Lucene search
+L
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/06/06 5:29 p.m.82 views

CVE-2022-21746

CVE-2022-21746 affects the imgsensor component in MediaTek chips, where a missing bounds check can cause an out-of-bounds read. This can lead to local denial of service with system execution privileges, without user interaction. The entry notes a patch identified as ALPS06479698 (Issue ALPS064796...

4.4CVSS4.6AI score0.00103EPSS
CVE
CVE
added 2022/06/06 5:35 p.m.82 views

CVE-2022-21749

CVE-2022-21749 relates to a vulnerability in the telephony stack where a missing permission check can lead to local information disclosure without requiring execution privileges. The core issue is described as a permission-check bypass in telephony, enabling information disclosure with no user in...

5.5CVSS5.1AI score0.00098EPSS
CVE
CVE
added 2022/06/06 5:40 p.m.82 views

CVE-2022-21758

CVE-2022-21758 involves a memory corruption risk in the internal component "ccu" caused by a double free. The result is potential local escalation of privilege with System execution privileges needed; exploitation does not require user interaction. A patch exists (Patch ID: ALPS06439600; Issue ID...

6.7CVSS6.8AI score0.00106EPSS
CVE
CVE
added 2022/03/08 1:46 p.m.82 views

CVE-2022-25814

The CVE-2022-25814 entry describes a local PendingIntent hijacking flaw in Wearable Manager Installer (Android) prior to Samsung SMR Mar-2022 Release 1. Root cause: hijack of PendingIntent to cause unauthorized actions without permission. Affected component: Wearable Manager Installer. Impact per...

7.8CVSS7.3AI score0.00098EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.82 views

CVE-2022-27828

CVE-2022-27828 involves Samsung MediaMonitorEvent with an improper input/validation check prior to SMR Apr-2022 Release 1. The vulnerability is rated HIGH (CVSSv3.1: Local, Low attack complexity, Privileges Required: Low, No user interaction; confidentiality, integrity, and availability all high)...

8.5CVSS7.5AI score0.00136EPSS
CVE
CVE
added 2022/06/07 5:58 p.m.82 views

CVE-2022-30721

The CVE-2022-30721 entry concerns a vulnerability in libsmkvextractor. Description: an improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1, which allows an attacker to trigger a crash. Connected sources corroborate a Samsung/Android context and ...

5.3CVSS5.2AI score0.00201EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.82 views

CVE-2022-42513

CVE-2022-42513 : A missing bounds check in ProtocolEmbmsBuilder::BuildSetSession (protocolembmsbuilder.cpp) allows an out-of-bounds write in the Android kernel, enabling local escalation of privilege to SYSTEM level. No user interaction is required. Documented in multiple sources (e.g., NVD entry...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.82 views

CVE-2022-42524

The CVE-2022-42524 entry describes an out-of-bounds read in Android’s sms_GetTpUdlIe within sms_PduCodec.c due to a missing bounds check. This can lead to remote information disclosure without extra privileges or user interaction. Connected OSV data confirms the same file-level bug, but no exploi...

7.5CVSS7AI score0.00541EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.82 views

CVE-2022-42534

CVE-2022-42534 affects the Android kernel component, specifically the trusty_ffa_mem_reclaim path in shared-mem-smcall.c. The issue is a privilege-escalation vulnerability caused by improper input validation, enabling local elevation of privilege with no additional execution privileges required, ...

7.8CVSS7.7AI score0.00122EPSS
CVE
CVE
added 2023/06/06 12:12 p.m.82 views

CVE-2023-20725

CVE-2023-20725 affects MediaTek chip preloader: an out-of-bounds write caused by a missing bounds check can lead to local escalation of privilege with System execution privileges required. Exploitation requires no user interaction. Affected devices/versions include MT6880, MT6890, MT6980, and MT6...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.82 views

CVE-2023-20830

The CVE-2023-20830 entry describes a local out-of-bounds write in gps on MediaTek chips due to a missing bounds check. This could allow local escalation of privilege with System execution privileges; user interaction is not required. The issue is associated with a patch ID ALPS08014144 and an Iss...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.82 views

CVE-2023-20969

CVE-2023-20969 describes an out-of-bounds read in multiple locations of p2p_iface.cpp, leading to possible local information disclosure with system execution privileges required. The Android 13 context is documented, with impact on confidentiality (C:H) and no required user interaction. The issue...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.82 views

CVE-2023-20970

CVE-2023-20970 is a confirmed Android 13 vulnerability affecting p2p_iface.cpp with an out-of-bounds read caused by a missing bounds check. Exploitation is described as a local information disclosure vulnerability requiring high privileges and no user interaction. Multiple connected records (RH, ...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.82 views

CVE-2023-21013

CVE-2023-21013 is an out-of-bounds read in hostapd.cpp (forceStaDisconnection) on Android 13. The vulnerability could allow local information disclosure with system-level privileges and requires no user interaction. Connected sources consistently describe the issue without public exploit details....

