Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/06/22 10:59 a.m.80 views

CVE-2021-0564

CVE-2021-0564 affects Android 11, caused by a race condition in the decrypt path of CryptoPlugin.cpp that can trigger a use-after-free. The vulnerability allows local elevation of privilege with System execution privileges and does not require user interaction. Exploitation details are not provid...

6.4CVSS6.5AI score0.00086EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.80 views

CVE-2021-0983

CVE-2021-0983 affects Android 12L in the DevicePolicyManagerService.createAdminSupportIntent, enabling local information disclosure of the installed device/profile owner package name via a side-channel. Exploitation requires no user interaction and does not require additional privileges; impact i...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/04/09 5:36 p.m.80 views

CVE-2021-25363

Summary: CVE-2021-25363 describes an improper access control in Samsung’s ActivityManagerService prior to the SMR APR-2021 Release 1, enabling untrusted applications to access running processes and delete local files. Affected scope (from provided sources): Samsung SMR (system patch package) prio...

6.8CVSS6.1AI score0.00106EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.80 views

CVE-2021-39639

CVE-2021-39639 affects the Android kernel component (fvp.c) with a missing permission check in TBD, enabling local escalation of privilege when an attacker has physical access to device internals. The vulnerability could be exploited without user interaction; attack vector is physical and impact ...

7.2CVSS6.6AI score0.00125EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.80 views

CVE-2021-39678

CVE-2021-39678 is described in connected sources as a vulnerability in the Android kernel allowing a bypass of Factory Reset Protection that could lead to local privilege escalation with no user interaction. The NVD entry lists impact as local, with base scores indicating high severity (CVSSv3.1:...

7.8CVSS7.6AI score0.00135EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.80 views

CVE-2021-39679

CVE-2021-39679 affects Android kernel graphics handling (vendor_graphicbuffer_meta.cpp). The issue is a race condition leading to a possible use-after-free, enabling local escalation of privilege without extra execution privileges, and not requiring user interaction. Documentation consistently de...

7CVSS7AI score0.00089EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.80 views

CVE-2021-39772

CVE-2021-39772 affects Android 12L via a Bluetooth-related issue where access to the A2DP audio control switch is possible due to a missing permission check. This could enable local privilege escalation without user interaction. The flaw is described in the Android 12L security release notes and ...

8.8CVSS8.3AI score0.00192EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.80 views

CVE-2021-39790

CVE-2021-39790 affects Android 12L Dialer. The issue arises from a missing permission check in the Dialer component, enabling local elevation of privilege. Exploitation requires user interaction, and successful abuse could grant elevated privileges on the device. The vulnerability is classified a...

7.8CVSS7.8AI score0.00297EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.80 views

CVE-2022-20044

CVE-2022-20044 involves a use-after-free in Bluetooth that can crash the Bluetooth service and enable local escalation of privilege without user interaction. Exploitation is local with low privileges required and LOW attack complexity; the vulnerability impacts confidentiality, integrity, and ava...

7.8CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.80 views

CVE-2022-20554

CVE-2022-20554 affects Android 13 in Pixel devices. The vulnerability arises from an out-of-bounds read caused by a use-after-free in the function removeEventHubDevice within InputDevice.cpp. This leads to local elevation of privilege with System execution privileges required, and exploitation do...

6.7CVSS6.5AI score0.00173EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.80 views

CVE-2022-20605

CVE-2022-20605 affects the Android kernel component SAECOMM_Utility.c, specifically the SAECOMM_CopyBufferBytes function. The underlying issue is an incorrect bounds check that enables an out-of-bounds read, leading to potential remote information disclosure without requiring additional privilege...

7.5CVSS7AI score0.00755EPSS
CVE
CVE
added 2022/06/06 5:40 p.m.80 views

CVE-2022-21758

CVE-2022-21758 involves a memory corruption risk in the internal component "ccu" caused by a double free. The result is potential local escalation of privilege with System execution privileges needed; exploitation does not require user interaction. A patch exists (Patch ID: ALPS06439600; Issue ID...

