Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/03/08 1:46 p.m.90 views

CVE-2022-25815

The CVE-2022-25815 entry corresponds to a PendingIntent hijacking vulnerability in the Samsung Weather application. Connected sources confirm a local privilege/unauthorized action risk via hijacking PendingIntent in Weather prior to SMR Mar-2022 Release 1. Impacts are described as enabling local ...

7.8CVSS7.3AI score0.00098EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.90 views

CVE-2022-25817

Samsung One UI Home (pre–SMR Mar‑2022 Release 1) is affected by CVE-2022-25817 due to improper authentication, allowing an attacker to generate pinned shortcuts without user consent. Remediation: update to SMR Mar‑2022 Release 1 or later.

4CVSS4.2AI score0.00104EPSS
CVE
CVE
added 2022/03/08 1:47 p.m.90 views

CVE-2022-25818

CVE-2022-25818 affects the Samsung UWB stack (prior to SMR Mar-2022 Release 1). The issue is an improper boundary check in the UWB implementation that enables arbitrary code execution. Public details across connected records confirm the vulnerability exists in Samsung/UWB, with mitigation via Sam...

9.8CVSS9.6AI score0.00415EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.90 views

CVE-2022-27575

CVE-2022-27575 affects One UI Home prior to Samsung SMR April-2022 Release 1. The issue is described as an information disclosure vulnerability that allows an attacker to access information about the currently launched foreground application without permission. Concrete details in connected sourc...

4.3CVSS3.9AI score0.00249EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.90 views

CVE-2022-27829

CVE-2022-27829 is described across multiple connected sources as an improper validation vulnerability in Samsung SMR’s VerifyCredentialResponse prior to SMR Apr-2022 Release 1. The issue enables attackers to launch certain activities, with affected entities typically within the device’s local tru...

8.5CVSS7.5AI score0.00134EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-42518

CVE-2022-42518 affects the Android kernel (rild_exynos) via an out-of-bounds write in BroadcastSmsConfigsRequestData::encode (smsdata.cpp) caused by a missing bounds check. This can enable local escalation of privilege with System execution privileges; no user interaction is required. Public deta...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.90 views

CVE-2022-42525

CVE-2022-42525 affects Android’s ril_service_1_6.cpp in the Android kernel stack, where an incorrect bounds check can cause an out-of-bounds write. The documented impact is local escalation of privilege with System execution privileges required, and exploitation is listed as requiring no user int...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.90 views

CVE-2022-48458

In TeleService , CVE-2022-48458 describes a vulnerability where improper input validation can crash the system, leading to local denial of service with no additional privileges required. Affected component: TeleService (local exploitability). CVSS v3.1 base score is 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.90 views

CVE-2023-21020

The CVE-2023-21020 vulnerability affects Android 13 (Pixel devices) and is described as a use-after-free in registerSignalHandlers of main.c that can lead to local arbitrary code execution with SYSTEM privileges, requiring no user interaction. The issue enables local escalation of privileges via ...

6.7CVSS7AI score0.00097EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.90 views

CVE-2023-21059

CVE-2023-21059 affects the Android kernel: in EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a missing bounds check causing an out-of-bounds read. This can enable remote information disclosure without privileges and without user interaction. Affected component: Andro...

7.5CVSS7AI score0.00436EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.90 views

CVE-2023-21154

CVE-2023-21154 : Affects the Android kernel, specifically the StoreAdbSerialNumber path in protocolmiscbuilder.cpp, where a missing bounds check can cause an out-of-bounds read. This is described as enabling local information disclosure with System-level privileges needed; exploitation reportedly...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.90 views

CVE-2023-52533

The CVE-2023-52533 entry concerns the modem-ps-nas-ngmm component, where incorrect error handling may cause undefined behavior. This could enable remote information disclosure without additional privileges. Public sources (NVD/Red Hat/CVE records) state the impact as information disclosure with n...

5.3CVSS6.5AI score0.00356EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.90 views

CVE-2024-20001

The CVE-2024-20001 issue affects TVAPI and is caused by a missing bounds check leading to an out-of-bounds write, enabling local escalation of privilege with System privileges required; no user interaction is needed. Multiple connected sources (NVD, Red Hat, CVE lists) confirm the same descriptio...

