Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/03/30 4:2 p.m.86 views

CVE-2021-39742

CVE-2021-39742 affects Android 12L Voice Mail: a missing permission check allows information disclosure by retrieving a trackable identifier from Voicemail, with local access and user interaction required for exploitation. The issue is classified under System/ID in Android 12L release notes and i...

5.5CVSS5.6AI score0.00297EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.86 views

CVE-2021-39743

CVE-2021-39743 affects Google Android 12L in the PackageManager component, where a missing permission check allows updating another package’s last-used time and enables local elevation of privilege with no extra execution privileges needed. The vulnerability is classified as EoP and is documented...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.86 views

CVE-2021-39765

CVE-2021-39765 is a permission bypass in the Gallery app on Android 12L caused by a confusion of agents (confused deputy) that can lead to local information disclosure. Exploitation is described as local with low attack complexity and no user interaction required, requiring User privileges. The C...

5.5CVSS5.6AI score0.00118EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.86 views

CVE-2021-39786

CVE-2021-39786 affects Android 12L NFC component and is characterized by an out-of-bounds write due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction. Affected: Android 12L devices; trigger by NFC handling (component/file not deeply detailed in the ...

6.7CVSS7.1AI score0.00106EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.86 views

CVE-2022-20066

CVE-2022-20066 affects the atf (hwfde) component. The issue is described as an incorrect error handling path that can cause a local information disclosure leak, with privileges required to execute (System) and no user interaction needed for exploitation. The vulnerability is associated with Media...

4.4CVSS4.2AI score0.00117EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.86 views

CVE-2022-20068

CVE-2022-20068 affects MediaTek devices where the vulnerable component is the mobile_log_d process, due to improper link resolution allowing symbolic link following. The issue could enable local escalation of privilege with System execution privileges required, and exploitation does not require u...

6.7CVSS6.6AI score0.0012EPSS
CVE
CVE
added 2022/05/03 7:58 p.m.86 views

CVE-2022-20092

The CVE-2022-20092 issue affects MediaTek devices with the alac decoder. Root cause: missing bounds checks cause an out-of-bounds read, enabling local information disclosure without execution privileges. Exploitation is reported as requiring local access; user interaction is not needed. Patch/mit...

5.5CVSS5AI score0.00105EPSS
CVE
CVE
added 2022/05/03 8:0 p.m.86 views

CVE-2022-20098

CVE-2022-20098 affects the aee daemon and enables local information disclosure due to a missing permission check. The flaw could allow an attacker with System execution privileges to read sensitive data without user interaction. Impact is described as local access with partial confidentiality los...

4.4CVSS4.3AI score0.00125EPSS
CVE
CVE
added 2022/06/15 1:20 p.m.86 views

CVE-2022-20169

CVE-2022-20169 is associated with Android kernel/modem in Google Pixel devices as per the connected documents. The PRION source explicitly labels the issue as a "Code injection" vulnerability, while other documents broadly reference the Android kernel/modem context for this CVE. The exact root ca...

7.5CVSS7.4AI score0.00358EPSS
CVE
CVE
added 2022/08/11 3:2 p.m.86 views

CVE-2022-20379

The CVE-2022-20379 entry relates to the Android kernel (Pixel devices) where a use-after-free in lwis_buffer_alloc (lwis_buffer.c) enables arbitrary code execution, resulting in local escalation of privilege with System execution privileges required. Exploitation is described as local with no use...

6.7CVSS7AI score0.00099EPSS
CVE
CVE
added 2022/08/11 3:5 p.m.86 views

CVE-2022-20407

CVE-2022-20407 affects the Android kernel as cited in the Pixel security bulletin, with the vulnerability categorized under the Modem component and rated DoS (Moderate) in that context. The CVSSv3.1 base score is 7.5 (Network attack vector, Low attack complexity, No privileges required, No user i...

7.5CVSS7.4AI score0.0029EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20504

In Android 13, CVE-2022-20504 is a local elevation-of-privilege issue in DreamManagerService.java caused by missing permission checks in multiple locations. The vulnerability could allow an attacker with local access to elevate privileges and dismiss system dialogs without requiring user interact...

