability None). The Pixel security bulletin (June 2022) lists this CVE among fixes for Pixel devic...

7.5CVSS7.4AI score0.00375EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.92 views

CVE-2022-20204

CVE-2022-20204 concerns Android 12L where the function DevicePolicyManagerService.registerRemoteBugreportReceivers lacks a required permission check. The flaw allows forging bug reports, enabling local elevation of privilege with no additional execution privileges and no user interaction required...

7.8CVSS7.6AI score0.00102EPSS
CVE
CVE
added 2022/08/11 3:3 p.m.92 views

CVE-2022-20401

CVE-2022-20401: In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c there is an out-of-bounds read due to a missing bounds check, causing potential remote information disclosure after authentication with no additional privileges required. Affected: Android kernel components; Exploit status not...

7.5CVSS7AI score0.00456EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-20533

Android 13 contains a local privilege escalation risk in WifiSlice.java (getSlice). A missing permission check could allow an attacker with local access to connect to a new WiFi network from guest mode, with no user interaction required. Public documents confirm the issue but do not provide patch...

3.3CVSS4.3AI score0.00109EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-20543

CVE-2022-20543 affects Android-13 on Google Pixel devices. The issue is a display crash loop caused by improper input validation in multiple locations, enabling local denial of service with system execution privileges required. Exploitation is local with no user interaction. The Pixel bulletin in...

2.3CVSS4AI score0.00164EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-20570

Technical details for CVE-2022-20570 are not publicly available in the provided documents. Monitor for updates from the listed sources; no specifics on affected versions, vectors, or fixes are provided here.

5.5CVSS5.5AI score0.00163EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-20580

CVE-2022-20580 is an Android kernel/libufdt issue where an incorrect bounds check in the function ufdt_do_one_fixup within ufdt_overlay.c can cause an out-of-bounds write. This could enable a local escalation of privilege with System privileges required; no user interaction is described for explo...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-20582

CVE-2022-20582 affects the Android kernel component, specifically the drm_fw.c function ppmp_unprotect_mfcfw_buf, where an out-of-bounds write can occur due to improper input validation. The vulnerability enables local privilege escalation with no extra user interaction, as indicated by multiple ...

7.8CVSS7.7AI score0.00099EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-20583

CVE-2022-20583 affects the Android kernel DRM firmware path: in function ppmp_unprotect_mfcfw_buf there is an out-of-bounds write due to improper input validation. This could enable local escalation of privilege in S-EL1 with System privileges granted, and exploitation is described as not requiri...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2022/06/06 5:38 p.m.92 views

CVE-2022-21754

CVE-2022-21754 affects MediaTek WLAN driver and is caused by a missing bounds check that enables an out-of-bounds write. This can lead to local escalation of privilege with System execution privileges required and no user interaction needed. The remediation referenced is Patch ID ALPS06535953 / I...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.92 views

CVE-2022-39105

CVE-2022-39105 affects Unisoc Unisoc kernel sensor driver; the root cause is a missing bounds check that can cause an out-of-bounds write, leading to local denial of service. Public references in NVD and multiple security trackers confirm the issue, with consistent description across sources. No ...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.92 views

CVE-2022-42522

CVE-2022-42522 concerns the Android kernel, specifically a bound-check issue in DoSetCarrierConfig() inside miscservice.cpp. The flaw allows an out-of-bounds read, which could cause local information disclosure with system-level privileges required for exploitation; no user interaction is needed....

4.4CVSS4.3AI score0.00122EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.92 views

CVE-2023-21026

CVE-2023-21026 affects Android 13 on the WindowManagerService component, specifically the updateInputChannel path in WindowManagerService.java. A logic error could allow an attacker to extend a touchable region beyond the owner SurfaceControl, enabling a local denial-of-service condition without ...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.92 views

CVE-2023-21029

CVE-2023-21029 affects Android 13 via a missing permission check in UidObserverController.java register, enabling local information disclosure of app usage without user interaction. Root cause: inadequate access control in the registration flow. Impact: information disclosure with user privileges...

