8153 matches found
CVE-2021-39742
CVE-2021-39742 affects Android 12L Voice Mail: a missing permission check allows information disclosure by retrieving a trackable identifier from Voicemail, with local access and user interaction required for exploitation. The issue is classified under System/ID in Android 12L release notes and i...
CVE-2021-39743
CVE-2021-39743 affects Google Android 12L in the PackageManager component, where a missing permission check allows updating another package’s last-used time and enables local elevation of privilege with no extra execution privileges needed. The vulnerability is classified as EoP and is documented...
CVE-2021-39765
CVE-2021-39765 is a permission bypass in the Gallery app on Android 12L caused by a confusion of agents (confused deputy) that can lead to local information disclosure. Exploitation is described as local with low attack complexity and no user interaction required, requiring User privileges. The C...
CVE-2021-39786
CVE-2021-39786 affects Android 12L NFC component and is characterized by an out-of-bounds write due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction. Affected: Android 12L devices; trigger by NFC handling (component/file not deeply detailed in the ...
CVE-2022-20066
CVE-2022-20066 affects the atf (hwfde) component. The issue is described as an incorrect error handling path that can cause a local information disclosure leak, with privileges required to execute (System) and no user interaction needed for exploitation. The vulnerability is associated with Media...
CVE-2022-20068
CVE-2022-20068 affects MediaTek devices where the vulnerable component is the mobile_log_d process, due to improper link resolution allowing symbolic link following. The issue could enable local escalation of privilege with System execution privileges required, and exploitation does not require u...
CVE-2022-20092
The CVE-2022-20092 issue affects MediaTek devices with the alac decoder. Root cause: missing bounds checks cause an out-of-bounds read, enabling local information disclosure without execution privileges. Exploitation is reported as requiring local access; user interaction is not needed. Patch/mit...
CVE-2022-20098
CVE-2022-20098 affects the aee daemon and enables local information disclosure due to a missing permission check. The flaw could allow an attacker with System execution privileges to read sensitive data without user interaction. Impact is described as local access with partial confidentiality los...
CVE-2022-20169
CVE-2022-20169 is associated with Android kernel/modem in Google Pixel devices as per the connected documents. The PRION source explicitly labels the issue as a "Code injection" vulnerability, while other documents broadly reference the Android kernel/modem context for this CVE. The exact root ca...
CVE-2022-20379
The CVE-2022-20379 entry relates to the Android kernel (Pixel devices) where a use-after-free in lwis_buffer_alloc (lwis_buffer.c) enables arbitrary code execution, resulting in local escalation of privilege with System execution privileges required. Exploitation is described as local with no use...
CVE-2022-20407
CVE-2022-20407 affects the Android kernel as cited in the Pixel security bulletin, with the vulnerability categorized under the Modem component and rated DoS (Moderate) in that context. The CVSSv3.1 base score is 7.5 (Network attack vector, Low attack complexity, No privileges required, No user i...
CVE-2022-20504
In Android 13, CVE-2022-20504 is a local elevation-of-privilege issue in DreamManagerService.java caused by missing permission checks in multiple locations. The vulnerability could allow an attacker with local access to elevate privileges and dismiss system dialogs without requiring user interact...
CVE-2022-20512
CVE-2022-20512 affects Android 13 via an input validation flaw in Task.java: navigateUpTo can launch an intent with a mismatched intent, enabling local elevation of privilege without user interaction. The issue is documented in Google’s Pixel bulletin; patch level 2022-12-05 (and related Android-...
CVE-2022-20515
CVE-2022-20515 affects Android 13 in the Settings app, via onPreferenceClick in AccountTypePreferenceLoader.java. The issue stems from a confused deputy, enabling local information disclosure with no extra privileges and no user interaction required. Impact is described as protected-files leakage...
CVE-2022-20516
CVE-2022-20516 affects Android 13 via rw_t3t_act_handle_check_ndef_rsp in rw_t3t.cc. The issue is an integer overflow that can cause an out-of-bounds read, potentially enabling remote information disclosure without privileges or user interaction. Exploitation details are not provided in the suppl...
CVE-2022-20519
CVE-2022-20519 affects Android 13 in the AddAppNetworksActivity.java onCreate path. The root cause is a missing permission check that could let a guest user configure WiFi networks, enabling local elevation of privilege. Exploitation requires local access; no extra user interaction is needed. No ...
CVE-2022-20536
CVE-2022-20536 concerns Android 13 where in RcsService.java’s registerBroadcastReceiver a missing permission check could allow a local escalation of privilege with no extra execution privileges and without user interaction. Affected component is the registerBroadcastReceiver method in RcsService....