6.7CVSS6.6AI score0.00167EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20512

CVE-2022-20512 affects Android 13 via an input validation flaw in Task.java: navigateUpTo can launch an intent with a mismatched intent, enabling local elevation of privilege without user interaction. The issue is documented in Google’s Pixel bulletin; patch level 2022-12-05 (and related Android-...

7.8CVSS7.7AI score0.00138EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20515

CVE-2022-20515 affects Android 13 in the Settings app, via onPreferenceClick in AccountTypePreferenceLoader.java. The issue stems from a confused deputy, enabling local information disclosure with no extra privileges and no user interaction required. Impact is described as protected-files leakage...

5.5CVSS5.1AI score0.00167EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20516

CVE-2022-20516 affects Android 13 via rw_t3t_act_handle_check_ndef_rsp in rw_t3t.cc. The issue is an integer overflow that can cause an out-of-bounds read, potentially enabling remote information disclosure without privileges or user interaction. Exploitation details are not provided in the suppl...

7.5CVSS7AI score0.00755EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20519

CVE-2022-20519 affects Android 13 in the AddAppNetworksActivity.java onCreate path. The root cause is a missing permission check that could let a guest user configure WiFi networks, enabling local elevation of privilege. Exploitation requires local access; no extra user interaction is needed. No ...

3.3CVSS4.3AI score0.00148EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20536

CVE-2022-20536 concerns Android 13 where in RcsService.java’s registerBroadcastReceiver a missing permission check could allow a local escalation of privilege with no extra execution privileges and without user interaction. Affected component is the registerBroadcastReceiver method in RcsService....

3.3CVSS4.3AI score0.00109EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20560

CVE-2022-20560 is tied to the Android kernel as described in connected sources (e.g., PRION listing). The vulnerability is characterized as code injection in the Android kernel, affecting Android kernel components on Pixel devices (Android ID A-212623833). CVSSv3.1 from NVD indicates network atta...

7.5CVSS7.4AI score0.00266EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20571

The CVE-2022-20571 entry documents a use-after-free in extract_metadata of dm-android-verity.c in the Android kernel, which can corrupt kernel memory. It implies local escalation of privilege to System with no user interaction required. Affected component is the kernel’s dm-verity subsystem; root...

6.7CVSS6.5AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20576

This CVE-2022-20576 affects Android kernel telephony code, specifically the externalOnRequest function in rilapplication.cpp. The issue is a potential out-of-bounds write caused by a missing bounds check, which could enable local escalation of privilege with System execution privileges required. ...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20585

CVE-2022-20585 affects the Android kernel component drm_access_control.c, specifically the function valid_out_of_special_sec_dram_addr. The issue is an elevation of privilege due to improper input validation, enabling local privilege escalation with no extra user interaction. Exploitation details...

7.8CVSS7.7AI score0.00125EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-20590

The CVE-2022-20590 entry concerns the Android kernel, specifically the valid_va_sec_mfc_check function in drm_access_control.c. The vulnerability is an information disclosure caused by improper input validation, allowing local information disclosure without requiring additional execution privileg...

5.5CVSS5.1AI score0.00167EPSS
CVE
CVE
added 2022/06/06 5:35 p.m.86 views

CVE-2022-21747

CVE-2022-21747 affects the imgsensor component in MediaTek-based devices. A missing bounds check enables out-of-bounds reads, which could cause local denial of service with system privileges required. The vulnerability does not require user interaction for exploitation. A patch is referenced as A...

4.4CVSS4.6AI score0.00103EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.86 views

CVE-2022-24929

Summary: CVE-2022-24929 affects Samsung AppLock (Android) prior to SMR Mar-2022 Release 1, where an unprotected Activity allows an attacker to change the list of locked apps without authentication. Affected component: AppLock on Samsung Android devices (unprotected activity in AppLock). Root caus...

4.1CVSS4AI score0.00099EPSS
CVE
CVE
added 2022/03/08 1:47 p.m.86 views

CVE-2022-25820

CVE-2022-25820 concerns Samsung’s fingerprint matching algorithm, with a vulnerable design present before SMR Mar-2022 Release 1. It enables a physical attacker to brute-force a screen-lock password. The issue is linked to local access and high confidentiality impact per CVSS 3.1 metrics. A fix i...

