Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/07/12 11:18 p.m.320 views

CVE-2023-20918

CVE-2023-20918 affects the Android Framework, specifically getPendingIntentLaunchFlags in ActivityOptions.java. The issue is an elevation of privilege due to a confused deputy, requiring no user interaction. Exploitation vectors are not detailed in the provided documents, but the Android Security...

9.8CVSS9AI score0.00772EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.318 views

CVE-2023-21102

CVE-2023-21102 is a local EoP vulnerability in the Android kernel related to a bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S. The issue enables local privilege escalation without user interaction, as documented in upstream kernel and Android May 2023 bulletin entri...

7.8CVSS7.4AI score0.00189EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.312 views

CVE-2023-21085

CVE-2023-21085 involves Android’s System component where a missing bounds check in function nci_snd_set_routing_cmd (in file nci_hmsgs.cc ) can cause an out-of-bounds write. This flaw could enable remote code execution with no privileges and no user interaction, by an attacker in proximal/adjacen...

8.8CVSS8.7AI score0.00165EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.309 views

CVE-2019-2228

CVE-2019-2228 describes an out-of-bounds read in cups: array_find in array.c, caused by an incorrect bounds check. This can lead to local information disclosure through the printer spooler, with no additional execution privileges required and no user interaction. The vulnerability affects multipl...

5.5CVSS5AI score0.00203EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.304 views

CVE-2023-20928

CVE-2023-20928 : A use-after-free in binder_vma_close of binder.c enables local privilege escalation due to improper locking. Exploitation requires no user interaction; impact is described as local escalation of privilege with high severity. Affected reference material cites upstream kernel chang...

7.8CVSS7.4AI score0.0018EPSS
CVE
CVE
added 2020/10/14 1:7 p.m.303 views

CVE-2020-0423

CVE-2020-0423 is a use-after-free in the Android/Linux binder driver (binder_release_work in binder.c) caused by improper locking. It enables local privilege escalation with no extra user interaction required. The description appears consistently across multiple connected sources (e.g., Astra Lin...

7.8CVSS7.4AI score0.00507EPSS
CVE
CVE
added 2015/08/08 10:0 a.m.302 views

CVE-2015-1805

CVE-2015-1805 covers a local elevation/DoS flaw in the Linux kernel where the pipe_read/pipe_write paths in fs/pipe.c mishandle side effects from failed __copy_to_user_inatomic and __copy_from_user_inatomic calls. The issue permits a local user to crash the system or potentially gain privileges v...

7.2CVSS6.1AI score0.01407EPSS
CVE
CVE
added 2019/09/06 9:44 p.m.301 views

CVE-2019-2182

CVE-2019-2182 is an Android/Linux kernel vulnerability in the MMU/arm64 memory management path. The issue is a race condition that can leave kernel text and rodata pages writable, enabling local privilege escalation without user interaction. The description in connected advisories confirms the ro...

7.8CVSS7.5AI score0.00217EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.300 views

CVE-2024-29745

CVE-2024-29745 affects Google Pixel devices in the bootloader component, with an information-disclosure flaw caused by uninitialized data. The NVD entry describes local information disclosure without extra privileges or user interaction. The Pixel Update Bulletin notes this vulnerability as poten...

5.5CVSS7.5AI score0.00482EPSS
In wild
CVE
CVE
added 2025/01/28 7:13 p.m.297 views

CVE-2024-40675

CVE-2024-40675 affects Android: a vulnerability in Intent.java -> parseUriInternal can loop infinitely due to input validation issues, causing local DoS without extra privileges. Public sources in the provided connected docs confirm the issue and note patch status varies: Nessus lists it as an...

7.5CVSS6.9AI score0.00309EPSS
CVE
CVE
added 2019/09/06 9:48 p.m.296 views

CVE-2019-9448

CVE-2019-9448 affects the Android kernel FingerTipS touchscreen driver. It is an out-of-bounds write due to a missing bounds check, enabling local escalation of privilege to System, with no user interaction required. The Pixel update bulletin indicates this issue is addressed by patches in 2019-0...

