Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/06/13 9:2 p.m.85 views

CVE-2024-32926

Technical details (affected products/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.

5.5CVSS5.8AI score0.00076EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.85 views

CVE-2024-47032

The vulnerability CVE-2024-47032 affects the lwis_ioctl.c component, specifically the function construct_transaction_from_cmd. The issue is a heap-based out-of-bounds write that can lead to local elevation of privilege without user interaction. Exploitation details (vectors, affected products/ver...

7.8CVSS7.5AI score0.00082EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.85 views

CVE-2025-0081

CVE-2025-0081 concerns Android where the vulnerability is in dng_lossless_decoder::HuffDecode within dng_lossless_jpeg.cpp. The issue stems from uninitialized data in Huffman decoding, which can crash the process and cause remote denial of service without extra privileges and without user interac...

7.5CVSS6.7AI score0.00352EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.84 views

CVE-2014-9870

The CVE-2014-9870 entry concerns the Linux kernel prior to 3.11 on ARM, including Android devices (Nexus 5/7) before 2016-08-05. It exposes a privilege-escalation path via improper handling of user-space access to the TPIDRURW register, enabling local attackers to gain privileges with a crafted a...

9.3CVSS7.5AI score0.01017EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.84 views

CVE-2015-3832

CVE-2015-3832: Affects Android devices with vulnerable libstagefright code (MPEG4Extractor.cpp) prior to 5.1.1 LMY48I. Multiple buffer overflows allow remote attackers to execute arbitrary code via invalid NAL unit size values in MP4 data; the vulnerability is tied to the MP4/Stagefright processi...

10CVSS8AI score0.02883EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.84 views

CVE-2015-6682

CVE-2015-6682 is a use-after-free in Adobe Flash Player (and related AIR components) that enables remote code execution via specially crafted SWF handling. Affected products include Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and macOS, and before 11.2.202.521 on Linux; A...

10CVSS7.5AI score0.0484EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.84 views

CVE-2017-0750

CVE-2017-0750 is an elevation-of-privilege vulnerability reported for the Android kernel, tied to the upstream Linux file system. Multiple connected advisories describe an issue in the kernel’s Flash-Friendly File System (f2fs) and related kernel components that could allow a local attacker to ga...

7.8CVSS8.2AI score0.00964EPSS
CVE
CVE
added 2024/12/04 11:40 p.m.84 views

CVE-2018-9463

The vulnerability CVE-2018-9463 affects the touchscreen path in the Android kernel: In sw49408_irq_runtime_engine_debug (touch_sw49408.c), there is an out-of-bounds write caused by an incorrect bounds check. This can enable local privilege escalation with System execution privileges required and ...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.84 views

CVE-2018-9497

CVE-2018-9497 affects Android’s media framework. Affected component: the IMPEG-2 decoder, specifically in impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 within impeg2_format_conv.s, where a missing bounds check can cause an out-of-bounds write. This could lead to remote code execution with no additio...

9.3CVSS7.9AI score0.01568EPSS
CVE
CVE
added 2019/06/19 7:59 p.m.84 views

CVE-2019-2014

CVE-2019-2014 is a local elevation-of-privilege vulnerability in Android’s rw_t3t_handle_get_sc_poll_rsp path (rw_t3t.cc), caused by a missing bounds check that can enable an out-of-bounds write. Affected products include Android 7.0–9, with exploitation requiring user interaction. The issue is c...

9.3CVSS8.3AI score0.00811EPSS
CVE
CVE
added 2020/11/08 4:3 a.m.84 views

CVE-2020-28343

CVE-2020-28343 concerns Samsung Exynos NPU kernel driver vulnerabilities disclosed by Project Zero. The issue centers on unsanitized input in the NPU session parsing for /dev/vertex10, leading to two concrete primitives: (1) a heap overflow via a race on shared ION buffer memory_vector_cnt, allow...

7.8CVSS7.9AI score0.0024EPSS
CVE
CVE
added 2021/09/21 12:11 p.m.84 views

CVE-2021-0869

CVE-2021-0869 affects Android kernel components, specifically DumpstateDevice.cpp GetTimeStampAndPkt. The issue is an out-of-bounds write caused by an incorrect bounds check, which the Pixel 2021-09-01 bulletin categorizes as a Remote Code Execution (RCE) vulnerability with High risk. Exploitatio...

