Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/03/10 8:3 p.m.86 views

CVE-2020-0052

CVE-2020-0052 affects Android 10 where In smsSelected of AnswerFragment.java an elevation-of-privilege vulnerability exists due to a permissions bypass that allows sending an SMS from the lock screen. The issue enables local privilege escalation with no extra execution privileges required; exploi...

4.3CVSS5.6AI score0.00158EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.85 views

CVE-2017-0428

CVE-2017-0428 describes an elevation-of-privilege in the NVIDIA GPU driver that could allow a local malicious application to execute arbitrary code in kernel context on Android devices with Kernel-3.10. The Android entry notes an Android ID (A-32401526) and flags the issue as critical due to pote...

9.3CVSS7.2AI score0.00908EPSS
CVE
CVE
added 2018/11/30 6:0 p.m.85 views

CVE-2018-15835

CVE-2018-15835 concerns Android OS battery information broadcasts. The connected materials indicate the issue arises from insecure permissions around system broadcast data, allowing apps to access high‑precision battery information without special permissions. Android versions 1.0 through 9.0 are...

7.5CVSS7.4AI score0.02032EPSS
CVE
CVE
added 2020/09/17 6:44 p.m.85 views

CVE-2020-0430

CVE-2020-0430 affects the Linux kernel skb_headlen in /include/linux/skbuff.h, causing a possible out-of-bounds read due to memory corruption and enabling local privilege escalation without user interaction. Affected product context in provided docs is Android kernel/Unity Linux kernel. Exploitat...

7.8CVSS7.6AI score0.00184EPSS
CVE
CVE
added 2021/06/22 11:11 a.m.85 views

CVE-2021-0547

CVE-2021-0547 concerns a local elevation-of-privilege vulnerability in Android 11. In NetInitiatedActivity.java onReceive, an attacker-controlled value can be supplied to a GPS HAL handler due to a missing permission check, enabling local privilege escalation with undefined behavior in some HAL i...

7.8CVSS7.6AI score0.00108EPSS
CVE
CVE
added 2021/10/11 3:51 p.m.85 views

CVE-2021-0583

CVE-2021-0583 affects Android (9/10) and relates to the BluetoothPairingDialog onCreate, enabling a tapjacking/overlay scenario that could lead to local elevation of privilege. According to Red Hat and NVD entries, exploitation requires user interaction (UI: Required) and local access, with a hig...

7.3CVSS7.2AI score0.00111EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.85 views

CVE-2021-0936

CVE-2021-0936 affects the Android kernel (acc_read in f_accessory.c) where a use-after-free can cause memory corruption leading to local privilege escalation without user interaction. The issue is described across multiple sources (NVD/NASL/CNVD etc.) as a memory corruption vulnerability in the A...

7.8CVSS7.7AI score0.00141EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.85 views

CVE-2021-39682

CVE-2021-39682 affects the Android kernel component memory_group_manager.c (function mgm_alloc_page). A bounds check is incorrect, enabling a potential out-of-bounds write that could lead to local privilege escalation without extra execution privileges or user interaction. Exploitation details ar...

7.8CVSS7.7AI score0.00122EPSS
CVE
CVE
added 2022/05/10 8:2 p.m.85 views

CVE-2021-39738

CVE-2021-39738 concerns Google Android CarSetings: a missing permission check allows pairing a Bluetooth device without user consent, enabling local elevation of privilege without extra execution privileges. Affected: CarSetings on Android 10, 11, 12, and 12L. Exploitation is described as local w...

7.8CVSS7.6AI score0.0012EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.85 views

CVE-2021-39754

Technical details about CVE-2021-39754 are not publicly disclosed in the provided connected documents. Monitor for updates.

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.85 views

CVE-2021-39755

CVE-2021-39755 is a framework issue in Android 12L related to DevicePolicyManager that allows local information disclosure: an attacker could reveal the existence of an installed package without proper query permissions, with no user interaction. The Android 12L security release notes attribute t...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.85 views

CVE-2021-39761

CVE-2021-39761 affects Android 12L Media Framework. The issue enables local information disclosure by determining whether an app is installed via a side-channel, without query permissions, with no user interaction required. Impacted component: Media Framework on Android-12L; CVSS data indicates a...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.85 views

CVE-2021-39763

CVE-2021-39763 affects Android 12L; a vulnerability in Settings due to improper input validation could allow a local attacker to escalate privileges by causing the device to enable Wi‑Fi without user interaction. Exploitation details are not provided beyond the description in the CVE entry. The A...