6.7CVSS6.7AI score0.00186EPSS
CVE
CVE
added 2024/11/13 5:25 p.m.295 views

CVE-2024-43093

CVE-2024-43093 affects the Android Framework component ExternalStorageProvider.java, where a bypass of a file-path filter can occur due to incorrect Unicode normalization. The root issue can allow local escalation of privilege without extra execution privileges, with exploitation requiring user i...

7.3CVSS7.4AI score0.00714EPSS
In wild
CVE
CVE
added 2016/03/03 12:0 a.m.294 views

CVE-2016-0705

CVE-2016-0705 is a vulnerability in OpenSSL where the dsa_priv_decode function can double-free memory when processing malformed DSA private keys, potentially enabling a denial of service or memory corruption. Affected OpenSSL versions are 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g. Remediation i...

10CVSS8.1AI score0.26335EPSS
CVE
CVE
added 2019/09/06 9:50 p.m.294 views

CVE-2019-9449

The CVE-2019-9449 entry affects the Android kernel FingerTipS touchscreen driver. It describes a possible out-of-bounds read caused by a missing bounds check, leading to local information disclosure with system execution privileges required. No user interaction is needed for exploitation, and exp...

4.4CVSS4.3AI score0.00184EPSS
CVE
CVE
added 2019/09/06 9:47 p.m.293 views

CVE-2019-9447

CVE-2019-9447 affects the Android kernel FingerTipS touchscreen driver. The root cause is a use-after-free due to improper locking in the touch driver, enabling local escalation of privilege with System execution privileges required; exploitation does not require user interaction. Public referenc...

6.7CVSS6.7AI score0.00147EPSS
CVE
CVE
added 2019/09/06 9:48 p.m.292 views

CVE-2019-9454

CVE-2019-9454 affects the Android kernel, specifically the i2c driver, where an out-of-bounds write could corrupt memory. This leads to local escalation of privilege with SYSTEM execution privileges required; no user interaction is needed for exploitation. Public references describe the vulnerabi...

6.7CVSS6.8AI score0.00182EPSS
CVE
CVE
added 2019/09/06 9:48 p.m.290 views

CVE-2019-9450

The CVE-2019-9450 issue affects the Android kernel FingerTipS touchscreen driver. The vulnerability is a memory corruption caused by a race condition in the touch driver, enabling local escalation of privilege with System execution privileges required; exploitation does not require user interacti...

6.4CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2022/05/10 7:56 p.m.290 views

CVE-2022-20008

CVE-2022-20008 affects the Android kernel via mmc_blk_read_single in block.c, where uninitialized data can allow reading kernel heap memory. This enables local information disclosure when reading from an SD card that triggers errors, with no additional privileges and no user interaction required....

4.6CVSS5AI score0.00361EPSS
CVE
CVE
added 2019/09/06 9:46 p.m.289 views

CVE-2019-9275

In the Android kernel, the MNH driver contains a use-after-free caused by improper locking, enabling local escalation of privilege to the System level with no user interaction required. The issue is officially documented as CVE-2019-9275 and is listed in the Pixel 2019-09-01 bulletin as a Moderat...

7.5CVSS6.8AI score0.00402EPSS
CVE
CVE
added 2019/09/06 9:47 p.m.289 views

CVE-2019-9442

CVE-2019-9442 affects the Android kernel MNH driver. The issue is memory corruption due to a use-after-free, enabling local elevation of privilege with System privileges required. User interaction is not needed for exploitation. The vulnerability is documented across multiple sources (NVD, RH, CN...