9.8CVSS9.1AI score0.00815EPSS
CVE
CVE
added 2021/02/04 5:15 a.m.84 views

CVE-2021-26689

Technical details are not publicly available in the provided documents. Monitor for updates.

9.8CVSS9.2AI score0.00549EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.84 views

CVE-2022-20039

CVE-2022-20039 affects MediaTek’s ccu driver. The issue is memory corruption caused by an integer overflow in the ccu component, enabling local escalation of privilege with System execution privileges required. User interaction is not needed. Patch ID ALPS06183345 (Issue ALPS06183345) provides mi...

6.7CVSS6.8AI score0.00119EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.84 views

CVE-2022-20052

The CVE-2022-20052 entry concerns the mdp component, where a use-after-free leads to memory corruption. This could enable local escalation of privilege with System execution privileges required, and exploitation reportedly needs user interaction. A patch/workaround is listed as ALPS05836642 (Issu...

6.9CVSS6.8AI score0.00132EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.84 views

CVE-2022-20076

CVE-2022-20076 affects the ged component, with root cause described as memory corruption due to incorrect error handling. The impact is local information disclosure and potential system-level execution privileges, with exploitation not requiring user interaction. A patch is identified (ALPS058388...

4.4CVSS4.5AI score0.00111EPSS
CVE
CVE
added 2022/05/03 7:57 p.m.84 views

CVE-2022-20087

The CVE-2022-20087 issue concerns MediaTek ccu (camera control processor) where a missing bounds check allows an out-of-bounds write, enabling local privilege escalation with System execution privileges required. No user interaction is needed for exploitation. Documented impact is confined to loc...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/05/03 8:0 p.m.84 views

CVE-2022-20097

CVE-2022-20097 affects the aee daemon and describes a race-condition causing local information disclosure with no extra privileges required. Exploitation requires no user interaction. The vulnerability is associated with a patch ALPS06383944 (Issue ALPS06383944). Connected sources confirm the iss...

4.7CVSS4.3AI score0.00077EPSS
CVE
CVE
added 2022/05/03 8:1 p.m.84 views

CVE-2022-20100

CVE-2022-20100 affects the aee daemon and stems from a missing permission check, enabling local information disclosure with potential System privileges. Exploitation does not require user interaction. Multiple sources (NVD, Red Hat, CVE lists) describe the issue and reference patch ALPS06383944 /...

4.4CVSS4.3AI score0.00105EPSS
CVE
CVE
added 2022/05/03 8:3 p.m.84 views

CVE-2022-20104

CVE-2022-20104 affects the aee daemon with an information-disclosure vulnerability caused by improper access control. The issue allows local disclosure without extra execution privileges and does not require user interaction. Patch ALPS06419017 (Issue ALPS06284104) is noted; no other remediation ...

5.5CVSS5.1AI score0.00105EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20507

The CVE-2022-20507 issue affects Android 13 in the UWB stack, specifically UwbEventManager.java’s onMulticastListUpdateNotificationReceived. The root cause is a missing bounds check that can enable arbitrary code execution, enabling local privilege escalation with no user interaction required. CV...

7.8CVSS7.9AI score0.00174EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20540

CVE-2022-20540 is a local-use-after-free vulnerability in Android’s SurfaceFlinger::doDump. Exploitation could permit arbitrary code execution and local escalation of privilege without user interaction. Affected: Android 13, via SurfaceFlinger component. The issue is documented across multiple fe...

7.8CVSS7.9AI score0.00174EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2022-20542

The CVE-2022-20542 issue affects Android 13 where the function parseParamsBlob in types.cpp may perform an out-of-bounds write due to a missing bounds check. This can enable local elevation of privilege with no user interaction required (CVSS 7.8, HIGH). The vulnerability is documented in multipl...

7.8CVSS7.7AI score0.00133EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20548

CVE-2022-20548 affects Android-13 where EqualizerEffect.cpp:setParameter can trigger an out-of-bounds write due to improper input validation. This is described as a local elevation of privilege with no extra execution privileges required and no user interaction needed. Public documentation refere...

