Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/06/13 9:1 p.m.84 views

CVE-2024-32893

The CVE-2024-32893 issue affects the Exynos DVFS code path (exynos_dvfs.c) specifically in _s5e9865_mif_set_rate. The flaw is an out-of-bounds read caused by improper casting, leading to local information disclosure without requiring user interaction. Multiple connected sources (including RH/Red ...

8.1CVSS5.9AI score0.00178EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.84 views

CVE-2024-53837

CVE-2024-53837 describes a vulnerability in the Android LWIS component (lwis_periodic_io.c) where an integer overflow can trigger an out-of-bounds write during prepare_response. This leads to local elevation of privilege with no user interaction. The issue is documented across multiple feeds (NVD...

7.8CVSS7.2AI score0.0008EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.84 views

CVE-2025-22412

CVE-2025-22412 is a use-after-free in multiple functions of sdp_server.cc that enables remote code execution with no privileges and no user interaction. Public sources (NVD/NIST entry) describe the flaw as a logic error freeing memory, leading to remote code execution on affected Android platform...

8.8CVSS7.3AI score0.00162EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.84 views

CVE-2026-0097

Technical details about CVE-2026-0097 are not publicly available in the provided documents. Monitor for updates from sources such as the Android bulletin and NVD.

8CVSS5.9AI score0.00121EPSS
CVE
CVE
added 2012/11/30 11:0 a.m.83 views

CVE-2012-4221

CVE-2012-4221 involves an integer overflow in the Qualcomm Innovation Center (QuIC) Diagnostics (DIAG) kernel-mode driver for Android 2.3–4.2, specifically in diagchar_core.c. An attacker could exploit crafted arguments via a local diagchar_ioctl call to achieve arbitrary code execution or cause ...

6.8CVSS7.7AI score0.02063EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.83 views

CVE-2014-9892

The CVE-2014-9892 issue affects the Linux kernel (up to 4.7) in the snd_compr_tstamp path used by Android on Nexus 5/7 devices. Root cause: snd_compr_tstamp does not initialize a timestamp data structure, enabling a crafted app to obtain sensitive information. Impact: information disclosure possi...

5.5CVSS5.3AI score0.00499EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.83 views

CVE-2015-5567

CVE-2015-5567 describes a stack memory corruption vulnerability in Adobe Flash Player and Adobe AIR that could allow remote code execution or a denial of service. Affected software and versions (as stated): Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/OS X; Flash on Linux ...

10CVSS7.7AI score0.03795EPSS
CVE
CVE
added 2015/10/02 1:0 a.m.83 views

CVE-2015-6602

CVE-2015-6602 concerns libutils in Android up to version 5.1.1 LMY48M. A crafted metadata payload in MP3/MP4 files can trigger memory corruption and remote code execution via the mediaserver pathway (through libstagefright). The issue is categorized as a Remote Code Execution vulnerability and is...

9.3CVSS7.7AI score0.0316EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.83 views

CVE-2015-6676

CVE-2015-6676 is a buffer overflow vulnerability in Adobe Flash Player and related AIR components. Affected: Flash Player on Windows/macOS prior to 18.0.0.241 and 19.x prior to 19.0.0.185, Linux prior to 11.2.202.521; AIR before 19.0.0.190 and AIR SDK/Compiler before 19.0.0.190. Description notes...

10CVSS7.7AI score0.05863EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.83 views

CVE-2017-0412

CVE-2017-0412 is an elevation-of-privilege vulnerability in Android Framework APIs that could let a local malicious app execute code with a privileged process. Affected: Android 7.0 and 7.1.1. Root cause involves Framework APIs enabling privilege escalation; Android patch levels 2017-02-01 / 2017...

9.3CVSS7.2AI score0.02535EPSS
CVE
CVE
added 2019/06/19 7:59 p.m.83 views

CVE-2019-2013

CVE-2019-2013 affects Android rw_t3t_act_handle_sro_rsp in rw_t3t.cc, causing a possible out-of-bounds write due to a missing bounds check. This could enable local elevation of privilege with no additional execution privileges needed, and requires user interaction to exploit. Affected Android ver...

9.3CVSS8.3AI score0.00796EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.83 views

CVE-2020-0048

CVE-2020-0048 affects Android 10 Media Framework (IAudioFlinger.cpp). The root cause is an information leak due to uninitialized data in onTransact, enabling local information disclosure without extra privileges or user interaction. The risk is described as a local information disclosure vulnerab...