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21148

CVE-2023-21148 describes a vulnerability in the BuildSetConfig function of protocolimsbuilder.cpp where a missing null check can cause an out-of-bounds read. This could allow local information disclosure with System-level execution privileges required, and exploitation does not require user inter...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21177

CVE-2023-21177 affects Android 13 via WindowManagerService.requestAppKeyboardShortcuts. A missing permission check could allow an attacker to infer the app a user is interacting with, enabling local information disclosure without additional execution privileges and without user interaction. Repor...

5.5CVSS5.1AI score0.00087EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21178

CVE-2023-21178 concerns Android 13 where the issue arises in the installKey function of KeyUtil.cpp. A race condition could cause a possible failure of file encryption, leading to local information disclosure with System privileges required. Exploitation reportedly does not require user interacti...

4.1CVSS4AI score0.00054EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21179

CVE-2023-21179 affects Android 13 and involves XmlUtil.java’s parseSecurityParamsFromXml. The root issue is a weakness in how crypto is used, allowing bypass of a user-specified wifi encryption protocol, enabling local privilege escalation with no additional execution privileges or user interacti...

7.8CVSS7.7AI score0.00076EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21198

CVE-2023-21198 affects Android 13 via the Bluetooth SDP server (btif_sdp_server.cc) in remove_sdp_record, where a missing bounds check enables an out-of-bounds read and local information disclosure. Exploitation is described as requiring no user interaction; no exploit specifics or exploitation s...

5.5CVSS5AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21203

The CVE-2023-21203 issue affects Android 13 with a fault in startWpsPbcInternal in sta_iface.cpp that allows an out-of-bounds read due to improper input validation. This could enable local escalation of privilege to SYSTEM with no user interaction required. Connected sources corroborate the file ...

6.7CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21223

CVE-2023-21223 affects Android kernel via an out-of-bounds read in LPP_ConvertGNSS_DataBitAssistance (LPP_CommonUtil.c) caused by a missing bounds check. This enables remote information disclosure with no privileges or user interaction required. Impact and exploitability are described in multiple...

7.5CVSS7AI score0.00441EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.82 views

CVE-2023-21224

CVE-2023-21224 affects the Android kernel, specifically the ss_ProcessReturnResultComponent function in ss_MmConManagement.c. The vulnerability is a heap-buffer-overflow–induced out-of-bounds read that could lead to remote information disclosure without extra privileges or user interaction. Publi...

7.5CVSS7.2AI score0.00455EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.82 views

CVE-2023-21314

CVE-2023-21314 is a Bluetooth-related information-disclosure vulnerability in Android, caused by a missing bounds check that allows an out-of-bounds read. The impact is local information disclosure with system-level privileges required for exploitation; no user interaction is needed. Multiple con...

4.4CVSS5AI score0.00088EPSS
CVE
CVE
added 2023/12/08 3:44 p.m.82 views

CVE-2023-48411

CVE-2023-48411 involves an out-of-bounds read in SignalStrengthAdapter::FillGsmSignalStrength() inside protocolmiscadapter.cpp. The issue stems from a missing bounds check and could enable local information disclosure with baseband firmware compromise required; exploitation does not require user ...

5.5CVSS5AI score0.001EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.82 views

CVE-2023-52342

The CVE-2023-52342 entry concerns the modem-ps-nas-ngmm component, where an undefined behavior due to incorrect error handling could allow remote information disclosure without additional execution privileges. Documents confirm the vulnerability impact is a confidentiality exposure (CVE described...

7.5CVSS6.5AI score0.00338EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.82 views

CVE-2024-29747

CVE-2024-29747 affects the dvfs_get_lv function in dvfs.c, where a missing null check enables an out-of-bounds read. This can lead to local information disclosure with no additional privileges and no user interaction required. The connected records consistently describe the same issue, but none p...