6.7CVSS6.8AI score0.00106EPSS
CVE
CVE
added 2022/07/06 1:7 p.m.80 views

CVE-2022-21774

CVE-2022-21774 describes a use-after-free in the TEEI driver caused by a race condition, enabling local escalation of privileges to SYSTEM with no user interaction required. Documents from Red Hat and NVD confirm the flaw and patch ALPS06641447/ALPS06641447 as a fix. The available sources do not ...

6.7CVSS6.7AI score0.00086EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.80 views

CVE-2022-26096

CVE-2022-26096 describes a null pointer dereference in the parser_ispe function of the libsimba library prior to Samsung SMR Apr-2022 Release 1. The flaw permits a remote attacker to cause an out-of-bounds write. Connected documents consistently identify the affected component as libsimba and the...

9.8CVSS9.4AI score0.00503EPSS
CVE
CVE
added 2022/06/07 5:58 p.m.80 views

CVE-2022-30721

The CVE-2022-30721 entry concerns a vulnerability in libsmkvextractor. Description: an improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1, which allows an attacker to trigger a crash. Connected sources corroborate a Samsung/Android context and ...

5.3CVSS5.2AI score0.00201EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.80 views

CVE-2023-20830

The CVE-2023-20830 entry describes a local out-of-bounds write in gps on MediaTek chips due to a missing bounds check. This could allow local escalation of privilege with System execution privileges; user interaction is not required. The issue is associated with a patch ID ALPS08014144 and an Iss...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.80 views

CVE-2023-20977

CVE-2023-20977 is an Android/Pixel issue involving an out-of-bounds read in btm_ble_read_remote_features_complete within btm_ble_gap.cc. The root cause is improper input validation, enabling a local information disclosure if the device firmware is compromised with System privileges; exploitation ...

4.4CVSS4.3AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.80 views

CVE-2023-21014

CVE-2023-21014 affects Android 13 where in multiple locations of p2p_iface.cpp a missing bounds check can cause an out-of-bounds read. This leads to local information disclosure and could enable system-level privileges to be exploited locally; no user interaction is required. The vulnerability is...

5.1CVSS4.3AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.80 views

CVE-2023-21045

CVE-2023-21045 affects the Android kernel cpif handling of probe failures. The vulnerability arises from an out-of-bounds read caused by a use-after-free, enabling local information disclosure with SYSTEM privileges; exploitation requires no user interaction. Multiple connected sources (NVD, Red ...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.80 views

CVE-2023-21076

CVE-2023-21076 involves a possible out-of-bounds write due to a heap buffer overflow in the function createTransmitFollowupRequest within nan.cpp. The underlying issue is a heap buffer overflow that could enable a local escalation of privilege with System execution privileges required. Exploitati...

6.7CVSS6.8AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.80 views

CVE-2023-21177

CVE-2023-21177 affects Android 13 via WindowManagerService.requestAppKeyboardShortcuts. A missing permission check could allow an attacker to infer the app a user is interacting with, enabling local information disclosure without additional execution privileges and without user interaction. Repor...

5.5CVSS5.1AI score0.00087EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.80 views

CVE-2023-21186

The CVE-2023-21186 entry describes a likely out-of-bounds read in Dns.cpp (LogResponse) on Android 13 due to a missing bounds check. This could allow remote denial of service without extra privileges or user interaction. Connected sources consistently tie the issue to Android-13 and identify the ...

7.5CVSS7.3AI score0.00472EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.80 views

CVE-2023-21206

CVE-2023-21206 affects Android 13 devices, involving the function initiateVenueUrlAnqpQueryInternal in sta_iface.cpp. The issue is an out-of-bounds read caused by unsafe deserialization, leading to potential local information disclosure with system-level privileges required. Exploitation is descr...