7.8CVSS7.8AI score0.00107EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.85 views

CVE-2021-39810

CVE-2021-39810 affects Android’s NFC/payment stack (CardEmulationManager.verifyDefaults). The root cause is a missing permission check that can allow a third-party app to be set as the default contactless payment app without user consent. This could enable local elevation of privilege, with explo...

7.8CVSS7.4AI score0.00112EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.85 views

CVE-2022-20064

CVE-2022-20064 affects MediaTek’s ccci subsystem, where an incorrect bounds check can leak a kernel pointer. This enables local information disclosure with System execution privileges required, and exploitation does not require user interaction. Technical details across multiple sources confirm t...

7.2CVSS5.8AI score0.0012EPSS
CVE
CVE
added 2022/05/03 7:57 p.m.85 views

CVE-2022-20085

CVE-2022-20085 affects MediaTek netdiag components. The issue is improper link resolution leading to symbolic link following, enabling local privilege escalation with System privileges required; no user interaction is needed. Patch ID ALPS06308877 (Issue ALPS06308877) is noted as remediation. Pub...

6.7CVSS6.6AI score0.0012EPSS
CVE
CVE
added 2022/05/03 7:59 p.m.85 views

CVE-2022-20095

The CVE-2022-20095 issue affects MediaTek’s imgsensor, where a missing bounds check allows an out-of-bounds write in the sensor driver. The vulnerability can lead to local privilege escalation with system execution rights and does not require user interaction. A patch is identified (ALPS06479763)...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/05/03 7:59 p.m.85 views

CVE-2022-20096

The CVE-2022-20096 entry concerns MediaTek devices’ camera component (affecting multiple chips such as MT6765/6768/6769/8183/8185/8385/8666/8667/8768/8786/8788/8789).根 The root cause is uninitialized data in the camera path, enabling local information disclosure. Reported impact: potential local ...

4.4CVSS4.3AI score0.00109EPSS
CVE
CVE
added 2022/06/15 1:23 p.m.85 views

CVE-2022-20198

CVE-2022-20198 affects Android 12L, with a flaw in the NFC stack: in llcp_dlc_proc_connect_pdu (llcp_dlc.cc) there is an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure and requires system privileges; no user interaction is needed. Connected sources...

4.4CVSS4.2AI score0.00111EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20503

CVE-2022-20503 targets the WifiDppConfiguratorActivity.java on Android 13. In onCreate, a missing permission check allows a guest user to add a WiFi configuration, enabling local elevation of privilege with no additional execution privileges and without user interaction. The CVSSv3.1 metrics show...

7.8CVSS7.6AI score0.0016EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20506

The CVE-2022-20506 entry applies to Android 13, where in WifiDialogActivity.java the onCreate path lacks a required permission check. This permits local privilege escalation from a guest user with no additional execution privileges, and exploitation requires no user interaction. Public details co...

7.8CVSS7.6AI score0.0016EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20544

CVE-2022-20544 affects Android 13; a missing permission check in onOptionsItemSelected of ManageApplications.java could bypass profile owner restrictions, enabling local elevation of privilege without additional execution privileges or user interaction. The issue is documented across multiple sou...

4.4CVSS5AI score0.0011EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20557

CVE-2022-20557 affects Android 13 Pixel devices. The issue is in MessageQueueBase.h (MessageQueueBase) where a missing bounds check allows an out-of-bounds read, potentially enabling local escalation of privilege with SYSTEM privileges and no user interaction. Public references note a Pixel updat...

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20558

CVE-2022-20558 affects Android 13. The vulnerability resides in DeviceCapabilityListener.java (registerReceivers) and can bypass permissions to change the preferred TTY mode, enabling local privilege escalation with no extra execution privileges and no user interaction. The issue is documented in...