5.9CVSS6AI score0.00087EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.82 views

CVE-2024-32921

The CVE affects the lwis_fence.c component, specifically the function lwis_initialize_transaction_fences, where a missing bounds check can cause an out-of-bounds write. This leads to a possible local escalation of privilege with no additional execution privileges required and without user interac...

7.4CVSS6.9AI score0.00075EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.82 views

CVE-2024-43764

CVE-2024-43764 affects Google Android where the onPrimaryClipChanged path in ClipboardListener.java could partially bypass the lock screen, enabling local elevation of privilege with no user interaction. Exploitation is described as requiring LOCAL access and LOW privileges with UI:N, and impact ...

7.8CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.82 views

CVE-2024-47014

CVE-2024-47014 affects Google Pixel devices running Android with a privilege-escalation vulnerability in the ABL component (A-330537292). Affected product: Pixel devices; vulnerability type: Elevation of Privilege (EoP). Root cause: not explicitly detailed beyond ABL involvement. Impact: privileg...

8.8CVSS6.9AI score0.00226EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.82 views

CVE-2024-47026

CVE-2024-47026 affects Google Pixel devices and is due to an incorrect bounds check in gsc_gsa_rescue within gsc_gsa.c, causing an out-of-bounds read and local information disclosure without requiring user interaction. Exploitation details are not provided in the documents. Affected component: gs...

5.5CVSS6.3AI score0.00072EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.81 views

CVE-2015-3102

Adobe Flash Player and related runtimes (Windows/macOS: 13.0.0.292 and 14.x–18.x before 18.0.0.160; Linux before 11.2.202.466; AIR before 18.0.0.144 on Windows and before 18.0.0.143 on macOS/Android; AIR SDKs before 18.0.0.144/18.0.0.143) are affected by CVE-2015-3102, which enables remote bypass...

5CVSS6.5AI score0.0241EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.81 views

CVE-2015-5570

CVE-2015-5570 is a use-after-free vulnerability in Adobe Flash Player (affecting pre-18.0.0.241 and 19.x before 19.0.0.185) and Adobe AIR before 19.0.0.190, enabling remote code execution via specially crafted SWF handling. Adobe APSB15-23 patches are referenced; apply fixed builds to remediate.

10CVSS7.5AI score0.05747EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.81 views

CVE-2015-5588

Technical details about CVE-2015-5588 are not publicly provided in the connected documents. No affected product/version/impact is specified here. Monitor for updates in the EUVD advisories and official vendor bulletins.

10CVSS7.8AI score0.04046EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.81 views

CVE-2017-0714

CVE-2017-0714 is a remote code execution vulnerability in Android’s media framework h263 decoder . Affected products/versions: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause: vulnerability exists in decoding of H.263 files/streams, enabling arbitrary code execution. Docume...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.81 views

CVE-2017-0722

Summary of CVE-2017-0722 : A remote code execution vulnerability in the Android media framework, specifically the h263 decoder. Affected products/versions: Android devices running 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause as stated in the provided documents is the vulnerabili...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2024/12/04 11:27 p.m.81 views

CVE-2018-9402

CVE-2018-9402: A buffer overwrite in multiple functions of gl_proc.c due to a missing bounds check could lead to kernel privilege escalation. The issue is documented across several sources (NVD/Red Hat CNVD/CNNVD/CIRCL and related Android Pixel bulletin context) with no exploitation details provi...

8.8CVSS7AI score0.00097EPSS
CVE
CVE
added 2020/03/10 8:4 p.m.81 views

CVE-2020-0053

The CVE-2020-0053 issue affects Android 10, specifically in hidl_struct_util.cpp within convertHidlNanDataPathInitiatorRequestToLegacy and convertHidlNanDataPathIndicationResponseToLegacy. It describes a possible out-of-bounds write due to a missing bounds check, enabling local escalation of priv...

6.7CVSS7.2AI score0.00156EPSS
CVE
CVE
added 2020/12/18 8:45 a.m.81 views

CVE-2020-35550

The CVE-2020-35550 entry describes a vulnerability affecting Samsung mobile devices running O(8.x), P(9.0), Q(10.0), and R(11.0) software, where attackers can bypass Factory Reset Protection (FRP) via the StatusBar. This entry is linked to Samsung’s internal ID SVE-2020-17888 (December 2020). No ...