6.7CVSS6.7AI score0.00107EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.90 views

CVE-2024-29783

The CVE-2024-29783 issue is described across multiple sources as a vulnerability in tmu_get_tr_thresholds where a missing bounds check may cause an out-of-bounds read, leading to local information disclosure with no required user interaction. Exploitation details are not provided in the connected...

6.7CVSS6AI score0.00083EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.90 views

CVE-2024-32904

CVE-2024-32904 concerns the ProtocolVsimOperationAdapter() function in protocolvsimadapter.cpp, where a missing bounds check can cause an out-of-bounds read. This may lead to local information disclosure with the requirement of baseband firmware compromise for exploitation, and no user interactio...

4.7CVSS6AI score0.00076EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.90 views

CVE-2024-32907

The CVE-2024-32907 entry describes a buffer overflow in memcall_add within memlog.c caused by improper input validation, enabling local privilege escalation without user interaction. Connected sources (Red Hat, NVD, OSV, and Android bulletin references) consistently report the same description bu...

8.4CVSS7.3AI score0.00082EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.90 views

CVE-2024-47022

CVE-2024-47022 affects Google Pixel devices running Android prior to the 2024-10-05 patch level, with the ACPM component (A-331255656) identified as the vulnerable element. The Red Hat and CNVD entries corroborate the same information disclosure issue, described as an information leak stemming fr...

7.5CVSS6.2AI score0.0016EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.90 views

CVE-2024-47023

CVE-2024-47023 is an elevation-of-privilege in the Pixel modem due to a logic error in the code. The vulnerability could allow remote escalation with no user interaction. Pixel bulletin entries show the issue as EoP in the Modem subcomponent and indicate that applying security patch level 2024-10...

8.1CVSS7.4AI score0.0023EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.90 views

CVE-2025-0078

CVE-2025-0078 describes a logic error in the Android main.cpp main function that may bypass SELinux, enabling local elevation of privilege with no extra privileges or user interaction required. The vulnerability is categorized as EoP with a high impact, and current sources indicate the issue affe...

8.8CVSS6.8AI score0.00283EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.89 views

CVE-2015-3107

CVE-2015-3107 is a Use-After-Free vulnerability in Adobe Flash Player (and related AIR components) that can lead to arbitrary code execution via unspecified vectors. Affected products include Flash Player on Windows, macOS, and Linux, with versions before 13.0.0.292 and earlier 18.x before 18.0.0...

10CVSS7.4AI score0.32432EPSS
CVE
CVE
added 2024/11/19 6:51 p.m.89 views

CVE-2018-9341

CVE-2018-9341 affects the Android Media framework: in impeg2d_mc_fullx_fully of impeg2d_mc.c there is an out-of-bounds write due to a missing bounds check. This can lead to remote arbitrary code execution in the context of a privileged process, with user interaction required to exploit. Multiple ...

9.8CVSS7.5AI score0.00398EPSS
CVE
CVE
added 2019/06/19 8:2 p.m.89 views

CVE-2018-9564

CVE-2018-9564 affects Android via an out-of-bounds read in llcp_util_parse_link_params (llcp_util.cc), caused by a missing bounds check. This can lead to local information disclosure without executing user-supplied code. Affected Android versions include 7.0–9 (Android-7.0, 7.1.1, 7.1.2, 8.0, 8.1...

7.1CVSS5.9AI score0.00758EPSS
CVE
CVE
added 2020/03/10 7:55 p.m.89 views

CVE-2020-0032

CVE-2020-0032 affects Android Media Framework. The root cause is an out-of-bounds write due to a heap buffer overflow in ih264d_release_display_bufs (ih264d_utils.c), enabling remote code execution in a privileged context. Affected Android versions: 8.0–10. The vulnerability is exploitable via a ...

9.3CVSS8.9AI score0.0156EPSS
CVE
CVE
added 2020/10/14 1:10 p.m.89 views

CVE-2020-0371

CVE-2020-0371 is an Android vulnerability described as an out-of-bounds read due to a missing bounds check, affecting Android components on the Android SoC with Android ID A-163008256. The public records list this CVE across multiple sources (NVD, Red Hat, PRION, CVE List, OSV) with consistent wo...