7.8CVSS7.7AI score0.00125EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20593

CVE-2022-20593 affects the Android kernel, involving an out-of-bounds read in the function pop_descriptor_string of BufferDescriptor.h due to a missing bounds check. This condition could allow local information disclosure and requires only local privileges (no user interaction needed). The vulner...

4.4CVSS4.3AI score0.0017EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20604

CVE-2022-20604 affects the Android kernel function SAECOMM_SetDcnIdForPlmn in SAECOMM_DbManagement.c. A missing bounds check causes an out-of-bounds read, enabling possible information disclosure on a single device. The CVSSv3.1 vector indicates a local, low-privilege impact with no user interact...

5.5CVSS5.3AI score0.00265EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-20606

The CVE-2022-20606 entry concerns SAEMM_MiningCodecTableWithMsgIE in SAEMM_RadioMessageCodec.c, where a missing bounds check can cause an out-of-bounds read. This could enable remote information disclosure with system privileges required. User interaction is not required. Connected sources confir...

4.9CVSS4.9AI score0.00795EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.84 views

CVE-2022-22263

The CVE-2022-22263 issue affects Samsung SecSettings: an unprotected dynamic receiver in SecSettings allows untrusted apps to launch arbitrary activities due to a privilege misconfiguration. This is tied to the Samsung SMR Jan-2022 Release 1 update and has been referenced in multiple sources (inc...

5.5CVSS5.5AI score0.00093EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.84 views

CVE-2022-27572

The cited CVE-2022-27572 is a heap-based buffer overflow in the parser_ipma function of the libsimba library. It enables remote code execution and is tied to the Samsung SMR patch cycle (prior to SMR Apr-2022 Release 1). The vulnerability has multiple corroborating records (NVD, Red Hat CVE page,...

10CVSS9.8AI score0.01306EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.84 views

CVE-2022-27832

The CVE-2022-27832 entry concerns the media.extractor library, where an improper boundary check can be exploited to cause a denial of service via a crafted media file. Affected component: media.extractor library; root cause: boundary check flaw; impact: denial of service (local attacker, low expl...

4CVSS4AI score0.00099EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-42511

CVE-2022-42511 affects EmbmsSessionData::encode in embmsdata.cpp. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required. User interaction is not needed. The available documents consistently describe ...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-42514

CVE-2022-42514 affects Android kernel code: ProtocolImsBuilder::BuildSetConfig in protocolimsbuilder.cpp is vulnerable to an out-of-bounds read due to a missing bounds check. This could allow local information disclosure with System-level privileges required. The vulnerability is documented acros...

4.4CVSS4.3AI score0.00117EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-42521

CVE-2022-42521 affects the Android kernel component wlandata.cpp where the encode path can trigger an out-of-bounds write due to improper input validation. The exploitation requires local access (LOCAL) with high privileges (PR:H) and no user interaction. Impact is defined as full compromise of c...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.84 views

CVE-2022-42523

CVE-2022-42523 affects Android’s ril_service_1_6.cpp in the kernel’s RIL stack, with an out-of-bounds write caused by an incorrect bounds check in fillSetupDataCallInfo_V1_6. The vulnerability enables local escalation of privilege with System execution privileges required; exploitation reportedly...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2022/11/17 12:0 a.m.84 views

CVE-2022-42533

CVE-2022-42533 affects Android kernel via an out-of-bounds write in SharedMetadata.cpp during shared_metadata_init, caused by an integer overflow. Impact is local privilege escalation with no user interaction required. Documented across multiple feeds (NVD, Red Hat, OSV) and listed in Pixel bulle...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-20974

CVE-2023-20974 affects Android 13. The issue is in the function btm_ble_add_resolving_list_entry_complete in btm_ble_privacy.cc , where a missing bounds check can cause an out-of-bounds read. This may lead to local information disclosure and could enable system-level execution privileges, with no...

5.5CVSS5AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-20987

CVE-2023-20987: A vulnerability in btm_read_link_quality_complete within btm_acl.cc of Android 13 can cause an out-of-bounds read, leading to local information disclosure over Bluetooth when the attacker has System privileges. The issue requires no user interaction and has an adjacent attack vect...