9.8CVSS9.4AI score0.00598EPSS
CVE
CVE
added 2021/04/09 5:36 p.m.81 views

CVE-2021-25363

Summary: CVE-2021-25363 describes an improper access control in Samsung’s ActivityManagerService prior to the SMR APR-2021 Release 1, enabling untrusted applications to access running processes and delete local files. Affected scope (from provided sources): Samsung SMR (system patch package) prio...

6.8CVSS6.1AI score0.00106EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.81 views

CVE-2021-39679

CVE-2021-39679 affects Android kernel graphics handling (vendor_graphicbuffer_meta.cpp). The issue is a race condition leading to a possible use-after-free, enabling local escalation of privilege without extra execution privileges, and not requiring user interaction. Documentation consistently de...

7CVSS7AI score0.00089EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.81 views

CVE-2021-39680

CVE-2021-39680 affects the Android kernel, with the flaw located in sec_SHA256_Transform within sha256_core.c. The issue allows reading heap data due to uninitialized data, enabling local information disclosure with system privileges. Exploitation does not require user interaction. The vulnerabil...

4.4CVSS4.2AI score0.00115EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.81 views

CVE-2021-39684

CVE-2021-39684 relates to the Android kernel component gs101/abl/target/slider/target.c, where a logic error can cause allocation of RWX memory. This may enable local privilege escalation with no extra execution privileges or user interaction required. Connected OSV data confirms the issue but do...

7.8CVSS7.6AI score0.00128EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.81 views

CVE-2021-39764

CVE-2021-39764 is documented in Android 12L release notes as a Framework Elevation of Privilege (EoP) vulnerability with moderate severity. The entry specifies an improper input validation issue in Settings that can display an incorrect app name, enabling local privilege escalation via app spoofi...

7.8CVSS7.8AI score0.00309EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.81 views

CVE-2021-39772

CVE-2021-39772 affects Android 12L via a Bluetooth-related issue where access to the A2DP audio control switch is possible due to a missing permission check. This could enable local privilege escalation without user interaction. The flaw is described in the Android 12L security release notes and ...

8.8CVSS8.3AI score0.00192EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.81 views

CVE-2022-20044

CVE-2022-20044 involves a use-after-free in Bluetooth that can crash the Bluetooth service and enable local escalation of privilege without user interaction. Exploitation is local with low privileges required and LOW attack complexity; the vulnerability impacts confidentiality, integrity, and ava...

7.8CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.81 views

CVE-2022-20065

In the CVE-2022-20065 entry, the issue is described as a missing bounds check in the ccci component leading to an out-of-bounds read. This could allow local information disclosure with System execution privileges, and exploitation does not require user interaction. A patch is identified: ALPS0610...

6.7CVSS5.9AI score0.00113EPSS
CVE
CVE
added 2022/05/03 8:2 p.m.81 views

CVE-2022-20102

The CVE-2022-20102 issue affects the aee daemon and stems from a missing permission check, enabling local information disclosure with System privileges. Exploitation requires no user interaction. The NVD reports CVSSv3.1 base score 4.4 (Local, Privileges Required: High, Confidentiality Impact: Hi...

4.4CVSS4.3AI score0.00105EPSS
CVE
CVE
added 2022/08/11 3:7 p.m.81 views

CVE-2022-20241

CVE-2022-20241 affects Android 13 Messaging, where improper input validation allows attaching a private file to an SMS, enabling local information disclosure without extra privileges. Impact is Information Disclosure (C) with Local attack vector and no user interaction required per NVD metrics (C...

3.3CVSS4.5AI score0.0009EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.81 views

CVE-2022-20509

CVE-2022-20509 affects Android 13 in the code path mapGrantorDescr of MessageQueueBase.h, where a missing bounds check can cause an out-of-bounds write. This could enable local escalation of privilege to SYSTEM with no user interaction, requiring local access and high privileges. The Pixel bullet...

6.7CVSS6.7AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.81 views

CVE-2022-20517

CVE-2022-20517 affects Android 13, in MmsSmsProvider.java’s getMessagesByPhoneNumber, where SQL injection can lead to access to restricted tables and local information disclosure with no extra privileges required. The CVE entry notes LOCAL attack vector with LOW exploit complexity and NONE user i...

5.5CVSS5.5AI score0.00211EPSS
Total number of security vulnerabilities8153