Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/12/16 12:0 a.m.88 views

CVE-2022-20575

The CVE-2022-20575 entry concerns Android kernel code: an out-of-bounds read in read_ppmpu_info() within drm_fw.c due to an incorrect bounds check, enabling local information disclosure without extra privileges or user interaction. Affected component: Android kernel (drm_fw.c read_ppmpu_info). Im...

5.5CVSS5.1AI score0.00167EPSS
CVE
CVE
added 2024/12/18 7:1 p.m.88 views

CVE-2024-47038

CVE-2024-47038 describes an out-of-bounds write in the function dhd_prot_flowrings_pool_release within dhd_msgbuf.c, caused by a missing bounds check. This can lead to local privilege escalation with no user interaction required. Documents collectively indicate a Linux/Android kernel context (Pix...

10CVSS7.1AI score0.00213EPSS
CVE
CVE
added 2025/04/07 3:14 a.m.88 views

CVE-2025-20662

CVE-2025-20662 concerns PlayReady TA, where a missing bounds check enables a potential out-of-bounds read that could cause local escalation of privilege if the attacker already has System privileges. Exploitation reportedly does not require user interaction. The CVSS 3.1 vector (LOCAL, HIGH privi...

6.7CVSS6.6AI score0.00087EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.87 views

CVE-2015-3096

CVE-2015-3096 relates to Adobe Flash Player and related AIR components; connected sources indicate a CSRF issue linked to an incomplete fix for CVE-2014-5333, enabling CSRF via crafted SWF/OBJECT content and potentially bypassing protections. Details about affected versions are provided in adviso...

6.8CVSS6.5AI score0.01969EPSS
CVE
CVE
added 2019/06/19 7:58 p.m.87 views

CVE-2019-2012

CVE-2019-2012 (Android) affects Android 7.0–9 where a function rw_t3t_act_handle_fmt_rsp in rw_t3t.cc can write out of bounds due to a missing bounds check. This is a local elevation-of-privilege flaw that could be triggered with user interaction and, if exploited, would occur within a privileged...

9.3CVSS8.3AI score0.00796EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.87 views

CVE-2019-9406

CVE-2019-9406 affects libhevc in Android 10. The vulnerability enables information disclosure via uninitialized data within the Media/Video processing path, potentially allowing remote information disclosure without extra execution privileges. Exploitation is described as requiring user interacti...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.87 views

CVE-2020-0051

CVE-2020-0051 affects Android 10 System via a tapjacking vulnerability in SettingsHomepageActivity. Root cause: tapjacking could enable local elevation of privilege with no extra execution privileges; exploitation requires user interaction (UI). CVSSv3.1 base score 7.8 (HIGH), CVSSv2 4.4 (MEDIUM)...

7.8CVSS8.1AI score0.00167EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.87 views

CVE-2021-1025

CVE-2021-1025 (Android 12) involves a flaw in hasNamedWallpaper in WallpaperManagerService.java that can reveal whether an app is installed without query permissions, causing local information disclosure without extra execution privileges. The root cause is a missing permission check. Impact is i...

5.5CVSS5AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.87 views

CVE-2021-39745

CVE-2021-39745 affects Android 12L and is described in multiple feeds as a side-channel information disclosure in DevicePolicyManager that could let an attacker determine whether an app is installed without query permissions. The vulnerability enables local information disclosure with no addition...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.87 views

CVE-2021-39750

CVE-2021-39750 is an Android Elevation of Privilege issue where missing permission checks in PackageManager could allow an attacker to change the splash screen theme of other apps, leading to local privilege escalation. Connected sources (CNVD-2022-26771) reference the root cause as an absence of...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.87 views

CVE-2021-39779

CVE-2021-39779 affects Android 12L via Telecom Service.getCallStateUsingPackage, where there is a missing permission check that could allow local information disclosure of the call state without extra execution privileges. The issue is described across sources (CVE entry and CNVD-2022-44589) as a...

5.5CVSS5.5AI score0.00098EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.87 views

CVE-2022-20043

CVE-2022-20043 relates to a Bluetooth escalation-of-privilege vulnerability caused by a missing permission check that enables local privilege escalation without user interaction. The entry notes no additional execution privileges are required. Reported fixes reference Patch ID ALPS06148177 and Is...