5.5CVSS5.7AI score0.00139EPSS
CVE
CVE
added 2020/06/04 11:24 p.m.83 views

CVE-2020-13841

CVE-2020-13841 affects LG mobile devices running Android 9–10 on MTK chipsets. A vulnerable AT command handler allows attackers to bypass intended access restrictions, with a high-severity impact per NVD (CVSS v3.1: 9.8). The available documents describe the issue and affected platform but do not...

10CVSS9.3AI score0.0071EPSS
CVE
CVE
added 2021/06/22 11:1 a.m.83 views

CVE-2021-0563

CVE-2021-0563 affects Android 11, due to an out-of-bounds read caused by a heap buffer overflow in ih264e_fmt_conv_422i_to_420sp within ih264e_fmt_conv.c. This could enable local information disclosure without user interaction or additional privileges. Connected sources confirm the vulnerable com...

5.5CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2021/07/14 1:55 p.m.83 views

CVE-2021-0654

Summary: CVE-2021-0654 affects Android Pixel launcher (CVE entry tied to Android kernel/TaskThumbnailView.java) with information disclosure from locked profiles due to a missing permission check in isRealSnapshot. Exploitation requires user interaction; local information disclosure is possible wi...

5.5CVSS5.1AI score0.00327EPSS
CVE
CVE
added 2021/04/09 5:29 p.m.83 views

CVE-2021-25356

CVE-2021-25356 pertains to Samsung’s Managed Provisioning. An improper caller check prior to SMR APR-2021 Release 1 allows an unprivileged application to install arbitrary applications, grant device admin permissions, and subsequently delete multiple installed apps. The issue’s root cause is an i...

8.8CVSS8.6AI score0.00177EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.83 views

CVE-2021-39739

CVE-2021-39739 affects Android 12L and is a vulnerability in the ArrayMap component where SMS contents could be leaked via log information disclosure. The root cause is information disclosure in ArrayMap that enables a local information leak with neither user interaction nor remote access require...

3.3CVSS4.2AI score0.00103EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.83 views

CVE-2021-39766

CVE-2021-39766 affects Android 12L in Settings, enabling a side-channel information disclosure to determine whether an app is installed with local access and no user interaction. Root cause: disclosure of installation status via a side channel. Impact: local information disclosure with no privile...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.83 views

CVE-2021-39778

CVE-2021-39778 affects Android 12L Telecomm, where improper input validation can reveal whether an app is installed, leading to local information disclosure without privileges. Affected component: Telecomm in Android Framework; root cause: input validation flaw exposing install-state. Impact: inf...

5.5CVSS5.6AI score0.00105EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.83 views

CVE-2022-20002

CVE-2022-20002 affects Android 12L in incfs, where a missing permission check enables mounting on arbitrary paths. This can lead to local privilege escalation to SYSTEM with no user interaction required. The vulnerability is described with CVSSv3.1/2.0 metrics (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.83 views

CVE-2022-20062

In CVE-2022-20062, the issue is a memory corruption via a use-after-free in the mdp component. The root cause is use-after-free leading to local escalation of privileges with System execution privileges required. No user interaction is needed for exploitation. Patch ID: ALPS05836418 (Issue ID: AL...

7.2CVSS6.8AI score0.00118EPSS
CVE
CVE
added 2022/04/11 7:38 p.m.83 views

CVE-2022-20077

The CVE-2022-20077 entry concerns a race-condition-based memory corruption in vow that could enable local privilege escalation to SYSTEM, with no user interaction required. Affected context and root cause are described consistently across multiple sources (e.g., Red Hat, NVD, CVE lists, PRION/CVE...

6.9CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2022/05/03 7:57 p.m.83 views

CVE-2022-20089

The CVE-2022-20089 issue concerns the MediaTek aee driver where a memory corruption vulnerability is triggered by active debug code. The flaw could enable local privilege escalation to SYSTEM with no user interaction required. Affected component: aee driver; root cause: memory corruption from deb...

6.7CVSS6.8AI score0.00106EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20199

Summary: CVE-2022-20199 concerns an information disclosure in Android 13’s NfcService.java due to a confused deputy, enabling local information disclosure without extra privileges. The vulnerability is documented across multiple sources, all describing the same issue, with no exploitation details...