9.4CVSS8.7AI score0.00582EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.89 views

CVE-2021-0524

CVE-2021-0524 affects Android 12, related to CarPackageManagerService.java isServiceDistractionOptimized. The issue is a side-channel information disclosure that could allow a local disclosure of installed packages without additional execution privileges. Impact is local information disclosure wi...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.89 views

CVE-2021-39677

CVE-2021-39677 affects Android Automotive OS (AAOS) with Android 11. The issue is an OOB heap read in startVideoStream when the camera buffer is zero-sized. This is documented as a high-severity (CVSSv3.1: High) network-facing vulnerability with no user interaction required. Public materials list...

7.5CVSS7.5AI score0.00392EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.89 views

CVE-2021-39747

CVE-2021-39747 affects Android 12L: a permissions bypass in Settings Provider may allow an attacker to list values of non-readable global settings, causing local information disclosure with no extra privileges and no user interaction. It is listed in Android 12L security release notes as addresse...

5.5CVSS5.6AI score0.00099EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.89 views

CVE-2021-39748

CVE-2021-39748 affects Android 12L in the Framework through InputMethodEditor. The issue arises from an unsafe PendingIntent that can allow access to files accessible to Settings, causing local information disclosure without extra privileges and without user interaction. The ENISA/Android release...

5.5CVSS5.6AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.89 views

CVE-2021-39757

CVE-2021-39757 affects Android 12L with a permission bypass in the PermissionController caused by unsafe PendingIntent, enabling local information disclosure. Exploitation requires low privileges and no user interaction, with potential access to sensitive data on the device as described in multip...

5.5CVSS5.6AI score0.00105EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.89 views

CVE-2021-39788

CVE-2021-39788 affects Android 12L TelecomManager. The issue enables a side-channel information disclosure that allows checking whether a specific self-managed phone account is registered on the device, leading to local information disclosure without additional privileges and without user interac...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.89 views

CVE-2022-20030

CVE-2022-20030 affects the vow driver; vulnerability is an out-of-bounds write caused by a stack-based buffer overflow. This can allow local escalation of privileges to System with no user interaction required. The advisory notes a patch identified as ALPS05837793 (Issue ALPS05837793) for remedia...

6.7CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.89 views

CVE-2022-20046

The CVE-2022-20046 entry describes a Bluetooth memory corruption due to a logic error that could cause local denial of service without user interaction. The vulnerability is associated with a patch identified as ALPS06142410 (Issue ALPS06142410). Public exploitation details, affected product name...

5.5CVSS5.5AI score0.00113EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.89 views

CVE-2022-20049

CVE-2022-20049 affects the vpu component and describes a missing permission check that can enable local privilege escalation with System execution privileges required. Exploitation does not require user interaction. A patch is referenced (ALPS05954679; ALPS05954679). Connected sources confirm thi...

6.7CVSS6.6AI score0.00111EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.89 views

CVE-2022-20070

CVE-2022-20070 affects the ssmr component, with a reported out-of-bounds write caused by a missing bounds check. This can lead to local escalation of privileges, requiring SYSTEM privileges, and does not require user interaction. The issue is associated with patch ID ALPS06362920 (Issue ALPS06362...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.89 views

CVE-2022-20074

CVE-2022-20074 concerns a boundary-check omission in the preloader (partition) of MediaTek devices, causing an out-of-bounds write that can enable local privilege escalation with physical access and user interaction required for exploitation. Affected component: preloader partition code on MediaT...

6.6CVSS6.5AI score0.00125EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.89 views

CVE-2022-20160

CVE-2022-20160 is documented as a critical remote code execution (RCE) vulnerability in Google Pixel devices, specifically affecting the Modem component. Public records classify it as a Modem-related issue (RCE, Critical) in the Pixel bulletin, with the Android patch level 2022-06-05 or later add...

10CVSS9AI score0.00461EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.89 views

CVE-2022-20178

CVE-2022-20178 affects Android kernel components where ioctl_dpm_qos_update and ioctl_event_control_set can trigger an out-of-bounds write caused by an integer overflow. This can lead to local privilege escalation with system execution privileges required, and exploitation does not require user i...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2022/08/11 3:0 p.m.89 views

CVE-2022-20372

CVE-2022-20372 affects the Android kernel, specifically the Exynos5 I2C IRQ code. The issue is a possible out-of-bounds write caused by a use-after-free, leading to local elevation of privilege with System execution privileges required. No user interaction is needed. The provided documents do not...