3.3CVSS4.4AI score0.00109EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20564

CVE-2022-20564 affects the Android kernel’s ufdt code path. The issue is an out-of-bounds write in _ufdt_output_strtab_to_fdt (ufdt_convert.c) caused by an incorrect bounds check, enabling possible local escalation of privilege with SYSTEM privileges required. User interaction is not needed for e...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20596

CVE-2022-20596 : The vulnerability is in the Android kernel’s WirelessCharger.cpp, in the sendChunk function, where a missing bounds check leads to an out-of-bounds write. This can cause local privilege escalation with System execution privileges required. Exploitation does not require user inter...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20599

CVE-2022-20599 affects Google Pixel firmware/kernel components. The vulnerability is described as an exposure of sensitive memory due to a missing bounds check in Pixel firmware, which can lead to local elevation of privilege with System execution privileges required. The impact is indicated as h...

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-20600

CVE-2022-20600 affects the Android kernel LWIS component. The issue is described as a memory corruption out-of-bounds write that could enable local privilege escalation to SYSTEM with no user interaction required. The available documents consistently note this as a local attack surface on Android...

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.85 views

CVE-2022-23999

CVE-2022-23999 describes a PendingIntent hijacking vulnerability in Android’s CpaReceiver prior to Samsung SMR Feb-2022 Release 1, enabling local attackers to access media files via KnoxPrivacyNoticeReceiver through an implicit Intent. Affected component is the CpaReceiver/KnoxPrivacyNoticeReceiv...

3.9CVSS3.9AI score0.00116EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.85 views

CVE-2022-24001

CVE-2022-24001 describes an information-disclosure flaw in the Android Edge Panel feature, prior to Android S(12). The vulnerability allows a physical attacker to access screenshots stored in the clipboard via Edge Panel. Documents consistently refer to the Edge Panel since the CVE description; n...

4.6CVSS4.3AI score0.00098EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.85 views

CVE-2022-24925

CVE-2022-24925 concerns an improper input validation vulnerability in Android’s SettingsProvider prior to Android S (12). The issue can be triggered by privileged attackers to cause a permanent denial of service on a victim’s device. The available connected sources consistently identify the affec...

6.8CVSS6.1AI score0.00251EPSS
CVE
CVE
added 2022/05/03 7:41 p.m.85 views

CVE-2022-28786

The CVE-2022-28786 entry concerns the aviextractor library where an improper buffer size check allows an out-of-bounds read, potentially causing a temporary denial of service. The vulnerability is stated as fixed by a patch that adds buffer size checking logic, with remediation delivered through ...

5.5CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.85 views

CVE-2022-42532

CVE-2022-42532 affects Google/Pixel firmware and the Android kernel: an out-of-bounds read due to a missing bounds check could allow local information disclosure with system execution privileges, requiring no user interaction. The issue is documented across multiple sources (Pixel firmware discus...

4.4CVSS4.3AI score0.00119EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.85 views

CVE-2023-21015

CVE-2023-21015 affects Android 13, involving the GetAvailabilityStatus path of several Transcode Permission Controllers. The root cause is a missing permission check that could permit a local escalation of privilege with no extra execution privileges or user interaction required. The vulnerabilit...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.85 views

CVE-2023-21017

CVE-2023-21017 affects Android 13 Pixel builds; the issue is in InstallStart.java where improper input validation can allow changing the installer package name. This vulnerability enables local privilege escalation with user-execution privileges and requires no user interaction. The CVSSv3.1 base...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.85 views

CVE-2023-21031

CVE-2023-21031 describes a vulnerability in the Android graphics stack: in the function setPowerMode of HWC2.cpp there is a possible out-of-bounds read caused by a race condition. The issue could enable local information disclosure without requiring privileges or user interaction. Affected: Andro...

4.7CVSS4.3AI score0.00081EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.85 views

CVE-2023-21034

CVE-2023-21034 affects Android 13 devices, with the vulnerability located in multiple SensorService.cpp functions where a permissions bypass may allow access to accurate sensor data, causing local privilege escalation. The issue is described as needing low privileges and no user interaction, with...

