Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/01/18 2:44 a.m.89 views

CVE-2023-48352

CVE-2023-48352 is described as a local denial-of-service in phasecheckserver due to an out-of-bounds write from a missing bounds check. Connected sources tie this to UNISOC Android components (Android/Unisoc stack) and reiterate the same description across Red Hat/NVD entries. The documents do no...

5.5CVSS5.5AI score0.00081EPSS
CVE
CVE
added 2023/12/08 3:44 p.m.89 views

CVE-2023-48412

CVE-2023-48412 affects the Mali driver’s private_handle_t in mali_gralloc_buffer.h. A logic error can cause an information leak, enabling local information disclosure without additional execution privileges and without user interaction. The impact is restricted to local disclosure; exploitation d...

5.5CVSS5.1AI score0.00105EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.89 views

CVE-2024-29739

CVE-2024-29739 affects Google Android’s kernel component involved in tmu_get_temp_lut in tmu.c, where a missing bounds check enables an out-of-bounds read. This can cause local information disclosure without extra privileges or user interaction. Public exploit details are not provided in the supp...

5.5CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.89 views

CVE-2024-32907

The CVE-2024-32907 entry describes a buffer overflow in memcall_add within memlog.c caused by improper input validation, enabling local privilege escalation without user interaction. Connected sources (Red Hat, NVD, OSV, and Android bulletin references) consistently report the same description bu...

8.4CVSS7.3AI score0.00082EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.89 views

CVE-2024-32925

CVE-2024-32925 affects the dhd_prot_txstatus_process function in dhd_msgbuf.c. The issue is described as a possible out-of-bounds write caused by a missing bounds check, which could enable remote code execution. The description states no additional execution privileges are required, and exploitat...

8.8CVSS7.5AI score0.00287EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.89 views

CVE-2024-47023

CVE-2024-47023 is an elevation-of-privilege in the Pixel modem due to a logic error in the code. The vulnerability could allow remote escalation with no user interaction. Pixel bulletin entries show the issue as EoP in the Modem subcomponent and indicate that applying security patch level 2024-10...

8.1CVSS7.4AI score0.0023EPSS
CVE
CVE
added 2017/02/07 7:2 a.m.88 views

CVE-2014-9914

Summary of CVE-2014-9914 (Linux kernel) : A race condition in ip4_datagram_release_cb within net/ipv4/datagram.c (kernel before 3.15.2) can be exploited by a local user to gain privileges or cause a denial of service (use-after-free) due to incorrect locking assumptions during multithreaded IPv4 ...

7.8CVSS7.3AI score0.00274EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.88 views

CVE-2015-3098

Adobe Flash Player and related AIR components are affected by a vulnerability (CVE-2015-3098) that could bypass the Same Origin Policy via unspecified vectors. Mageia MGASA-2015-0248 notes a fix in Flash Player 11.2.202.468 and links CVE-2015-3098 to this update. Affected versions include Windows...

5CVSS6.5AI score0.02346EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.88 views

CVE-2016-2429

CVE-2016-2429 affects libFLAC/stream_decoder.c in mediaserver on Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01. Root cause: free operations on uninitialized memory in mediaserver’s decoder path. Impact: remote code execution or denial of service via a...

10CVSS8.8AI score0.02018EPSS
CVE
CVE
added 2017/01/13 4:0 p.m.88 views

CVE-2016-8467

CVE-2016-8467 describes a local elevation-of-privilege flaw in the Nexus bootloader that lets an attacker change the boot mode via fastboot (e.g., fastboot oem config bootmode bp-tools), thereby gaining access to the device and potentially hidden USB interfaces. The described attack alters the an...

5.5CVSS6.2AI score0.00357EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.88 views

CVE-2017-0786

CVE-2017-0786 is an elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver affecting the Android kernel. Public records in the initial description identify the affected component as the Broadcom Wi‑Fi driver within the Android kernel and describe the issue as an elevation of privilege;...

8.8CVSS7.3AI score0.00439EPSS
CVE
CVE
added 2018/06/11 9:0 p.m.88 views

CVE-2017-7759

Firefox for Android prior to version 54 is affected by CVE-2017-7759, where Android intent URLs can cause navigation from HTTP/HTTPS to local file: URLs, potentially exposing local data due to a same-origin policy violation. The issue is fixed in Firefox 54 (as noted in mfsa2017-15). Affected pro...