6.7CVSS6.7AI score0.00144EPSS
CVE
CVE
added 2019/09/06 9:42 p.m.287 views

CVE-2019-9426

CVE-2019-9426 affects the Android kernel Bluetooth, where a missing bounds check can cause an out-of-bounds write. This vulnerability can enable local escalation of privilege to System level without user interaction. The issue is documented across multiple sources (Android/Bluetooth context, Red ...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2019/09/06 9:50 p.m.286 views

CVE-2019-9445

The CVE-2019-9445 entry describes a flaw in the Android kernel F2FS driver: an out-of-bounds read due to a missing bounds check, enabling local information disclosure with kernel privileges and no user interaction required. Connected Nessus advisories and Debian/Unity Linux advisories confirm the...

4.4CVSS4.9AI score0.0027EPSS
CVE
CVE
added 2020/09/17 6:45 p.m.284 views

CVE-2020-0431

CVE-2020-0431 refers to an out-of-bounds write in the kernel’s keyboard.c function kbd_keycode, caused by a missing bounds check. The vulnerability could enable local privilege escalation without user interaction. Public connected advisories ( MiracleLinux AXSA:2021-2148:12 and Unity Linux UTSA-2...

6.7CVSS7AI score0.00223EPSS
CVE
CVE
added 2017/04/04 4:54 a.m.283 views

CVE-2016-10229

The CVE-2016-10229 issue affects the Linux kernel’s UDP handling: udp.c in versions before 4.5 contains an unsafe second checksum calculation when a recv call uses MSG_PEEK, enabling remote code execution. Reports and advisories (e.g., ALAS-2017-832, Alpine, Debian, Broadcom/Big-IP advisories) co...

10CVSS9.2AI score0.12791EPSS
CVE
CVE
added 2020/07/17 7:59 p.m.281 views

CVE-2020-0305

CVE-2020-0305: A use-after-free due to a race in cdev_get of char_dev.c on Android 10 could allow local privilege escalation. Exploitation requires local access; no user interaction. The available connected documents confirm the vulnerability and affected product (Android-10), but do not specify ...

6.4CVSS6.7AI score0.00168EPSS
CVE
CVE
added 2017/09/14 7:0 p.m.280 views

CVE-2017-0782

CVE-2017-0782 is a remote code execution vulnerability in Android Bluetooth PAN (Personal Area Networking) via the BNEP high-level configuration, causing memory corruption and allowing full device compromise without user interaction. It affects Android versions 4.4.4 through 8.0 (per the CVE desc...

8.8CVSS8.2AI score0.02099EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.278 views

CVE-2018-5848

CVE-2018-5848 concerns the Linux kernel function wmi_set_ie(), where unsigned integer overflow in length validation can lead to a buffer overflow when processing the ie_len argument. The description across connected Nessus entries ties this to memory corruption and potential system crash, affecti...

7.8CVSS6.3AI score0.00366EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.276 views

CVE-2023-21237

CVE-2023-21237 affects Android Framework UI logic in NotificationContentInflater.java (applyRemoteView) that can hide a foreground service notification due to misleading or insufficient UI, enabling local information disclosure without extra privileges. Public sources confirm impact on Android 13...

6.2CVSS5.3AI score0.00264EPSS
In wild
CVE
CVE
added 2022/03/16 2:4 p.m.273 views

CVE-2021-39685

CVE-2021-39685 affects the Linux kernel USB Gadget subsystem, with an out-of-bounds write caused by an incorrect flag check in several gadget setups. The issue allows local privilege escalation (no user interaction required) and can lead to information disclosure or DoS as described in upstream n...

7.8CVSS7.9AI score0.00461EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.272 views

CVE-2024-29748

CVE-2024-29748 is an Android Pixel privilege-escalation vulnerability affecting Pixel firmware. Root cause described as a logic error allowing local escalation of privilege without extra execution privileges; exploitation requires user interaction. CVSSv3.1 base score 7.8 (HIGH) with LOCAL access...