5.5CVSS5.1AI score0.0012EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.83 views

CVE-2022-20397

CVE-2022-20397 affects the Android kernel component SitRilSe.cpp (SitRilClient_OnResponse). The issue is an out-of-bounds write caused by a missing bounds check, enabling local elevation of privilege without user interaction. The CVSSv3.1 metrics indicate LOCAL exploitability, LOW privileges requ...

7.8CVSS7.7AI score0.00133EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20513

CVE-2022-20513 affects Android-13 (Pixel) with a vulnerability in CryptoPlugin.cpp: decrypt_1_2 allows an out-of-bounds read, leading to local information disclosure. Exploitation requires local access; no user interaction is needed. Affected product context is Pixel/Android-13; mitigation guidan...

5.5CVSS5AI score0.00206EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20549

CVE-2022-20549 affects Android 13 (Pixel). Root cause: out-of-bounds write in authToken2AidlVec within KeyMintUtils.cpp caused by an incorrect bounds check. Impact: local escalation of privilege with System execution privileges required; no user interaction needed. Exploitation details and fixes ...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20574

CVE-2022-20574 involves the Android kernel’s DRM firmware path, specifically the function sec_sysmmu_info in drm_fw.c. The issue is an out-of-bounds read caused by improper input validation, enabling local information disclosure without additional privileges and without user interaction. Document...

5.5CVSS5.1AI score0.00167EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20591

CVE-2022-20591 affects the Android kernel component ppmpu_set in ppmpu.c. The vulnerability is a logic error that can cause information disclosure locally without requiring additional execution privileges, and it does not require user interaction. Several connected sources consistently describe a...

5.5CVSS5.1AI score0.00175EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20592

CVE-2022-20592 describes a vulnerability in the Android kernel’s DRM firmware, specifically in the function ppmp_validate_secbuf of drm_fw.c. The flaw stems from improper input validation, allowing local information disclosure without requiring additional execution privileges or user interaction....

5.5CVSS5.1AI score0.00167EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.83 views

CVE-2022-20597

CVE-2022-20597 describes a local Elevation of Privilege in the Android kernel: in ppmpu_set of ppmpu.c, an integer overflow can lead to a local escalation of privilege with no extra execution privileges and no user interaction required. Public sources in NVD/Red Hat entries corroborate the Androi...

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2022/06/06 5:38 p.m.83 views

CVE-2022-21753

CVE-2022-21753 affects a WLAN driver where a missing bounds check can cause an out-of-bounds write, enabling local escalation to SYSTEM privileges with no user interaction. This is described across sources (NVD/Red Hat/CVE list) as a local-privilege-escalation issue in the WLAN driver, with the p...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.83 views

CVE-2022-27568

CVE-2022-27568 describes a heap-based buffer overflow in the parser_iloc function of the libsimba library. The vulnerability allows a remote attacker to achieve code execution and arises in versions prior to Samsung SMR Apr-2022 Release 1. The issue is documented across multiple sources (NVD, Red...

10CVSS9.8AI score0.01306EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.83 views

CVE-2022-27833

CVE-2022-27833 concerns Samsung SMR DSP driver vulnerability: improper input validation enables out-of-bounds write via integer overflow in the DSP driver prior to SMR Apr-2022 Release 1. CVSS metrics indicate LOCAL attack with low privileges and high impact on confidentiality, integrity, and ava...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.83 views

CVE-2023-20798

CVE-2023-20798 concerns a buffer size miscalculation in the MediaTek pda module leading to an out-of-bounds read. The issue can cause local information disclosure with system-level privileges and does not require user interaction. Affected component: pda in MediaTek microprogram software (as docu...

4.4CVSS4.4AI score0.00088EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.83 views

CVE-2023-20984

CVE-2023-20984 affects Android 13 via ParseBqrLinkQualityEvt in btif_bqr.cc, where a missing bounds check enables an out-of-bounds read that could cause local information disclosure with system privileges. The vulnerability is described across multiple sources (NVD, Red Hat, OSV, PRION, CNNVD/CVE...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.83 views

CVE-2023-20991

CVE-2023-20991 corresponds to a buffer/bounds issue in the Pixel ble_scanner_hci_interface.cc function btm_ble_process_periodic_adv_sync_lost_evt. The vulnerability is an out-of-bounds read that could enable local information disclosure with System privileges and requires no user interaction. Evi...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.83 views

CVE-2023-21004

Affected product: Android 13 devices; component: Transcode Permission Controllers (getAvailabilityStatus). Root cause: missing permission check enabling a permission bypass. Impact: local escalation of privilege with no extra execution privileges required, no user interaction needed. Exploitation...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.83 views

CVE-2023-21025

CVE-2023-21025 affects Android 13, specifically the function ufdt_local_fixup_prop in ufdt_overlay.c. The vulnerability is an out-of-bounds read due to an incorrect bounds check, allowing local information disclosure with system execution privileges. Exploitation is described as local (no user in...