7.5CVSS7.5AI score0.00675EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.88 views

CVE-2018-5873

The CVE-2018-5873 entry refers to a race-condition induced Use-After-Free in the Linux kernel before 4.11, specifically in __ns_get_path within fs/nsfs.c. This affects the mainline Linux kernel and Android builds derived from CAF for Android kernels (Android for MSM, Firefox OS for MSM, QRD Andro...

7CVSS6.3AI score0.00525EPSS
CVE
CVE
added 2020/01/07 6:7 p.m.88 views

CVE-2019-9465

CVE-2019-9465 concerns the Titan M secure hardware in Android 10. The issue is a possible information disclosure due to an unusual root cause affecting cryptographic operations, enabling local information disclosure without additional execution privileges and without user interaction. Affected co...

5.5CVSS5.2AI score0.00266EPSS
CVE
CVE
added 2020/03/10 7:55 p.m.88 views

CVE-2020-0032

CVE-2020-0032 affects Android Media Framework. The root cause is an out-of-bounds write due to a heap buffer overflow in ih264d_release_display_bufs (ih264d_utils.c), enabling remote code execution in a privileged context. Affected Android versions: 8.0–10. The vulnerability is exploitable via a ...

9.3CVSS8.9AI score0.0156EPSS
CVE
CVE
added 2020/03/10 8:4 p.m.88 views

CVE-2020-0054

CVE-2020-0054 affects Android 10 in the WifiNetworkSuggestionsManager component. The vulnerability arises from a missing permission check in WifiNetworkSuggestionsManager.java, enabling local privilege escalation without additional execution privileges. Public details specify that exploitation re...

7.8CVSS8.1AI score0.00143EPSS
CVE
CVE
added 2020/06/04 11:24 p.m.88 views

CVE-2020-13840

CVE-2020-13840 affects LG mobile devices running Android 7.2–10 on MTK chipsets. The issue is a buffer overflow in the MTK AT command handler, enabling potential code execution. The LG internal identifier is LVE-SMP-200008 (June 2020). Documents do not provide the exact affected models, firmware ...

9.8CVSS9.6AI score0.00682EPSS
CVE
CVE
added 2021/06/22 10:58 a.m.88 views

CVE-2021-0557

CVE-2021-0557 affects Android 11 in the Media Framework component, specifically a vulnerability in the function setRange() of ABuffer.cpp. An integer overflow can cause an out-of-bounds write, which could enable remote code execution with no extra privileges, requiring user interaction to exploit...

8.8CVSS8.8AI score0.00673EPSS
CVE
CVE
added 2021/03/04 9:6 p.m.88 views

CVE-2021-25346

CVE-2021-25346 affects Samsung quram library, with vulnerable versions prior to SMR Jan-2021 Release 1. The root cause is an arbitrary memory overwrite that can lead to arbitrary code execution. Publicly documented impact aligns with memory corruption in quram components; Samsung has released sec...

9.8CVSS9.7AI score0.01226EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.88 views

CVE-2021-39653

CVE-2021-39653 describes a local elevation of privilege in the Android boot path, enabling boot with a hidden debug policy due to a missing user warning. The vulnerability is associated with the Android kernel/Bootloader surface (as reflected in Pixel bulletin categorization), and iled by the des...

7.8CVSS7.7AI score0.00119EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.88 views

CVE-2021-39677

CVE-2021-39677 affects Android Automotive OS (AAOS) with Android 11. The issue is an OOB heap read in startVideoStream when the camera buffer is zero-sized. This is documented as a high-severity (CVSSv3.1: High) network-facing vulnerability with no user interaction required. Public materials list...

7.5CVSS7.5AI score0.00392EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.88 views

CVE-2021-39747

CVE-2021-39747 affects Android 12L: a permissions bypass in Settings Provider may allow an attacker to list values of non-readable global settings, causing local information disclosure with no extra privileges and no user interaction. It is listed in Android 12L security release notes as addresse...

5.5CVSS5.6AI score0.00099EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.88 views

CVE-2021-39756

CVE-2021-39756 affects Android 12L Framework, where a side-channel information disclosure could allow an app to be detected as installed without query permissions, enabling local information disclosure with no execution privileges. Root cause is a leakage in Framework that can reveal installation...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.88 views

CVE-2021-39775

CVE-2021-39775 is an Android 12L information-disclosure vulnerability describing a side-channel that lets an app determine whether another app is installed without query permissions. Affected component: Android framework/People context; root cause: side-channel information disclosure enabling loc...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.88 views

CVE-2021-39791

The CVE-2021-39791 entry affects the Android component WallpaperManagerService on Android 12L, describing a side‑channel information disclosure that allows an attacker to determine whether an app is installed without query permissions, enabling local information disclosure with no additional exec...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.88 views

CVE-2022-20029

CVE-2022-20029 affects MediaTek devices via the cmdq driver. The root cause is an incorrect bounds check that enables an out-of-bounds read, potentially leading to local information disclosure with System privileges. The vulnerability is documented across multiple feeds (NVD/Red Hat/CVE/CVE lists...