7.8CVSS7.6AI score0.00134EPSS
CVE
CVE
added 2022/06/15 1:19 p.m.87 views

CVE-2022-20165

CVE-2022-20165 affects the Android kernel component asn1_parse in asn1.c, where an incorrect bounds check can cause an out-of-bounds read. The consequence is local information disclosure with system execution privileges potentially required. The CVE is described as requiring no user interaction a...

4.9CVSS4.3AI score0.00113EPSS
CVE
CVE
added 2022/06/15 1:21 p.m.87 views

CVE-2022-20179

Technical details about CVE-2022-20179 are not provided in the supplied documents; no affected component/version or impact is disclosed. Monitor for updates from official advisories.

7.5CVSS7.4AI score0.00358EPSS
CVE
CVE
added 2022/06/15 1:22 p.m.87 views

CVE-2022-20184

CVE-2022-20184 is listed in the Pixel security bulletin under the Modem category with type ID (Information Disclosure) and moderate severity. Documents indicate it affects Google Pixel devices, specifically the Modem component, but do not provide the root cause or exact exploit details. A remedia...

7.5CVSS7.4AI score0.00375EPSS
CVE
CVE
added 2022/08/11 3:9 p.m.87 views

CVE-2022-20251

The CVE-2022-20251 issue affects Android 13 and involves LocaleManager. It enables a local attacker to determine whether a given app is installed without query permissions via a side-channel information disclosure, leading to potential local information exposure with no extra execution privileges...

3.3CVSS4.2AI score0.0009EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.87 views

CVE-2022-20559

CVE-2022-20559 affects Android 13, describing a side-channel disclosure in revokeOwnPermissionsOnKill within PermissionManager.java that may allow an app to be detected as installed without query permissions. The issue results in local information disclosure with no additional execution privilege...

3.3CVSS3.5AI score0.00118EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.87 views

CVE-2022-20598

CVE-2022-20598 describes an integer overflow in the Android kernel’s sec_media_protect function (media.c). The issue can cause a local Elevation of Privilege in the secure mode MFC Core, with no additional privileges or user interaction required. The available documents specify the vulnerability ...

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2022/07/06 1:6 p.m.87 views

CVE-2022-21766

CVE-2022-21766 affects MediaTek CCCI (core inter-processor communication) with an out-of-bounds write caused by a missing bounds check. This vulnerability can enable local escalation of privileges to SYSTEM level without user interaction. Exploitation status is not described in the provided docum...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2022/06/07 6:3 p.m.87 views

CVE-2022-30726

CVE-2022-30726 corresponds to an unprotected DeviceSearchTrampoline component in Samsung SecSettingsIntelligence, enabling local attackers to launch SecSettingsIntelligence activities. Affected: Samsung Mobile/SecSettingsIntelligence (DeviceSearchTrampoline). Root cause: unprotected component exp...

7.8CVSS7.4AI score0.00095EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.87 views

CVE-2022-42501

CVE-2022-42501 involves an out-of-bounds write in HexString2Value within util.cpp. The vulnerability affects Android kernel components and can enable local escalation of privilege with System execution privileges, without user interaction. Exploitation details, affected versions, and remediation ...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.87 views

CVE-2022-42516

CVE-2022-42516 affects Android kernel in ProtocolSimBuilderLegacy::BuildSimGetGbaAuth. The flaw is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with System privileges (no user interaction required). Exploitation and impact are described in multiple...

4.4CVSS4.3AI score0.00117EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.87 views

CVE-2022-42526

The CVE-2022-42526 entry concerns an out-of-bounds write in ConvertUtf8ToUcs2 within radio_hal_utils.cpp, tied to the Android kernel. The root cause is a missing bounds check in that function, which could allow a local escalation of privilege with System privileges required; exploitation is descr...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-20976

CVE-2023-20976 affects Android 13 where the vulnerability exists in getConfirmationMessage of DefaultAutofillPicker.java . Improper input validation may mislead a user into selecting the default autofill application, enabling a local privilege escalation with no extra execution privileges require...

7.3CVSS7.3AI score0.00102EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-20992

CVE-2023-20992 concerns a potential out-of-bounds read in the Android Bluetooth stack, specifically in on_iso_link_quality_read within btm_iso_impl.h. The flaw can enable local information disclosure on affected devices (Android 13) with System execution privileges, and exploitation does not requ...

