Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/12/16 12:0 a.m.91 views

CVE-2022-20520

CVE-2022-20520 affects Android 13 devices and describes a tapjacking/overlay vulnerability in the onCreate path of various files, enabling local privilege escalation and potential denial of service with user privileges and no user interaction required. The issue is documented across multiple feed...

7.8CVSS7.6AI score0.00189EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.91 views

CVE-2022-27822

CVE-2022-27822 describes an information-disclosure vulnerability in Samsung SMR (system patch package). Prior to SMR Apr-2022 Release 1, the ril property setting could expose EF_RUIMID without permission. Documented across multiple feeds (NVD entries and security notices) with affected product sc...

6.6CVSS5.3AI score0.00121EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.91 views

CVE-2022-42519

CVE-2022-42519 affects the Android kernel component, specifically In CdmaBroadcastSmsConfigsRequestData::encode in cdmasmsdata.cpp. The root cause is a stack clash that can lead to memory corruption, enabling local escalation of privilege with SYSTEM privileges required; exploitation requires no ...

6.7CVSS6.6AI score0.00124EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.91 views

CVE-2023-20924

CVE-2023-20924 describes a biometric authentication bypass in the Android kernel that could enable local escalation of privilege with physical access and no user interaction. The Pixel bulletin ties this issue to the Pixel 6a fingerprint scanner and marks it as Elevation of Privilege (EoP) with H...

6.8CVSS6.6AI score0.00206EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.91 views

CVE-2023-20980

CVE-2023-20980 affects Android 13 Bluetooth stack (btu_ble_ll_conn_param_upd_evt in btu_hcif.cc). The issue is an out-of-bounds read due to a missing bounds check, leading to local information disclosure with System execution privileges required; no user interaction is needed. Public documentatio...

5.5CVSS5AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.91 views

CVE-2023-21041

CVE-2023-21041 affects the Android kernel, specifically the function sequence in param_util.c ’s append_to_params . The description states an out-of-bounds write caused by an incorrect bounds check, potentially enabling local privilege escalation with no additional execution privileges and no use...

7.8CVSS7.7AI score0.00098EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.91 views

CVE-2023-21063

CVE-2023-21063 affects Android kernel components (ParseWithAuthType in simdata.cpp) and is described as an out-of-bounds read that can enable local privilege escalation with SYSTEM-level privileges required. Multiple connected sources confirm the issue and its Android/Pixel context, including Pix...

6.7CVSS6.6AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.91 views

CVE-2023-21064

CVE-2023-21064 affects Android kernel components (DoSetPinControl in miscservice.cpp) with a possible out-of-bounds read caused by a missing bounds check. The vulnerability could enable a local elevation of privilege to System-level execution without user interaction. Affected context includes An...

6.7CVSS6.6AI score0.00095EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.91 views

CVE-2023-21175

CVE-2023-21175 affects Android 13 and the DataUsageSummary.java component. In onCreate, a permissions bypass could let a guest user enable/disable mobile data, enabling local privilege escalation with no extra execution privileges and no user interaction needed. Exploitation details are not elabo...

7.8CVSS7.7AI score0.00089EPSS
CVE
CVE
added 2023/10/11 7:19 p.m.91 views

CVE-2023-35646

CVE-2023-35646 is documented in multiple sources as a stack buffer overflow in TBD components with missing bounds checks, enabling remote code execution without user interaction. In the Pixel security bulletin, this issue is mapped to the Shannon baseband on Google Pixel devices, classified as RC...

9.8CVSS9.6AI score0.00426EPSS
CVE
CVE
added 2023/12/08 3:39 p.m.91 views

CVE-2023-48401

CVE-2023-48401 affects the protocoladapter.cpp function GetSizeOfEenlRecords, causing an out-of-bounds read and potential local information disclosure with no user interaction. The available documents consistently describe the root cause as a bounds-check error and do not provide explicit exploit...

5.5CVSS5.1AI score0.001EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.91 views

CVE-2024-32892

CVE-2024-32892 involves a memory corruption vulnerability in the Goodix driver path, specifically in handle_init of goodix/main/main.c, caused by type confusion. The issue can enable local privilege escalation without user interaction. Public details in the connected sources confirm the affected ...