4.4CVSS4.2AI score0.00123EPSS
CVE
CVE
added 2022/05/03 7:58 p.m.88 views

CVE-2022-20090

CVE-2022-20090 affects the aee driver, where a race condition can cause a use-after-free leading to local privilege escalation with System execution privileges required. No user interaction is required. A patch/alleged fix is identified as ALPS06209197 (Issue ALPS06209197). The Red Hat and NVD re...

6.4CVSS6.6AI score0.00079EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.88 views

CVE-2022-20182

CVE-2022-20182 concerns the Android kernel component handle_ramdump inside pixel_loader.c. The vulnerability arises from a missing permission check, enabling creation of a ramdump of non-secure memory and potentially leading to local information disclosure with SYSTEM privileges required. Exploit...

4.4CVSS4.3AI score0.00103EPSS
CVE
CVE
added 2022/09/14 12:0 a.m.88 views

CVE-2022-20231

CVE-2022-20231 affects the Android kernel on at least some Pixel/Android devices. The issue is an out-of-bounds write in smc_intc_request_fiq within arm_gic.c, caused by improper input validation, enabling local escalation of privilege with System execution privileges required; no user interactio...

6.7CVSS6.9AI score0.00105EPSS
CVE
CVE
added 2022/09/14 12:0 a.m.88 views

CVE-2022-20364

CVE-2022-20364 affects the Android kernel’s sysmmu_unmap function. The root cause is a missing bounds check that can cause an out-of-bounds write, enabling local privilege escalation with no additional execution privileges or user interaction required. The vulnerability is categorized as a Kernel...

7.8CVSS7.7AI score0.00106EPSS
CVE
CVE
added 2022/08/11 3:0 p.m.88 views

CVE-2022-20373

CVE-2022-20373 affects the Android kernel, specifically the st21nfc_loc_set_polaritymode function in fc/st21nfc.c. The issue is a use-after-free caused by a race condition, enabling local elevation of privilege with SYSTEM privileges required and no user interaction needed. Connected sources (Red...

6.4CVSS6.6AI score0.00072EPSS
CVE
CVE
added 2022/08/11 3:5 p.m.88 views

CVE-2022-20408

CVE-2022-20408 is listed in Google Pixel security bulletin under the Modem component with Type ID and Moderate severity. The bulletin indicates patch level 2022-08-05 or later addresses all issues in that bulletin. Public details on the exact vulnerable subsystem within the modem/kernel are not f...

7.5CVSS7.4AI score0.00267EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.88 views

CVE-2022-20578

CVE-2022-20578 : Vulnerability in RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp can cause a stack clash and memory corruption, enabling local privilege escalation with System privileges required. The issue is exploitable locally (no user interaction) and affects Android kernels using...

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.88 views

CVE-2022-20595

In CVE-2022-20595, the issue is in the Android kernel’s WirelessCharger.cpp getWpcAuthChallengeResponse function. It describes an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with System privileges required. Public references confirm the affected comp...

4.4CVSS4.3AI score0.0017EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.88 views

CVE-2022-20608

CVE-2022-20608 – Pixel cellular firmware : A local information-disclosure flaw caused by an out-of-bounds read from an incorrect bounds check in Pixel cellular firmware (Android kernel). Exploitation requires local access; no user interaction is needed. Impact is information disclosure with high ...

5.5CVSS5.1AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.88 views

CVE-2022-20610

CVE-2022-20610 : In Android Pixel devices, a vulnerability in the cellular modem firmware (Pixel cellular modem) enables a possible out-of-bounds read due to a missing bounds check, which could allow remote code execution. Exploitation is network-based with no user interaction required; LTE authe...

8.8CVSS8.8AI score0.00714EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.88 views

CVE-2022-27830

CVE-2022-27830 describes an improper validation vulnerability in the SemBlurInfo component prior to Samsung SMR Apr-2022 Release 1, enabling attackers with local access to launch certain activities. The NVD entry lists a High risk (CVSS v3.1: 7.8) with LOCAL access, LOW attack complexity, and no ...