4.5CVSS4.2AI score0.00139EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-20997

CVE-2023-20997 concerns Android 13 where multiple locations allow triggering a persistent reboot loop due to improper input validation. This yields local denial of service with user execution privileges required, and no user interaction is needed for exploitation. The issue is documented as a DoS...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-21044

CVE-2023-21044 relates to the Android kernel and the initialization of VendorGraphicBufferMeta. The issue is an out-of-bounds read caused by a missing bounds check in init, enabling potential local information disclosure with System execution privileges required. Exploitation is described as loca...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-21047

CVE-2023-21047 affects Android kernel, with the issue localized to ConvertToHalMetadata in aidl_utils.cc where a missing bounds check enables an out-of-bounds read. This can lead to local information disclosure with system-level privileges required for exploitation and does not require user inter...

4.4CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-21048

CVE-2023-21048 affects Android kernel (nan.cpp, handleEvent). Root cause: missing bounds check causing out-of-bounds read. Impact: local information disclosure with SYSTEM privileges required; no user interaction. Exploitation status is not detailed in the provided documents. Mitigation reference...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-21068

The CVE-2023-21068 entry concerns Android kernel with a local privilege escalation via booting with a hidden debug policy due to a missing user warning. Affected component is the Android kernel; description states that after preparing the device and hiding the warning, a user can hand the device ...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.87 views

CVE-2023-21069

Summary: CVE-2023-21069 affects the Android kernel (bcm4389 driver) in the wl_update_hidden_ap_ie function of wl_cfgscan.c, causing an out-of-bounds write due to a missing bounds check. This enables local escalation of privilege (System level) without user interaction. Technical details confirmed...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.87 views

CVE-2023-21194

The CVE-2023-21194 entry concerns Android 13 Bluetooth stack (gatt_utils.cc: gatt_dbg_op_name). A missing bounds check allows an out-of-bounds read, enabling local information disclosure via the Bluetooth server. Exploitation requires System privileges; no user interaction is needed. Public detai...

4.4CVSS4.2AI score0.00094EPSS
CVE
CVE
added 2025/01/08 5:35 p.m.87 views

CVE-2023-35685

CVE-2023-35685 describes a logic error in DevmemIntMapPages within the file devicemem_server.c that can cause a physical page use-after-free. This USE-After-FREE condition could enable local privilege escalation in the kernel without requiring additional execution privileges or user interaction. ...

7.8CVSS6.8AI score0.0015EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.87 views

CVE-2023-40108

CVE-2023-40108 describes an information-disclosure vulnerability in Google Android where a lack of permission checking can allow access to media content belonging to other users without executing code or requiring user interaction. The CVE notes a local access vector with medium base score (5.5) ...

5.5CVSS5.9AI score0.00082EPSS
CVE
CVE
added 2023/12/08 3:41 p.m.87 views

CVE-2023-48410

CVE-2023-48410 involves an out-of-bounds read in cd_ParseMsg of cd_codec.c due to a missing bounds check, enabling remote information disclosure without extra privileges or user interaction. The description is consistent across NVD, PRION, CVELIST, and CNNVD entries. Pixel/Android Bulletin refere...

7.5CVSS7.1AI score0.00409EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.87 views

CVE-2024-27232

CVE-2024-27232 describes an out-of-bounds read in asn1_ec_pkey_parse of asn1_common.c due to a missing null check, enabling local information disclosure without extra privileges and no user interaction. The connected Red Hat/OSV/NVD entries confirm the root cause and impact but do not specify aff...

5.5CVSS6AI score0.00088EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.87 views

CVE-2024-29781

CVE-2024-29781: A possible out-of-bounds read in ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c could enable remote information disclosure without authentication or user interaction. Documented impact is information disclosure (no integrity/availability impact stated). In Pixel/Android ...

7.5CVSS6.3AI score0.00343EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.87 views

CVE-2024-29785

CVE-2024-29785 describes an information disclosure in the Aurora driver code path: the function name and file are aur_get_state in aurora.c. The root cause is uninitialized data leading to local information disclosure without extra privileges or user interaction. Affected entity is evidenced by m...

5.5CVSS6AI score0.00082EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.87 views

CVE-2024-32898

CVE-2024-32898 affects the ProtocolCellIdentityParserV4::Parse() function in protocolnetadapter.cpp. A missing bounds check causes an out-of-bounds read, enabling potential information disclosure. The impact is described as a local disclosure risk that could enable baseband firmware compromise; e...