4.5CVSS4.2AI score0.00139EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-21053

CVE-2023-21053 concerns the Android kernel component related to cellular SMS handling. In the function sms_ExtractCbLanguage within sms_CellBroadcast.c, there is an out-of-bounds read caused by a missing bounds check. This leads to a potential information disclosure without requiring execution pr...

7.5CVSS7AI score0.00436EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-21070

The CVE-2023-21070 issue affects the Android kernel, specifically the bcm4389 driver path in the wl_roam.c file’s add_roam_cache_list function. It describes a potential out-of-bounds write caused by a missing bounds check, which could enable local escalation of privilege with System-level executi...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-21071

The CVE-2023-21071 entry affects the Android kernel, specifically the dhd_prot_ioctcmplt_process function in dhd_msgbuf.c. The issue is an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with System execution privileges required. User interaction is...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-21072

CVE-2023-21072 : The vulnerability affects the Android kernel in the function dhd_rtt.c::rtt_unpack_xtlv_cbfn, where a buffer overflow can cause an out-of-bounds write. This could enable local escalation of privilege to System level. Documents consistently describe the issue as a local exploit pa...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.84 views

CVE-2023-21077

CVE-2023-21077 affects the Android kernel in the rtt_unpack_xtlv_cbfn function within dhd_rtt.c, where a buffer overflow can cause an out-of-bounds write. This vulnerability could enable local escalation of privileges with SYSTEM-level execution privileges, and exploitation is possible without us...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.84 views

CVE-2023-21155

The CVE-2023-21155 issue concerns the Android kernel component BuildSetRadioNode in protocolmiscbuilder.cpp, where a missing null check enables an out-of-bounds read that could cause local information disclosure with no extra privileges or user interaction. Several connected sources confirm the r...

5.5CVSS5.1AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.84 views

CVE-2023-21157

CVE-2023-21157 involves a heap buffer overflow in the Android kernel component wlandata.cpp, causing an out-of-bounds write that can lead to local privilege escalation with system-level privileges. The issue is triggered without user interaction. Affected software is Android kernel (wlandata.cpp)...

6.7CVSS6.8AI score0.001EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.84 views

CVE-2023-21213

CVE-2023-21213 affects Android-13 (sta_iface.cpp, initiateTdlsTeardownInternal): a missing bounds check leads to an out-of-bounds read in the wifi server, enabling local information disclosure with System privileges and no user interaction required. Multiple connected sources reiter the same root...

4.4CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.84 views

CVE-2023-21389

CVE-2023-21389 concerns a bypass of profile owner restrictions in Android Settings due to a missing permission check, enabling local elevation of privilege without extra execution privileges and without user interaction. Multiple connected sources describe this as an Android elevation-of-privileg...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2023/12/08 3:39 p.m.84 views

CVE-2023-48397

CVE-2023-48397: Out-of-bounds read in Init of protocolcalladapter.cpp allows information disclosure with potential for System-level impact. The issue requires no user interaction. Documented in multiple sources (NVD entry and Android Pixel bulletin) with Pixel subcomponent exynos-ril and a CVSS v...

4.9CVSS4.9AI score0.00431EPSS
CVE
CVE
added 2024/07/01 3:18 a.m.84 views

CVE-2024-20081

CVE-2024-20081 affects the gnss service. The issue is an out-of-bounds write caused by improper input validation, leading to local escalation of privilege with system execution privileges required. Exploitation is reported to require no user interaction. A fix is available as patch ID ALPS0871960...

9.8CVSS7.2AI score0.00217EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.84 views

CVE-2024-29751

CVE-2024-29751 describes a possible out-of-bounds read in the function asn1_ec_pkey_parse_p384 (asn1_common.c) caused by a missing null check, enabling local information disclosure with no extra privileges or user interaction. Multiple sources tie this to OpenSSL (PT-2024-22991) and list it under...

5.5CVSS6.1AI score0.00088EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.84 views

CVE-2024-29784

CVE-2024-29784 affects lwis_periodic_io.c (LWIS). The vulnerability is an out-of-bounds write caused by an integer overflow in prepare_response, enabling local escalation of privilege without additional privileges or user interaction. Multiple connected sources (RH CVE, NVD/NVD entries, Android P...

7.8CVSS6.9AI score0.00081EPSS
Total number of security vulnerabilities8153