5.5CVSS5.1AI score0.00086EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.92 views

CVE-2023-21228

CVE-2023-21228 describes an out-of-bounds write in the Linux kernel component physmem_osmem_linux.c (PMRChangeSparseMemOSMem), caused by an incorrect bounds check. This could enable local escalation of privilege with no user interaction. Public documents confirm the vulnerability details and affe...

9.8CVSS8.5AI score0.00414EPSS
CVE
CVE
added 2023/10/11 7:21 p.m.92 views

CVE-2023-35654

CVE-2023-35654 concerns the stmvl53l1_module.c ctrl_roi function, where an incorrect bounds check may cause an out-of-bounds read. This could enable local escalation of privilege with system execution privileges required. Exploitation is described as local (no user interaction required). Connecte...

6.7CVSS6.6AI score0.00091EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.92 views

CVE-2023-48351

CVE-2023-48351 affects Unisoc Android video decoder; root cause is a missing bounds check causing an out-of-bounds write, leading to local denial of service. Public exploit details are not provided in the supplied documents. Remediation inferred from the Android bulletin: apply security patch lev...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2023/12/08 3:41 p.m.92 views

CVE-2023-48406

CVE-2023-48406 affects Google Pixel devices, specifically the Modem OTP component used in Pixel firmware. The public descriptions describe a logic error that can cause a permanent DoS or allow the modem to boot with unverified firmware. This could lead to local escalation of privilege, requiring ...

6.7CVSS6.7AI score0.00105EPSS
CVE
CVE
added 2023/12/08 3:45 p.m.92 views

CVE-2023-48420

The CVE-2023-48420 entry describes a race-condition–driven use-after-free in the Camera component on Pixel devices, enabling local escalation of privilege with System-level privileges and no user interaction. The vulnerability is categorized as EoP (Camera) in the Pixel security bulletin, with a ...

6.4CVSS6.6AI score0.00074EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.92 views

CVE-2024-29741

The CVE-2024-29741 issue affects Google Pixel’s s2mpu.c driver, specifically the pblS2mpuResume function, where a logic error enables a mitigation bypass. This could allow local elevation of privilege without additional execution privileges or user interaction. Multiple connected sources corrobor...

7.8CVSS7AI score0.00105EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.92 views

CVE-2024-29743

CVE-2024-29743 describes a potential out-of-bounds write in the function tmu_set_temp_lut of tmu.c, requiring local access with no user interaction. The vulnerability could enable a local elevation of privilege, as the write occurs due to a missing bounds check. Across multiple sources (NVD, Red ...

7.7CVSS7.1AI score0.00093EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.92 views

CVE-2024-29780

CVE-2024-29780 affects hwbcc_ns_deprivilege in trusty/user/base/lib/hwbcc/client/hwbcc.c, describing an uninitialized data condition that can disclose uninitialized stack data. The impact is local information disclosure with no extra privileges required and no user interaction needed. Exploitatio...

5.5CVSS6AI score0.00082EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.92 views

CVE-2024-32894

The CVE-2024-32894 entry describes a likely out-of-bounds read in bc_get_converted_received_bearer of bc_utilities.c, enabling remote information disclosure with no privileges or user interaction. Multiple connected records (Red Hat, NVD, OSV, CNNVD) reiterate the same root cause and impact, with...

7.5CVSS6.2AI score0.00348EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.92 views

CVE-2024-53835

Google Pixel Android devices are affected by CVE-2024-53835, a local elevation of privilege vulnerability described as a biometric bypass with an unusual root cause. The issue targets the FPS (likely a biometric subsystem) and is exploitable with LOCAL access,LOW user interaction, and no required...

7.8CVSS7.2AI score0.00076EPSS
CVE
CVE
added 2025/06/03 5:50 a.m.92 views

CVE-2025-31710

CVE-2025-31710 describes a local command-injection vulnerability in the engineermode service (com.sprd.engineermode) that enables privilege escalation via improper input validation. Connected sources tie this to Doogee Note59/Note59 Pro/Note59 Pro+ devices, where an attacker with local access can...