4.6CVSS4.5AI score0.00102EPSS
CVE
CVE
added 2022/07/11 1:36 p.m.86 views

CVE-2022-33703

CVE-2022-33703 refers to an improper validation vulnerability in Samsung CACertificateInfo before the SMR July-2022 Release 1, enabling an elevation of privilege by exploiting faulty authentication logic. Public sources consistently describe the impact as attackers being able to "launch certain a...

8.5CVSS7.5AI score0.00083EPSS
CVE
CVE
added 2022/08/05 3:13 p.m.86 views

CVE-2022-33723

CVE-2022-33723 concerns a vulnerable code path in the BluetoothScanDialog component on Android/Samsung devices. The issue is located in the onCreate method of BluetoothScanDialog, where an attacker could trick a user into selecting an unwanted Bluetooth device via a tapjacking/overlay attack. Aff...

6.1CVSS6.3AI score0.0013EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-42503

CVE-2022-42503 affects Android kernel via ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria. The issue is an out-of-bounds write caused by a missing bounds check in this function, enabling local escalation of privilege with System execution privileges required. Exploitation requires no user int...

6.7CVSS6.7AI score0.00116EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-42507

CVE-2022-42507 describes a potential out-of-bounds write in ProtocolSimBuilder::BuildSimUpdatePb3gEntry within the Android kernel, caused by a missing bounds check. The vulnerability could enable local escalation of privilege with System privileges required, and exploitation is stated as requirin...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-42509

CVE-2022-42509 affects the Android kernel component in the function CallDialReqData::encode (callreqdata.cpp). The issue is described as an out-of-bounds write caused by a missing bounds check, which could enable a local escalation of privilege with System execution privileges required. Exploitat...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.86 views

CVE-2022-42510

CVE-2022-42510 involves the Android kernel component where the function is StringsRequestData::encode in requestdata.cpp. The root cause is an out-of-bounds read caused by improper input validation, which could enable a local escalation of privilege with System execution privileges required. Expl...

6.7CVSS6.6AI score0.00118EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.86 views

CVE-2023-20985

CVE-2023-20985 concerns an out-of-bounds write in BTA_GATTS_HandleValueIndication within bta_gatts_api.cc due to improper input validation. Affects Android 13; exploitation would enable local elevation of privilege with no user interaction required. The connected sources describe the vulnerabilit...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.86 views

CVE-2023-20998

CVE-2023-20998 affects Android 13 and related Pixel/Android components. The issue is described as an input validation flaw that can trigger a persistent reboot loop, causing local denial of service. Exploitation requires privileges (local) but does not require user interaction. Connected sources ...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.86 views

CVE-2023-21040

CVE-2023-21040 concerns the Android kernel Bluetooth code, specifically in the function buildCommand within bluetooth_ccc.cc. The issue is a logic error that can cause an out-of-bounds write, enabling local elevation of privilege with no additional execution privileges required and with no user i...

7.8CVSS7.7AI score0.001EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.86 views

CVE-2023-21051

CVE-2023-21051 affects the Android kernel via the path dwc3_exynos_clk_get in dwc3-exynos.c, where an incorrect bounds check can cause an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required; exploitation is described as local and does not req...

6.7CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.86 views

CVE-2023-21055

In CVE-2023-21055, a use-after-free due to a race condition exists in the dit_hal_ioctl function of dit.c in the Android kernel. This vulnerability can enable local escalation of privilege with SYSTEM privileges needed, and does not require user interaction. Affected component is the Android kern...

6.4CVSS6.6AI score0.00087EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.86 views

CVE-2023-21189

CVE-2023-21189 affects Android 13 (Pixel devices) via a logic error in startLockTaskMode within LockTaskController.java that can bypass lock task mode, enabling local privilege escalation with only user interaction required. The vulnerability is documented across multiple sources (NVD, Red Hat, P...

7.3CVSS7.3AI score0.00086EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.86 views

CVE-2023-21190

CVE-2023-21190 affects Android 13 devices, with the issue located in btm_acl_encrypt_change within btm_acl.cc. A remote device can turn off encryption without terminating the connection, potentially enabling local information disclosure and requiring user interaction for exploitation. Exploitatio...