7.3CVSS6.7AI score0.001EPSS
CVE
CVE
added 2022/08/11 3:2 p.m.89 views

CVE-2022-20382

CVE-2022-20382 affects the Android kernel (kernel components). The description cites a possible out-of-bounds write due to a kernel stack overflow, enabling local escalation of privilege with System privileges required and no user interaction needed. Several connected sources (NVD, Red Hat, SUSE,...

6.7CVSS6.6AI score0.00102EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-20511

CVE-2022-20511 affects Android 13 where a missing permission check in DevicePolicyManagerService.getNearbyAppStreamingPolicy could enable local information disclosure without additional privileges. The issue: local access suffices (no user interaction required) and the vulnerability is tied to in...

5.5CVSS5.1AI score0.00157EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-20545

CVE-2022-20545 affects Android 13 on Google Pixel devices. The issue resides in the MediaControlPanel.java function bindArtworkAndColors, where improper input validation can crash the phone, causing a remote denial of service with no additional execution privileges required. Exploitation does not...

7.5CVSS7.4AI score0.00598EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-20556

The provided documents confirm CVE-2022-20556 affects Android 13, where a missing permission check in launchConfigNewNetworkFragment of NetworkProviderSettings.java allows a guest user to add a new WiFi network. This enables local elevation of privilege with no extra execution privileges required...

3.3CVSS4.3AI score0.00151EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-20609

CVE-2022-20609 involves a local information-disclosure vulnerability in Pixel cellular firmware due to a missing bounds check that allows an out-of-bounds read. Exploitation requires local access; no user interaction is needed. The issue is described for the Pixel/Android kernel domain, but the p...

5.5CVSS5.1AI score0.00119EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.89 views

CVE-2022-22270

CVE-2022-22270 is an implicit Intent hijacking vulnerability in Samsung Dialer prior to SMR Jan-2022 Release 1 that allows unprivileged apps to access contact information. Affected: Samsung Dialer on Samsung Android devices; root cause is improper handling of implicit intents in the Dialer. Impac...

4.4CVSS4.1AI score0.00202EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.89 views

CVE-2022-24928

CVE-2022-24928 describes a security misconfiguration in Samsung’s RKP (kernel protection) mechanism prior to the SMR Mar-2022 Release 1. The root cause is a misconfiguration that leaves the system not protected by RKP. As a result, confidentiality, integrity, and availability can be affected on a...

7.8CVSS7.3AI score0.00118EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.89 views

CVE-2022-25816

CVE-2022-25816 affects Samsung Lock and Mask apps setting prior to the SMR Mar-2022 Release 1, where improper authentication allows an attacker to change enable/disable without authentication. The initial entry documents this vulnerability and notes Samsung and Red Hat/other vendor advisories ali...

4.6CVSS4.8AI score0.00107EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-42504

CVE-2022-42504 affects the Android kernel component CallDialReqData::encodeCallNumber (callreqdata.cpp). It describes an out-of-bounds write caused by an incorrect bounds check, enabling local escalation of privilege with System execution privileges required. Exploitation is not dependent on user...

6.7CVSS6.7AI score0.00122EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-42506

CVE-2022-42506 affects Android kernel components. The issue is in SimUpdatePbEntry::encode (simdata.cpp) where a missing bounds check can cause an out-of-bounds write, enabling local escalation of privilege with System execution privileges needed. Exploitation is described as local and requires n...

6.7CVSS6.7AI score0.00122EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-42512

CVE-2022-42512 affects the Android kernel component in VsimOperationDataExt::encode (vsimdata.cpp). The issue is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with System privileges; no user interaction needed. Connected sources confirm the vulnerab...

4.4CVSS4.3AI score0.00117EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.89 views

CVE-2022-42544

CVE-2022-42544 concerns a local-privilege-escalation issue in Android 13 stemming from getView() in AddAppNetworksFragment.java. The vulnerability arises from improper input validation that can mislead users about network add requests, with exploitation possible without extra privileges or user i...

7.8CVSS7.7AI score0.00148EPSS
Total number of security vulnerabilities8153