7.8CVSS7.7AI score0.00107EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21156

CVE-2023-21156 describes an out-of-bounds read in Android’s modem stack, specifically in BuildGetRadioNode within protocolmiscbulider.cpp, caused by improper input validation. The issue could allow local information disclosure from the modem and requires System execution privileges; exploitation ...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21180

This CVE (CVE-2023-21180) affects Android 13. The issue is a heap buffer overflow in xmlParseTryOrFinish within parser.c, causing an out-of-bounds read. This can lead to remote information disclosure without exploit privileges and without user interaction. The publicly described mitigation refere...

7.5CVSS7.2AI score0.00455EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21182

CVE-2023-21182 affects Android 13 exploiting an out-of-bounds read in Exynos_parsing_user_data_registered_itu_t_t35 within VendorVideoAPI.cpp due to a missing bounds check. This could enable local information disclosure with System privileges; no user interaction required. Public docs here confir...

4.4CVSS4.2AI score0.00098EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21201

CVE-2023-21201 involves the Android Bluetooth SDP server: in on_create_record_event of btif_sdp_server.cc there is an out-of-bounds read due to a missing null check. This can lead to a remote denial of service without extra privileges and without user interaction. The issue is tied to Android-13 ...

7.5CVSS7.3AI score0.00472EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21212

CVE-2023-21212 affects Android 13, specifically the wifi server component. The root cause is a missing bounds check leading to an out-of-bounds read, enabling local information disclosure. Exploitation status is not described in the provided documents, and there is no explicit remediation detail ...

4.4CVSS4.3AI score0.00116EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.85 views

CVE-2023-21219

CVE-2023-21219 affects the Android kernel (Pixel/Android devices) where an insecure default enables unencrypted transport over cellular networks, potentially allowing remote information disclosure without extra privileges. Exploitation is described as network-based with no user interaction, and t...

7.5CVSS7.1AI score0.0032EPSS
CVE
CVE
added 2023/10/11 7:24 p.m.85 views

CVE-2023-35660

Summary: CVE-2023-35660 describes a use-after-free in lwis_transaction_client_cleanup (lwis_transaction.c) that can corrupt memory and enable local privilege escalation with SYSTEM privileges; exploitation does not require user interaction. The vulnerability is reported across multiple feeds (NVD...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2023/12/08 3:40 p.m.85 views

CVE-2023-48404

CVE-2023-48404 affects Google Pixel Exynos RIL components, caused by a missing bounds check in ProtocolMiscCarrierConfigSimInfoIndAdapter (protocolmiscadapter.cpp). This leads to an out-of-bounds read and potential information disclosure without extra privileges or user interaction. Public refere...

7.5CVSS7.1AI score0.00409EPSS
CVE
CVE
added 2023/12/08 3:45 p.m.85 views

CVE-2023-48422

CVE-2023-48422 affects Google Pixel/Android components via a missing bounds check in Init of protocolnetadapter.cpp, causing an out-of-bounds read and potential local information disclosure without user interaction. The exploit requires local access and there is no public exploitation detail in t...

5.5CVSS5.1AI score0.001EPSS
CVE
CVE
added 2024/04/01 2:34 a.m.85 views

CVE-2024-20042

CVE-2024-20042 affects MediaTek devices (da module) with an out-of-bounds write caused by a missing bounds check. This can lead to local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. Affected details in the connected docs in...

6.6CVSS7AI score0.00273EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.85 views

CVE-2024-20059

CVE-2024-20059 involves a local privilege escalation in the MediaTek stack due to an incorrect status check in the da module. The flaw can allow a non-privileged or high-privileged user to gain SYSTEM execution privileges without user interaction. Exploitation details are not provided in the conn...

6.7CVSS6.9AI score0.00091EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.85 views

CVE-2024-29756

CVE-2024-29756 describes an out-of-bounds write in the afe_callback function of q6afe.c due to a buffer overflow, enabling local escalation of privilege with no user interaction required. The connected sources consistently reiterate this condition; however, no concrete remediation version is spec...

9.8CVSS7.3AI score0.00305EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.85 views

CVE-2024-32911

CVE-2024-32911 affects Google Pixel devices, specifically the Modem component. The issue stems from improper use of crypto, enabling remote elevation of privilege with no user interaction. The Pixel Update Bulletin lists this CVE under the Pixel firmware/Modem category and indicates that patch le...

9.8CVSS7.1AI score0.00192EPSS
Total number of security vulnerabilities8153