5CVSS4.9AI score0.00076EPSS
CVE
CVE
added 2023/12/08 3:44 p.m.86 views

CVE-2023-48415

CVE-2023-48415 concerns an out-of-bounds read in Init of protocolembmsadapter.cpp caused by a missing bounds check. Per multiple connected documents, this can lead to local information disclosure without requiring user interaction. The issue is associated with Android/Google Pixel components (inc...

5.5CVSS5.1AI score0.001EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.86 views

CVE-2024-11624

CVE-2024-11624 affects Google Android (notably Pixel) and is categorized as an Elevation of Privilege (VPN) vulnerability. The issue arises from an undeclared permission that allows adding apps to bypass VPN, enabling local privilege elevation with no extra execution privileges and no user intera...

7.8CVSS7.2AI score0.00076EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.86 views

CVE-2024-29738

CVE-2024-29738 affects the gov_init component and is described across Red Hat, NVD, CVE listings, and OSV as a possible out-of-bounds read caused by a missing bounds check. The exploitation vector is local (attack vector: LOCAL) with no user interaction required, and the impact is local informati...

5.5CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.86 views

CVE-2024-29750

CVE-2024-29750 : The issue is a possible out-of-bounds read in the km_exp_did_inner function of kmv.c due to a missing bounds check. This can lead to local information disclosure without extra execution privileges and without user interaction. Public details on affected versions or a fix are not ...

5.5CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.86 views

CVE-2024-29755

CVE-2024-29755 affects the tmu_get_pi function in tmu.c, causing an out-of-bounds read due to improper input validation. This can lead to local information disclosure without extra privileges or user interaction. The issue is addressed by Pixel updates; patch level 2024-04-05 or later is indicate...

4.4CVSS6.1AI score0.00087EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.86 views

CVE-2024-32903

CVE-2024-32903 affects the lwis transaction component, specifically the function prepare_response_locked. The provided documents indicate a possible out-of-bounds write caused by improper input validation, which could lead to local privilege escalation without requiring additional privileges or u...

7.8CVSS6.9AI score0.00086EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.86 views

CVE-2024-47035

The CVE affects virtio’s vring_init in external/headers/include/virtio/virtio_ring.h, where a logic error can cause an out-of-bounds write. This may enable local privilege escalation with no extra privileges or user interaction; exploitation details are not provided in the supplied documents. Rem...

7.8CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.86 views

CVE-2024-53836

CVE-2024-53836 is an out-of-bounds write vulnerability in the Android wb_regon_coordinator.c file, specifically in the function wbrc_bt_dev_write. The issue arises from a lack of bounds checking, allowing a potential buffer overflow that could enable local escalation of privilege with System exec...

6.7CVSS7.4AI score0.00081EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.86 views

CVE-2024-53839

CVE-2024-53839 arises from an out-of-bounds read in the Android kernel/user-space component, specifically in the GetCellInfoList() implementation of protocolnetadapter.cpp . The missing bounds check can enable a local attacker to cause information disclosure, with exploitation claimed to require ...

5.5CVSS6.3AI score0.00075EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.86 views

CVE-2024-53841

CVE-2024-53841 describes a potential permission bypass due to a confused deputy in Android’s startListeningForDeviceStateChanges, enabling local elevation of privilege with no user interaction required. The issue is categorized in the Pixel bulletin as an Elevation of Privilege (EoP) affecting th...

7.8CVSS7.2AI score0.0009EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.85 views

CVE-2015-3106

Adobe Flash Player contains a use-after-free vulnerability (CVE-2015-3106) that allows arbitrary code execution via unspecified vectors. Affected products include Flash Player before 13.0.0.292 and 14.x up to 18.x before 18.0.0.160 on Windows/macOS, and before 11.2.202.466 on Linux; Adobe AIR bef...

10CVSS7.4AI score0.43454EPSS
CVE
CVE
added 2015/10/02 1:0 a.m.85 views

CVE-2015-3876

CVE-2015-3876 is a vulnerability in Android's Stagefright libstagefright that could allow remote code execution by processing crafted MP3/MP4 media files. The Android bulletin documents this as part of a set of remote‑code‑execution issues in libstagefright, with affected versions including Andro...

9.3CVSS7.8AI score0.03137EPSS
Total number of security vulnerabilities8153