7.8CVSS7AI score0.00105EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.91 views

CVE-2024-32897

CVE-2024-32897 involves an out-of-bounds read in ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() within protocolsmsadapter.cpp. The issue arises from a missing bounds check, enabling a possible information disclosure; exploitability is network-based with no user interaction and could lead to baseb...

5.9CVSS6.2AI score0.00261EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.91 views

CVE-2024-32902

CVE-2024-32902 affects Google Pixel devices, tied to the modem component, and is described as a DoS leading to remote denial of cellular service via malformed packets. The issue is categorized as high severity with network attack vector and low complexity. Pixel security bulletin indicates a patc...

7.5CVSS6.6AI score0.00243EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.91 views

CVE-2024-32906

CVE-2024-32906 affects Google Pixel/Android components: In the AcvpOnMessage function of avcp.cpp, uninitialized data may cause an Elevation of Privilege (EoP). This could enable local privilege escalation with no extra execution privileges and no user interaction required. The available connecte...

7.8CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.91 views

CVE-2024-32912

Summary: CVE-2024-32912 describes a persistent Denial of Service caused by test/debugging code left in a production build, enabling local DoS without extra privileges or user interaction. Affected context (from connected docs): Multiple sources reference a local-DoS issue on Google Pixel/Android ...

5.5CVSS6.6AI score0.00075EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.90 views

CVE-2015-3108

CVE-2015-3108 describes a memory disclosure vulnerability in Adobe Flash Player and related AIR components that bypasses ASLR by not properly restricting discovery of memory addresses. Affected products include Flash Player on Windows, macOS, and Linux (versions listed in the entry), and Adobe AI...

5CVSS6.3AI score0.02443EPSS
CVE
CVE
added 2016/08/07 9:0 p.m.90 views

CVE-2016-5340

CVE-2016-5340 is tied to a vulnerability in the KGSL Linux Graphics Module exposed by a QuIC Android patch for Linux kernel 3.x. The issue arises from the function is_ashmem_file in drivers/staging/android/ashmem.c, where pointer validation is mishandled. This design flaw can allow an attacker to...

7.8CVSS7.1AI score0.00303EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.90 views

CVE-2020-0050

CVE-2020-0050 is an Android System issue affecting Android 10 where in nfa_hciu_send_msg (nfa_hci_utils.cc) an out-of-bounds write can occur due to improper input validation. This could enable local elevation of privilege in the NFC server with system-level execution privileges; exploitation does...

6.7CVSS7.2AI score0.0016EPSS
CVE
CVE
added 2020/11/10 12:53 p.m.90 views

CVE-2020-0445

CVE-2020-0445 is an Android vulnerability described as an out-of-bounds write caused by a missing bounds check. Connected sources indicate this affects the Android video encoder (MediaTek components) and is rated high to critical, with a network attack vector and no user interaction required per ...

9.8CVSS9AI score0.0054EPSS
CVE
CVE
added 2020/11/10 12:51 p.m.90 views

CVE-2020-0454

Summary: CVE-2020-0454 affects Android 9 (Android-9) via the ConnectivityService.java callCallbackForRequest, enabling a local attacker with LOW privileges to bypass a permission check and disclose the current SSID without user interaction. Exploitation is localized to the device; no remote acces...

5.5CVSS5AI score0.00231EPSS
CVE
CVE
added 2020/06/04 11:24 p.m.90 views

CVE-2020-13842

Technical details (affected product/versions/root cause/patch) are not publicly provided in the supplied documents. Monitor for updates.

7.8CVSS7.7AI score0.00136EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.90 views

CVE-2021-0874

CVE-2021-0874 concerns the PowerVR GPU driver component PVRSRVBridgeDevicememHistorySparseChange, where a missing size check can trigger an integer overflow that allows out-of-bounds heap access. The impact stated across sources is local escalation of privileges with no additional execution privi...

7.8CVSS7.8AI score0.00093EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.90 views

CVE-2021-1004

CVE-2021-1004 affects Android 12, via a missing permission check in getConfiguredNetworks() of WifiServiceImpl.java that can allow an app to determine whether another app is installed without query permissions. This is a local privilege escalation (no user interaction required) per the descriptio...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.90 views

CVE-2021-39740

CVE-2021-39740 affects the Android 12L messaging path. The issue arises from improper input validation in messaging, allowing an attacker to bypass attachment restrictions and cause local information disclosure without requiring user interaction or privileges. The vulnerability is categorized und...