7.8CVSS8.2AI score0.0068EPSS
In wild
CVE
CVE
added 2019/09/27 6:5 p.m.270 views

CVE-2019-9232

CVE-2019-9232 affects libvpx with an out-of-bounds read due to a missing bounds check, enabling remote information disclosure without privileges and without user interaction. The Connected documents corroborate libvpx as the affected component and cite multiple vendor advisories (ALAS2-2020-1558,...

7.5CVSS7.2AI score0.05092EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.270 views

CVE-2022-23432

CVE-2022-23432 records an improper input validation in the SMC_SRPMB_WSM handler of RPMB ldfw, before SMR Feb-2022 Release 1, that allows arbitrary memory writes and code execution. Affected: RPMB ldfw/SMSC SRPMB WSM handler (pre-Release 1 Feb-2022). Impact: local attacker could corrupt memory an...

6.7CVSS6.8AI score0.00117EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.269 views

CVE-2017-0852

CVE-2017-0852 is a DoS in Android’s media framework libhevc affecting Android 5.0.2, 5.1.1 and 6.0. The connected sources confirm the flaw in the Media framework (libhevc) and list the affected versions. The Pixel/Nexus bulletin notes that patches addressing this and other issues are included in ...

7.8CVSS7AI score0.00422EPSS
CVE
CVE
added 2019/06/07 7:38 p.m.269 views

CVE-2019-2102

CVE-2019-2102 concerns a BLE LTK misconfiguration where a long-term key from the BLE spec example could be used as a hardcoded LTK. The initial description specifies Android as affected, listing Android 7.0 through 9.0, with an attacker in proximity capable of remotely injecting keystrokes on a p...

8.8CVSS7.2AI score0.00332EPSS
CVE
CVE
added 2020/08/11 7:25 p.m.269 views

CVE-2020-0108

CVE-2020-0108 is a local elevation-of-privilege in Google Android. In ServiceRecord.java, a failure to handle an exception in postNotification can bypass foreground service restrictions, allowing a malicious local app to run at elevated privileges without user interaction. Affected Android versio...

7.8CVSS7.7AI score0.00498EPSS
CVE
CVE
added 2020/09/17 8:45 p.m.269 views

CVE-2020-0338

The CVE-2020-0338 entry concerns Android. In AccountManagerService.checkKeyIntent, a permission bypass could allow local information disclosure with the attacker gaining access via the device’s own user context. Public docs (NVD entry) confirm affected products as Android 9/10 with a local attack...

5CVSS4.7AI score0.00156EPSS
CVE
CVE
added 2024/09/13 8:28 p.m.269 views

CVE-2024-29779

CVE-2024-29779 is a local elevation of privilege in Android (System component) caused by an unusual root-cause logic issue. No user interaction is required for exploitation. It is addressed in Android patch levels 2024-11-01/2024-11-05 with vendor updates (Android and partner advisories indicate ...

7.8CVSS7.2AI score0.00066EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.267 views

CVE-2017-0589

CVE-2017-0589 is a remote code execution vulnerability in libhevc used by the Android Mediaserver . A specially crafted media file could cause memory corruption during processing, enabling code execution within Mediaserver. Affected Android versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. T...

9.3CVSS7.6AI score0.01338EPSS
CVE
CVE
added 2019/09/06 9:46 p.m.267 views

CVE-2019-9276

CVE-2019-9276 affects the Android kernel’s synaptics_dsx_htc touchscreen driver. It describes a possible out-of-bounds write caused by a use-after-free, enabling local escalation of privilege to SYSTEM without user interaction. Remedies are not detailed in this document, but the Pixel update bull...

6.7CVSS6.7AI score0.0018EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.267 views

CVE-2021-0957

CVE-2021-0957 affects Android 10–12, with the vulnerability located in the NotificationStackScrollLayout.java code path. It enables a local elevation of privilege by bypassing Factory Reset Protection, requiring no user interaction to exploit (local attack surface). Public details in connected so...