CVE-2022-20560
CVE-2022-20560 is tied to the Android kernel as described in connected sources (e.g., PRION listing). The vulnerability is characterized as code injection in the Android kernel, affecting Android kernel components on Pixel devices (Android ID A-212623833). CVSSv3.1 from NVD indicates network atta...
CVE-2022-20571
The CVE-2022-20571 entry documents a use-after-free in extract_metadata of dm-android-verity.c in the Android kernel, which can corrupt kernel memory. It implies local escalation of privilege to System with no user interaction required. Affected component is the kernel’s dm-verity subsystem; root...
CVE-2022-20576
This CVE-2022-20576 affects Android kernel telephony code, specifically the externalOnRequest function in rilapplication.cpp. The issue is a potential out-of-bounds write caused by a missing bounds check, which could enable local escalation of privilege with System execution privileges required. ...
CVE-2022-20585
CVE-2022-20585 affects the Android kernel component drm_access_control.c, specifically the function valid_out_of_special_sec_dram_addr. The issue is an elevation of privilege due to improper input validation, enabling local privilege escalation with no extra user interaction. Exploitation details...
CVE-2022-20590
The CVE-2022-20590 entry concerns the Android kernel, specifically the valid_va_sec_mfc_check function in drm_access_control.c. The vulnerability is an information disclosure caused by improper input validation, allowing local information disclosure without requiring additional execution privileg...
CVE-2022-21747
CVE-2022-21747 affects the imgsensor component in MediaTek-based devices. A missing bounds check enables out-of-bounds reads, which could cause local denial of service with system privileges required. The vulnerability does not require user interaction for exploitation. A patch is referenced as A...
CVE-2022-24929
Summary: CVE-2022-24929 affects Samsung AppLock (Android) prior to SMR Mar-2022 Release 1, where an unprotected Activity allows an attacker to change the list of locked apps without authentication. Affected component: AppLock on Samsung Android devices (unprotected activity in AppLock). Root caus...
CVE-2022-25820
CVE-2022-25820 concerns Samsung’s fingerprint matching algorithm, with a vulnerable design present before SMR Mar-2022 Release 1. It enables a physical attacker to brute-force a screen-lock password. The issue is linked to local access and high confidentiality impact per CVSS 3.1 metrics. A fix i...
CVE-2022-33703
CVE-2022-33703 refers to an improper validation vulnerability in Samsung CACertificateInfo before the SMR July-2022 Release 1, enabling an elevation of privilege by exploiting faulty authentication logic. Public sources consistently describe the impact as attackers being able to "launch certain a...
CVE-2022-33723
CVE-2022-33723 concerns a vulnerable code path in the BluetoothScanDialog component on Android/Samsung devices. The issue is located in the onCreate method of BluetoothScanDialog, where an attacker could trick a user into selecting an unwanted Bluetooth device via a tapjacking/overlay attack. Aff...
CVE-2022-42503
CVE-2022-42503 affects Android kernel via ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria. The issue is an out-of-bounds write caused by a missing bounds check in this function, enabling local escalation of privilege with System execution privileges required. Exploitation requires no user int...
CVE-2022-42507
CVE-2022-42507 describes a potential out-of-bounds write in ProtocolSimBuilder::BuildSimUpdatePb3gEntry within the Android kernel, caused by a missing bounds check. The vulnerability could enable local escalation of privilege with System privileges required, and exploitation is stated as requirin...
CVE-2022-42509
CVE-2022-42509 affects the Android kernel component in the function CallDialReqData::encode (callreqdata.cpp). The issue is described as an out-of-bounds write caused by a missing bounds check, which could enable a local escalation of privilege with System execution privileges required. Exploitat...
CVE-2022-42510
CVE-2022-42510 involves the Android kernel component where the function is StringsRequestData::encode in requestdata.cpp. The root cause is an out-of-bounds read caused by improper input validation, which could enable a local escalation of privilege with System execution privileges required. Expl...
CVE-2023-20985
CVE-2023-20985 concerns an out-of-bounds write in BTA_GATTS_HandleValueIndication within bta_gatts_api.cc due to improper input validation. Affects Android 13; exploitation would enable local elevation of privilege with no user interaction required. The connected sources describe the vulnerabilit...
CVE-2023-20998
CVE-2023-20998 affects Android 13 and related Pixel/Android components. The issue is described as an input validation flaw that can trigger a persistent reboot loop, causing local denial of service. Exploitation requires privileges (local) but does not require user interaction. Connected sources ...
CVE-2023-21040
CVE-2023-21040 concerns the Android kernel Bluetooth code, specifically in the function buildCommand within bluetooth_ccc.cc. The issue is a logic error that can cause an out-of-bounds write, enabling local elevation of privilege with no additional execution privileges required and with no user i...