5.5CVSS5.6AI score0.00105EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.90 views

CVE-2021-39760

CVE-2021-39760 is described as a side-channel information disclosure in Android’s AudioService that can reveal whether an app is installed without query permissions. The impact is local information leakage with no extra execution privileges; user interaction is not required. Related connected doc...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.90 views

CVE-2021-39783

CVE-2021-39783 is an Elevation of Privilege vulnerability in Android’s rcsservice on Android 12L. The issue arises from a missing permission check, enabling local privilege escalation with no additional execution privileges or user interaction required. Affected component: rcsservice; impact is l...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.90 views

CVE-2022-20035

CVE-2022-20035 involves the vcu driver and an information-disclosure use-after-free vulnerability that could allow local escalation to System privileges. The issue does not require user interaction. Affected component: vcu driver. Root cause: use-after-free leading to partial confidentiality impa...

4.4CVSS4.7AI score0.00123EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.90 views

CVE-2022-20058

In MT MediaTek devices, CVE-2022-20058 is a boundary-check flaw in the preloader (USB) that can cause an out-of-bounds write. The issue enables local escalation of privilege when an attacker has physical access to the device, with user interaction required for exploitation. Affected products are ...

6.6CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.90 views

CVE-2022-20067

CVE-2022-20067 affects mdp with an out-of-bounds write caused by a missing bounds check, enabling local escalation to SYSTEM privileges without user interaction. Exploitation details are not provided in the documents, but multiple sources confirm the issue and reference patch ALPS05836585 (Issue ...

6.7CVSS6.7AI score0.00113EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.90 views

CVE-2022-20072

CVE-2022-20072 affects MediaTek devices via a flaw in the search engine service that allows changing the default search engine due to an incorrect comparison, enabling local privilege escalation to System. Exploitation status is not detailed in the provided documents; user interaction is not requ...

6.7CVSS6.7AI score0.00334EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.90 views

CVE-2022-20078

CVE-2022-20078 affects vow with a memory corruption flaw caused by a race condition, enabling local privilege escalation to System level without user interaction. Exploitation details are not provided in the initial documents; confirmed remediation reference is Patch ID ALPS05852819 / Issue ALPS0...

6.9CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.90 views

CVE-2022-20183

CVE-2022-20183 affects the Android kernel, specifically the hypx_create_blob_dmabuf path in faceauth_hypx.c. The issue is a missing bounds check that leads to an out-of-bounds write. This could enable local escalation of privilege with System execution privileges required; no user interaction is ...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.90 views

CVE-2022-20185

CVE-2022-20185 affects the Android kernel with a use-after-free flaw described as enabling local privilege escalation to SYSTEM (LOCAL exploit, LOW attack complexity, no user interaction). The exact affected Android versions, patch level, and remediation are not provided in the supplied documents...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.90 views

CVE-2022-20194

CVE-2022-20194 affects Android 12L. The vulnerability arises in the onCreate of ChooseLockGeneric.java, enabling a local elevation of privilege through a permission bypass that does not require user interaction. The impact is limited to elevation of privileges on the device. Remediation per the P...

7.8CVSS7.6AI score0.00112EPSS
CVE
CVE
added 2022/06/15 1:24 p.m.90 views

CVE-2022-20206

CVE-2022-20206 affects Android 12L via NotificationManagerService.setPackageOrComponentEnabled, where a missing permission check enables local information disclosure about enabled notification listeners. The issue requires User privileges but not user interaction to exploit, yielding a HIGH confi...

5.5CVSS5AI score0.00103EPSS
CVE
CVE
added 2022/06/15 1:24 p.m.90 views

CVE-2022-20233

CVE-2022-20233 affects the Android kernel Titan-M source. The issue is an out-of-bounds write in param_find_digests_internal and related functions caused by an incorrect bounds check. It enables local escalation of privilege with System execution privileges required; exploitation does not require...