4.7CVSS6AI score0.00076EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.87 views

CVE-2024-32908

CVE-2024-32908 concerns the Android media.c component: in the sec_media_protect function there is a race condition that can bypass permissions and enable local escalation of privileges. Exploitation is described as needing local access with no user interaction, but no exploit details are provided...

8.4CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.87 views

CVE-2024-32930

CVE-2024-32930 involves a flaw in the plugin_ipc_handler of the slc_plugin.c module, where uninitialized data can cause a local information disclosure of 4 bytes from the stack. Exploitation is described as local with no user interaction and no additional execution privileges required. The provid...

5.5CVSS6AI score0.00076EPSS
CVE
CVE
added 2025/03/10 6:19 p.m.87 views

CVE-2024-56188

CVE-2024-56188 affects Google Pixel devices with a modem component vulnerability caused by a missing null check, enabling Denial of Service. Reports consistently describe DoS without user interaction and without extra privileges. Pixel Update Bulletin (March 2025) lists CVE-2024-56188 under the M...

5.1CVSS7AI score0.00106EPSS
CVE
CVE
added 2014/04/29 8:0 p.m.86 views

CVE-2013-7372

CVE-2013-7372 affects the SecureRandom implementation in Apache Harmony (SHA1PRNG_SecureRandomImpl) used by JCA in Android up to version 4.3/4.4 boundaries. The engineNextBytes function uses an incorrect offset when no user seed is provided, making the PRNG output more predictable and enabling at...

5CVSS6.8AI score0.0234EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.86 views

CVE-2014-9895

Technical details for CVE-2014-9895 are not publicly available in the provided documents. The materials reference an information disclosure in media-device.c but do not specify affected versions, root cause, impact, or fixes within this corpus. Monitor for updates.

5.5CVSS5.3AI score0.00723EPSS
CVE
CVE
added 2024/12/04 11:37 p.m.86 views

CVE-2018-9439

The issue CVE-2018-9439 affects the Linux kernel’s af_packet.c, specifically in __unregister_prot_hook and packet_release. The root cause is an improper locking leading to a use-after-free scenario in the network stack. Impact described across sources is local privilege escalation with kernel-lev...

7.8CVSS6.9AI score0.00083EPSS
CVE
CVE
added 2019/06/19 8:0 p.m.86 views

CVE-2019-2015

CVE-2019-2015 affects Android devices and centers on rw_t3t_act_handle_check_rsp in rw_t3t.cc, where a missing bounds check can cause an out-of-bounds write. This leads to local elevation of privilege with no additional execution privileges needed; user interaction is required to exploit. Affecte...

9.3CVSS8.3AI score0.00796EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.86 views

CVE-2020-0046

CVE-2020-0046 affects Android 10 Media Framework (DrmPlugin.cpp). It describes a heap-buffer overflow in DrmPlugin::releaseSecureStops causing an out-of-bounds write, enabling local privilege escalation without user interaction. Public details in the Pixel bulletin indicate patch level 2020-03-05...

7.8CVSS8.3AI score0.00161EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.86 views

CVE-2020-0062

CVE-2020-0062 affects Android Euicc. An information disclosure exists due to an included test certificate, enabling remote data exposure without extra privileges. Exploitation is network-based with no user interaction required. CVSSv2/3.1 base scores are 5.0 (MEDIUM) and 7.5 (HIGH) respectively. ...

7.5CVSS7.4AI score0.00609EPSS
CVE
CVE
added 2021/06/22 10:58 a.m.86 views

CVE-2021-0565

CVE-2021-0565 is a local elevation-of-privilege issue in Android 11 related to wrapUserThread in AudioStream.cpp. The vulnerability arises from a race condition causing a use-after-free, enabling local privilege escalation without user interaction. Documented impact is limited to Android-11/audio...

7CVSS7AI score0.00093EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.86 views

CVE-2021-1033

CVE-2021-1033 affects Android 12L and involves a local elevation-of-privilege in ConnectedDevicesSliceProvider.java.java (createGeneralSlice) due to an unsafe PendingIntent. Impact: local Privilege Escalation with HIGH/Partial/Partial likelihoods in CVSS3.1 terms, with no user interaction require...

7.8CVSS7.9AI score0.00098EPSS
Total number of security vulnerabilities8153