CVE-2023-21051
CVE-2023-21051 affects the Android kernel via the path dwc3_exynos_clk_get in dwc3-exynos.c, where an incorrect bounds check can cause an out-of-bounds write. This can lead to local privilege escalation with System execution privileges required; exploitation is described as local and does not req...
CVE-2023-21055
In CVE-2023-21055, a use-after-free due to a race condition exists in the dit_hal_ioctl function of dit.c in the Android kernel. This vulnerability can enable local escalation of privilege with SYSTEM privileges needed, and does not require user interaction. Affected component is the Android kern...
CVE-2023-21189
CVE-2023-21189 affects Android 13 (Pixel devices) via a logic error in startLockTaskMode within LockTaskController.java that can bypass lock task mode, enabling local privilege escalation with only user interaction required. The vulnerability is documented across multiple sources (NVD, Red Hat, P...
CVE-2023-21190
CVE-2023-21190 affects Android 13 devices, with the issue located in btm_acl_encrypt_change within btm_acl.cc. A remote device can turn off encryption without terminating the connection, potentially enabling local information disclosure and requiring user interaction for exploitation. Exploitatio...
CVE-2023-48415
CVE-2023-48415 concerns an out-of-bounds read in Init of protocolembmsadapter.cpp caused by a missing bounds check. Per multiple connected documents, this can lead to local information disclosure without requiring user interaction. The issue is associated with Android/Google Pixel components (inc...
CVE-2024-11624
CVE-2024-11624 affects Google Android (notably Pixel) and is categorized as an Elevation of Privilege (VPN) vulnerability. The issue arises from an undeclared permission that allows adding apps to bypass VPN, enabling local privilege elevation with no extra execution privileges and no user intera...
CVE-2024-29738
CVE-2024-29738 affects the gov_init component and is described across Red Hat, NVD, CVE listings, and OSV as a possible out-of-bounds read caused by a missing bounds check. The exploitation vector is local (attack vector: LOCAL) with no user interaction required, and the impact is local informati...
CVE-2024-29750
CVE-2024-29750 : The issue is a possible out-of-bounds read in the km_exp_did_inner function of kmv.c due to a missing bounds check. This can lead to local information disclosure without extra execution privileges and without user interaction. Public details on affected versions or a fix are not ...
CVE-2024-29755
CVE-2024-29755 affects the tmu_get_pi function in tmu.c, causing an out-of-bounds read due to improper input validation. This can lead to local information disclosure without extra privileges or user interaction. The issue is addressed by Pixel updates; patch level 2024-04-05 or later is indicate...
CVE-2024-32903
CVE-2024-32903 affects the lwis transaction component, specifically the function prepare_response_locked. The provided documents indicate a possible out-of-bounds write caused by improper input validation, which could lead to local privilege escalation without requiring additional privileges or u...
CVE-2024-47035
The CVE affects virtio’s vring_init in external/headers/include/virtio/virtio_ring.h, where a logic error can cause an out-of-bounds write. This may enable local privilege escalation with no extra privileges or user interaction; exploitation details are not provided in the supplied documents. Rem...
CVE-2024-53836
CVE-2024-53836 is an out-of-bounds write vulnerability in the Android wb_regon_coordinator.c file, specifically in the function wbrc_bt_dev_write. The issue arises from a lack of bounds checking, allowing a potential buffer overflow that could enable local escalation of privilege with System exec...
CVE-2024-53839
CVE-2024-53839 arises from an out-of-bounds read in the Android kernel/user-space component, specifically in the GetCellInfoList() implementation of protocolnetadapter.cpp . The missing bounds check can enable a local attacker to cause information disclosure, with exploitation claimed to require ...
CVE-2024-53841
CVE-2024-53841 describes a potential permission bypass due to a confused deputy in Android’s startListeningForDeviceStateChanges, enabling local elevation of privilege with no user interaction required. The issue is categorized in the Pixel bulletin as an Elevation of Privilege (EoP) affecting th...
CVE-2015-3106
Adobe Flash Player contains a use-after-free vulnerability (CVE-2015-3106) that allows arbitrary code execution via unspecified vectors. Affected products include Flash Player before 13.0.0.292 and 14.x up to 18.x before 18.0.0.160 on Windows/macOS, and before 11.2.202.466 on Linux; Adobe AIR bef...
CVE-2015-3876
CVE-2015-3876 is a vulnerability in Android's Stagefright libstagefright that could allow remote code execution by processing crafted MP3/MP4 media files. The Android bulletin documents this as part of a set of remote‑code‑execution issues in libstagefright, with affected versions including Andro...