8.4CVSS6.4AI score0.00403EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.91 views

CVE-2015-3101

CVE-2015-3101 describes a privilege-escalation path in the Flash broker when using Internet Explorer, affecting the Flash Player and related AIR components. The vulnerability is tied to a transition from Low Integrity to Medium Integrity via IE, with the impact (per the sources) being privilege e...

4.3CVSS6.4AI score0.01304EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.91 views

CVE-2015-3103

CVE-2015-3103 concerns Adobe Flash Player and is supported by connected sources that identify it as a race condition leading to a use-after-free. The issue affects Flash Player on Windows, OS X, and Linux, with the vulnerability triggered by a COM object initialization/deinitialization sequence t...

10CVSS7.4AI score0.05743EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.91 views

CVE-2019-9365

CVE-2019-9365 corresponds to a Bluetooth deserialization bug in Android 10 that can enable remote code execution with network access and no user interaction. Affected component is Bluetooth deserialization in Android 10; root cause is missing string validation during deserialization, leading to R...

9.8CVSS9.2AI score0.00966EPSS
CVE
CVE
added 2021/10/06 2:12 p.m.91 views

CVE-2021-0681

CVE-2021-0681 is a vulnerability in Android where a missing permission check in system properties could allow local information disclosure without extra execution privileges and without user interaction. Affected components include MediaTek system properties on Android devices. The issue is docum...

5.5CVSS5.1AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.91 views

CVE-2021-1010

CVE-2021-1010: In Android 12, the Android framework component PackageManagerService.getSigningKeySet is missing a permission check, enabling local information disclosure without elevation or user interaction. The CVSS 3.1 base score is 5.5 (MEDIUM), with local attack vector and HIGH confidentiali...

5.5CVSS5AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.91 views

CVE-2021-39762

CVE-2021-39762 affects tremolo in Android 12L. Root cause: integer overflow causing an out-of-bounds read. Consequence: remote information disclosure without user interaction or extra privileges. Exploitation details are not provided in the documents, but the Android 12L security release notes in...

7.5CVSS7.2AI score0.00709EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.91 views

CVE-2021-39770

CVE-2021-39770 affects the Android Framework on Android 12L and is caused by a missing permission check that enables a local information disclosure of the device owner package. The vulnerability allows access to sensitive information without additional execution privileges and does not require us...

5.5CVSS5.6AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.91 views

CVE-2021-39774

CVE-2021-39774 affects Android 12L Bluetooth. The issue is an out-of-bounds read due to a missing bounds check, enabling local DoS with no user interaction required. Android 12L security release notes indicate this vulnerability is addressed as part of the Android 12L patch set, with devices prot...

5.5CVSS5.9AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.91 views

CVE-2021-39787

CVE-2021-39787 affects Android 12L SystemUI. The issue enables an arbitrary Activity launch via a confused deputy, resulting in local elevation of privilege with no extra execution privileges required and a required user interaction for exploitation. Affected component: SystemUI on Android-12L; r...

9.3CVSS7.9AI score0.00357EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.91 views

CVE-2022-20040

The CVE-2022-20040 entry concerns a vulnerability in the MediaTek power_hal_manager_service (Power HAL) where a stack-based buffer overflow can permit local escalation of privilege without user interaction. Exploitation requires local access and the issue is described across multiple sources (e.g...

7.8CVSS7.8AI score0.00129EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.91 views

CVE-2022-20042

CVE-2022-20042 affects Bluetooth with incorrect error handling that may cause local information disclosure. Exploitation requires local access; no user interaction is needed. Documents consistently cite a patch/issue identifier ALPS06108487. No additional exploit details or affected product/versi...

5.5CVSS5.1AI score0.00122EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.91 views

CVE-2022-20071

CVE-2022-20071 affects the ccu component and is caused by missing certificate validation, enabling local escalation of privilege with System execution privileges. Exploitation is described as requiring no user interaction, with a local attack vector. The vulnerability details in connected sources...

6.7CVSS6.6AI score0.00082EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.91 views

CVE-2022-20080

The CVE-2022-20080 entry concerns a race-condition memory corruption in SUB2AF, raising local privilege to SYSTEM with no user interaction required. Affected component is SUB2AF (MediaTek-related context appears across sources), with the underlying issue described as a memory corruption caused by...