4.4CVSS4.3AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.83 views

CVE-2023-21030

The CVE-2023-21030 entry describes a memory corruption vulnerability due to a double free in keystore_cli_v2.cpp, enabling local privilege escalation in Android 13 with no user interaction required. Affected software in the connected data includes Google Pixel security advisories and Pixel bullet...

7.8CVSS7.6AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.83 views

CVE-2023-21050

CVE-2023-21050 describes a vulnerability in the Android kernel: in load_png_image of ExynosHWCHelper.cpp there is a possible out-of-bounds write due to improper input validation. This can lead to local escalation of privilege with System execution privileges required; no user interaction is neede...

6.7CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.83 views

CVE-2023-21183

The CVE-2023-21183 entry affects Android 13, describing a logic error in ForegroundUtils/ForegroundUtils.java that enables reading NFC tag data while an app is in the background. This could lead to local privilege escalation without additional execution privileges and without required user intera...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.83 views

CVE-2023-32809

CVE-2023-32809 : Affects the Bluetooth driver in MediaTek devices. The issue is improper access control of the register interface, enabling possible read/write access to registers. This can lead to local leakage of sensitive information with system-level privileges required for exploitation, and ...

4.4CVSS4.5AI score0.00094EPSS
CVE
CVE
added 2023/10/11 6:40 p.m.83 views

CVE-2023-35645

CVE-2023-35645 is listed in Google's Pixel update bulletin under the Edgetpu component with a memory-corruption trigger caused by a race condition, yielding local privilege escalation (System level) without user interaction. The Pixel bulletin indicates this issue is addressed by updating to the ...

6.4CVSS6.7AI score0.00073EPSS
CVE
CVE
added 2023/10/11 7:20 p.m.83 views

CVE-2023-35649

The CVE-2023-35649 issue concerns Exynos modem firmware: multiple functions in Exynos modem files allow an out-of-bounds write due to a missing bounds check. This could enable remote code execution with system-level privileges and does not require user interaction. The description and connected r...

7.2CVSS7.4AI score0.00435EPSS
CVE
CVE
added 2023/10/11 7:21 p.m.83 views

CVE-2023-35652

CVE-2023-35652 describes an out-of-bounds read in ProtocolEmergencyCallListIndAdapter::Init (protocolcalladapter.cpp) caused by a missing bounds check. The issue could enable remote information disclosure and may require exploitation at the baseband firmware level, with no user interaction needed...

7.5CVSS7.1AI score0.00293EPSS
CVE
CVE
added 2023/10/11 7:21 p.m.83 views

CVE-2023-35653

CVE-2023-35653 affects Google Pixel devices in the ImsService component. The issue is an information-disclosure via a permissions bypass that could allow access to location information; exploitation is feasible with local access and requires System-level privileges with no user interaction. The P...

4.4CVSS4.4AI score0.00085EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.83 views

CVE-2024-20050

CVE-2024-20050 affects the flashc component in MediaTek-related platforms, with an uncaught exception leading to local information disclosure. Exploitation requires system execution privileges (local attack) and does not require user interaction. Patch ALPS08541757 (Issue ALPS08541757) is associa...

4.4CVSS6AI score0.00101EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.83 views

CVE-2024-29742

The CVE-2024-29742 issue is a local information-disclosure vulnerability in the Linux kernel component dvfs.c, specifically in apply_minlock_constraint, caused by a missing bounds check that enables an out-of-bounds read. Exploitation requires local access with no user interaction and could allow...

5.5CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.83 views

CVE-2024-29754

CVE-2024-29754 affects Google Pixel/Android components via TMU_IPC_GET_TABLE. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure without requiring user interaction. Exploitation details are not provided in the sources; no explicit impacted...

6.2CVSS6AI score0.00093EPSS
Total number of security vulnerabilities8153