8.5CVSS7.5AI score0.00134EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.88 views

CVE-2022-27834

CVE-2022-27834: Use-after-free in the DSP driver’s dsp_context_unload_graph function (pre-SMR Apr-2022 Release 1). Affects the DSP driver; attackers could cause malicious actions. Root cause: use-after-free in the affected function. CVSS details show high impact under CVSS 3.1 (LOCAL, HIGH impact...

7CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.88 views

CVE-2023-20989

CVE-2023-20989 is a vulnerability in the Android Bluetooth stack. In the function btm_ble_write_adv_enable_complete within btm_ble_gap.cc , there is an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure and may require System privileges for exploitatio...

4.4CVSS4.2AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.88 views

CVE-2023-21016

CVE-2023-21016 affects Android 13 via AccountTypePreference.java, where improper input validation can mislead users about installed accounts, enabling local denial of service with no extra privileges and no user interaction required. The issue is described across multiple feeds (NVD, Red Hat, PRi...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.88 views

CVE-2023-21019

CVE-2023-21019 affects Android 13 components, specifically a heap buffer overflow in ih264e_init_proc_ctxt within ih264e_process.c that can cause an out-of-bounds read and local information disclosure without requiring user interaction or elevated privileges. The vulnerability is documented with ...

5.5CVSS5.2AI score0.00093EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.88 views

CVE-2023-21192

CVE-2023-21192 affects Android 13 and is tied to InputMethodManagerService.setInputMethodWithSubtypeIdLocked, where improper input validation can allow configuring input methods that are not enabled, leading to local elevation of privilege without extra user interaction. The vulnerability descrip...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.88 views

CVE-2023-21209

CVE-2023-21209 affects Android’s sta_iface.cpp with an out-of-bounds read caused by unsafe deserialization, enabling local privilege escalation to System. The issue is associated with Android-13 and was discussed in Pixel/Android security bulletins; remediation is to update to Android-13 or newer...

6.7CVSS6.6AI score0.00108EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.88 views

CVE-2023-21217

CVE-2023-21217 is associated with Google Android, affecting the PowerVR-GPU driver. The vulnerability arises in the function PMRWritePMPageList() and is described as a possible out-of-bounds write caused by an integer overflow . The impact is a local escalation of privilege with no additional exe...

9.8CVSS8.7AI score0.00414EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.88 views

CVE-2023-21358

CVE-2023-21358 affects Google Android UWB: a malicious app can masquerade as the system app com.android.uwb.resources due to improper crypto usage, enabling local elevation of privilege with no extra execution privileges and no user interaction required. CVSSv3.1 base score 7.8 (HIGH) with LOCAL ...

7.8CVSS7.8AI score0.00079EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.88 views

CVE-2023-21403

CVE-2023-21403 affects Google Android via the PowerVR-GPU driver entry (rgxta3d.c: RGXDestroyZSBufferKM). The root cause is an uncaught exception in RGXDestroyZSBufferKM that can lead to arbitrary code execution, resulting in local kernel elevation of privilege without requiring user interaction....

9.8CVSS8.8AI score0.00414EPSS
CVE
CVE
added 2023/10/11 7:19 p.m.88 views

CVE-2023-35647

CVE-2023-35647 concerns Google Pixel baseband software: a missing bounds check in ProtocolEmbmsGlobalCellIdAdapter::Init() (protocolembmsadapter.cpp) allows an out-of-bounds read, leading to remote information disclosure and potential baseband firmware compromise. Exploitation requires no user in...

9.8CVSS8.2AI score0.00337EPSS
CVE
CVE
added 2023/12/08 3:44 p.m.88 views

CVE-2023-48414

CVE-2023-48414 affects the Pixel Camera Driver. It describes a use-after-free due to a logic error, enabling local escalation of privilege with System privileges required and no user interaction. The vulnerability is categorized as EoP with a moderate impact in Pixel security bulletins, and no pu...

6.7CVSS6.7AI score0.00109EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.88 views

CVE-2024-32900

The CVE-2024-32900 issue affects the LWIS (lwis_fence_signal) path in lwis_debug.c. It describes a Use-After-Free caused by improper locking, enabling local escalation of privilege from the hal_camera_default SELinux label without additional execution privileges. The vulnerability is documented a...

9.8CVSS7AI score0.00166EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.88 views

CVE-2024-32915

The CVE-2024-32915 entry describes an out-of-bounds read in CellInfoListParserV2::FillCellInfo() within protocolnetadapter.cpp due to a missing bounds check, causing potential local information disclosure and requiring baseband firmware compromise for exploitation. Affected component: CellInfoLis...

4.3CVSS5.9AI score0.00143EPSS
Total number of security vulnerabilities8153