6.9CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2022/05/03 7:58 p.m.91 views

CVE-2022-20091

CVE-2022-20091 describes a use-after-free due to a race condition in the MediaTek aee driver, enabling local escalation of privilege to SYSTEM with no user interaction required. The issue is documented with patch ALPS06209201 and issue ALPS06226345. Connected sources confirm this is a real, drive...

6.4CVSS6.6AI score0.00079EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.91 views

CVE-2022-20156

CVE-2022-20156 is an elevation-of-privilege vulnerability in Android’s graphics path: specifically, an issue in the unflatten path of GraphicBuffer.cpp that allows arbitrary code execution via improper input validation. Exploitation is local and does not require user interaction. The impact is st...

7.8CVSS7.9AI score0.00113EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.91 views

CVE-2022-20162

CVE-2022-20162 is an information-disclosure flaw in the Android kernel’s crypto/asn1.c, specifically in the function asn1_p256_int, where an incorrect bounds check allows an out-of-bounds read. The impact is local information disclosure with system privileges required; exploitation requires no us...

4.9CVSS4.2AI score0.00138EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.91 views

CVE-2022-20177

CVE-2022-20177 affects the Android kernel. The vulnerability is in the Android kernel component of Android OS (no vendor/product details beyond Android kernel provided). NVD CVSS scores indicate CVSS v2 base score 5.0 (MEDIUM) with network attack vector, minimal impact on confidentiality as Parti...

7.5CVSS7.4AI score0.00375EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.91 views

CVE-2022-20202

CVE-2022-20202 affects Android 12L via the function ih264_resi_trans_quant_4x4_sse42 (ih264_resi_trans_quant_sse42.c). It describes a heap buffer overflow that enables a possible out-of-bounds read, leading to remote information disclosure with no default execution privileges; exploitation requir...

6.5CVSS6.3AI score0.00648EPSS
CVE
CVE
added 2022/06/15 1:24 p.m.91 views

CVE-2022-20208

CVE-2022-20208 affects Android 12L, with the vulnerability located in cppbor_parse.cpp:parseRecursively, where an incorrect bounds check enables an out-of-bounds read. This could lead to local information disclosure with system privileges required. User interaction is not needed; exploitation vec...

4.4CVSS4.2AI score0.00111EPSS
CVE
CVE
added 2022/08/11 3:1 p.m.91 views

CVE-2022-20375

CVE-2022-20375 affects the Android kernel: in LteRrcNrProAsnDecode (LteRrcNr_Codec.c) there is a possible out-of-bounds read due to a missing bounds check, enabling remote denial of service without user interaction. The vulnerability is categorized in public resources as a DoS issue impacting the...

7.5CVSS7.3AI score0.00495EPSS
CVE
CVE
added 2022/08/11 3:5 p.m.91 views

CVE-2022-20406

CVE-2022-20406 is present in Pixel/Android kernel entries with Type ID (Information disclosure) affecting the Modem component. The connected Pixel bulletin confirms the CVE exists but provides no public exploit details or remediation in the provided documents. No additional technical specifics (v...

7.5CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2022/11/17 12:0 a.m.91 views

CVE-2022-20428

The CVE-2022-20428 entry concerns Google Android kernel components with a possible out-of-bounds write caused by a missing bounds check. Affected: Android kernel (Android devices, Titan M as per Pixel bulletin). Impact: local escalation of privilege to System level; exploitation requires local ac...

6.7CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.91 views

CVE-2022-20518

The CVE-2022-20518 entry concerns a SQL injection in the MmsSmsProvider.java query that can lead to local information disclosure on Android 13 (Pixel). Affected component: MmsSmsProvider.java (Android framework for messaging); root cause: improper handling of SQL queries enabling access to restri...

5.5CVSS5.5AI score0.00211EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.91 views

CVE-2022-20520

CVE-2022-20520 affects Android 13 devices and describes a tapjacking/overlay vulnerability in the onCreate path of various files, enabling local privilege escalation and potential denial of service with user privileges and no user interaction required. The issue is documented across multiple feed...

7.8CVSS7.6AI score0.00189EPSS
Total number of security vulnerabilities8153