7.8CVSS7.7AI score0.00126EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.266 views

CVE-2019-9376

CVE-2019-9376 corresponds to a DoS condition in Android (boot loop) caused by improper input validation in Account.java. Affected products per the CVE entry include Android 8.0, 8.1 and 9. The vulnerability enables local denial of service with no user interaction. Public sources in the connected ...

5.5CVSS5.3AI score0.00135EPSS
CVE
CVE
added 2019/06/07 7:41 p.m.264 views

CVE-2019-2101

CVE-2019-2101 affects the Android kernel as described in the connected advisories. The vulnerability is caused by an out-of-bounds read in the function uvc_parse_standard_control within uvc_driver.c , resulting from improper input validation. This can lead to local information disclosure without ...

5.5CVSS5.9AI score0.004EPSS
CVE
CVE
added 2026/01/15 5:41 p.m.264 views

CVE-2025-36911

CVE-2025-36911 (WhisperPair) is a vulnerability in Google Fast Pair where devices may accept Key-Based Pairing requests even when not in pairing mode, enabling unauthorized pairing without user interaction. Connected tooling demonstrates practical exploitation: an attacker can obtain a BR/EDR add...

7.1CVSS5.8AI score0.06942EPSS
CVE
CVE
added 2019/09/06 9:49 p.m.262 views

CVE-2019-9245

CVE-2019-9245 details (supported by connected docs): In the Android kernel, the f2fs driver contains a missing bounds check leading to a possible out-of-bounds read. This can cause local information disclosure and requires System privileges for exploitation, with no user interaction needed. The N...

4.4CVSS4.2AI score0.00186EPSS
CVE
CVE
added 2022/06/15 1:3 p.m.261 views

CVE-2022-20210

CVE-2022-20210 describes a bug in the modem parsing NAS messages used by UE and EMM in Android, where a malformed NAS message could cause remote crash leading to DoS or RCE. Connected sources confirm this is a vulnerability in the Android modem stack with critical impact (network attack, no user ...

10CVSS9.1AI score0.03461EPSS
CVE
CVE
added 2019/09/06 9:45 p.m.260 views

CVE-2019-9273

CVE-2019-9273 is a local elevation-of-privilege vulnerability in the Android kernel’s synaptics_dsx_htc touchscreen driver, caused by an improper locking leading to a use-after-free. The issue could allow a privileged attacker to gain System execution rights without user interaction. Public detai...

6.7CVSS6.7AI score0.00138EPSS
CVE
CVE
added 2019/09/06 9:46 p.m.260 views

CVE-2019-9274

CVE-2019-9274 affects the Android kernel MNH driver. The issue is an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation to System with no user interaction required. Confirmed details across multiple sources (NVD entry and vendor advisories) describe the MNH ...

6.7CVSS7.5AI score0.00173EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.260 views

CVE-2021-39698

CVE-2021-39698 affects the Android kernel. In aio_poll_complete_work() in aio.c there is a use-after-free that can corrupt memory, potentially enabling local privilege escalation with no extra execution privileges required and no user interaction. The advisory notes the impact as local escalation...

7.8CVSS8AI score0.00232EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.259 views

CVE-2017-0861

CVE-2017-0861 is a use-after-free in the Linux kernel’s ALSA subsystem (snd_pcm_info). The fault is in the PCM core and can lead to privilege escalation via local access, as described in multiple advisories (e.g., CentOS/RH patches) and Debian security updates. If exploited, a local attacker may ...

7.8CVSS7.5AI score0.00427EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.259 views

CVE-2018-9363

CVE-2018-9363 is a Linux-kernel vulnerability in the HIDP Bluetooth driver: hidp_process_report can overflow a buffer due to incorrect length handling, potentially causing memory corruption and DoS, with possible remote code execution. Public documents across Debian/Ubuntu/CentOS‑related advisori...

8.4CVSS7.7AI score0.00456EPSS
Total number of security vulnerabilities8153