7.2CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2022/08/11 3:1 p.m.90 views

CVE-2022-20376

CVE-2022-20376 affects the Android kernel’s trusty-log.c: Trusty_log_seq_start has use-after-free due to improper locking, enabling local elevation of privileges to SYSTEM. Exploitation details are not provided in the connected documents; no patch/version/fix is specified here. Monitoring Pixel s...

6.7CVSS6.7AI score0.00078EPSS
CVE
CVE
added 2022/08/11 3:2 p.m.90 views

CVE-2022-20380

According to the Pixel security bulletin, CVE-2022-20380 is listed under the Pixel component Modem with type ID (information disclosure) and High severity. The entry is tied to Android devices via a modem-related information-disclosure issue, not clearly specifying kernel-level impact in this bul...

7.5CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20508

CVE-2022-20508 affects Android 13. In ConfigureWifiSettings.java (onAttach), a permissions bypass could let a guest user change Wi‑Fi settings, enabling local privilege escalation with no extra execution privileges or user interaction. CVSS v3.1 metrics indicate LOCAL, LOW attack complexity, with...

7.8CVSS7.6AI score0.00115EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20529

CVE-2022-20529 affects Android 13, specifically the WifiDialogActivity.java code, where a logic error can cause a limited lockscreen bypass and local escalation of privilege in wifi settings without user interaction. The CVE severity per the initial data is Low (CVSS v3.1: 2.4). No exploitation d...

2.4CVSS4.2AI score0.00165EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20538

Summary: CVE-2022-20538 affects Android 13 in the getSmsRoleHolder path of RoleService.java. A side-channel information disclosure can let an attacker determine if an app is installed without query permissions, enabling local information disclosure with no extra execution privileges and no user i...

5.5CVSS4.9AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20539

CVE-2022-20539 affects Android-13; the issue is in parameterToHal of Effect.cpp where a missing bounds check can cause an out-of-bounds write. This may enable local escalation of privilege in the audio server with system execution privileges, and requires no user interaction. Documents consistent...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20547

The CVE-2022-20547 entry concerns Android 13 where multiple functions in AdapterService.java can manipulate Bluetooth state due to a missing permission check, enabling local privilege escalation with no extra execution privileges and no user interaction required. The available sources (NVD/Red Ha...

7.8CVSS7.7AI score0.00114EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20577

CVE-2022-20577 affects the Android kernel component involved in the OemSimAuthRequest::encode function in wlandata.cpp, where a missing bounds check allows an out‑of‑bounds write. This can lead to local escalation of privilege with System privileges required; exploitation reportedly does not requ...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20588

CVE-2022-20588 affects the Android kernel in the sysmmu_map function of sysmmu.c. The issue is a precondition check failure that can enable local elevation of privilege, granting System execution privileges. Exploitation details are not provided in the supplied documents; no user interaction is r...

6.7CVSS6.6AI score0.00124EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20589

CVE-2022-20589 affects the Android kernel, specifically a vulnerability in the function valid_va_secbuf_check within drm_access_control.c. The issue arises from improper input validation, enabling local information disclosure and requiring System execution privileges for exploitation, with no use...

4.4CVSS4.3AI score0.00122EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-20602

CVE-2022-20602 is mapped to the Android kernel with impact described as Information Disclosure (ID) and a high overall severity (CVSS base 7.5). The vulnerability is associated with the Android kernel in Pixel devices, and is listed under Pixel components in the Android Pixel security bulletin fo...

7.5CVSS7.4AI score0.00463EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.90 views

CVE-2022-25817

Samsung One UI Home (pre–SMR Mar‑2022 Release 1) is affected by CVE-2022-25817 due to improper authentication, allowing an attacker to generate pinned shortcuts without user consent. Remediation: update to SMR Mar‑2022 Release 1 or later.

4CVSS4.2AI score0.00104EPSS
CVE
CVE
added 2022/03/08 1:47 p.m.90 views

CVE-2022-25818

CVE-2022-25818 affects the Samsung UWB stack (prior to SMR Mar-2022 Release 1). The issue is an improper boundary check in the UWB implementation that enables arbitrary code execution. Public details across connected records confirm the vulnerability exists in Samsung/UWB, with mitigation via Sam...

9.8CVSS9.6AI score0.00415EPSS
Total number of security vulnerabilities8153