4.4CVSS4.2AI score0.00106EPSS
CVE
CVE
added 2023/12/08 3:45 p.m.80 views

CVE-2023-48416

CVE-2023-48416 is a null dereference issue reported in multiple locations that can cause remote denial of service without user interaction. In the Pixel Security bulletin, this CVE is listed under Pixel components as a DoS vulnerability of Moderate severity affecting the Modem subcomponent. The u...

7.5CVSS7.4AI score0.00452EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.80 views

CVE-2024-20051

In flashc, an uncaught exception can cause a system crash, enabling local denial of service with system execution privileges required. No user interaction is needed. A patch is referenced (ALPS08541757; ALPS08541758).

2.3CVSS6.5AI score0.00082EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.80 views

CVE-2024-29747

CVE-2024-29747 affects the dvfs_get_lv function in dvfs.c, where a missing null check enables an out-of-bounds read. This can lead to local information disclosure with no additional privileges and no user interaction required. The connected records consistently describe the same issue, but none p...

5.9CVSS6AI score0.00087EPSS
CVE
CVE
added 2024/06/13 9:1 p.m.80 views

CVE-2024-29787

In CVE-2024-29787, the issue is in the lwis_process_transactions_in_queue function of lwis_transaction.c. It describes a use-after-free vulnerability that could enable local escalation of privilege without requiring additional execution privileges, and exploitation does not require user interacti...

7.8CVSS6.9AI score0.00078EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.80 views

CVE-2024-32919

CVE-2024-32919 affects the LWIS subsystem (lwis_fence.c: lwis_add_completion_fence) with a type confusion that enables local elevation of privilege. Exploitation requires no user interaction and would grant high confidentiality/integrity/availability impact as per the CVSS. Public sources in the ...

7.8CVSS6.8AI score0.00079EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.80 views

CVE-2024-32920

CVE-2024-32920 describes an out-of-bounds read in set_secure_reg of sac_handler.c, caused by a missing bounds check. This can disclose 4 bytes of stack memory locally without extra privileges or user interaction. Affected software/components, root cause, and explicit remediation are not provided ...

7.1CVSS5.9AI score0.00078EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.80 views

CVE-2024-47017

CVE-2024-47017 affects the ufshc_scsi_cmd function in ufs.c, with a stack variable use-after-free leading to local escalation of privilege. The vulnerability description across Red Hat, NVD, CVE lists, and OSV entries consistently state that no further user interaction is required, and exploitati...

7.8CVSS7.3AI score0.00081EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.80 views

CVE-2024-47030

CVE-2024-47030 affects Android on Google Pixel devices prior to the 2024-10-05 patch level, allowing information disclosure via the ACPM component (A-315191818). The issue is documented in multiple sources (NVD/Red Hat CNVD CNVD-2025-03022, etc.). According to the Pixel security bulletin, the vul...

5.1CVSS6.2AI score0.00094EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.80 views

CVE-2024-53834

CVE-2024-53834 affects Google Android’s sms_Utilities.c, specifically the function sms_DisplayHexDumpOfPrivacyBuffer. The vulnerability is an out-of-bounds read caused by an incorrect bounds check, leading to remote information disclosure without extra privileges or user interaction. Public refer...

7.5CVSS6.6AI score0.00282EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.80 views

CVE-2025-0083

CVE-2025-0083 is an information-disclosure vulnerability affecting Google Android, caused by URI double encoding that allows cross-profile content access without extra privileges. The issue is referenced across multiple sources (Android Android framework/system entries in the 2025 Android bulleti...

4CVSS6AI score0.00091EPSS
CVE
CVE
added 2025/04/07 3:14 a.m.80 views

CVE-2025-20661

CVE-2025-20661 affects PlayReady TA. Root cause: missing bounds check enabling an out-of-bounds read that can yield local escalation of privilege when the attacker already has System privileges; exploitation requires no user interaction. A patch is referenced (Patch ID: DTV04436357; MSV-3185). No...

6.7CVSS7.1AI score0.00087EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.80 views

CVE-2025-22413

The vulnerability CVE-2025-22413 affects the Android kernel (hyp-main.c) where a logic error can allow local privilege escalation and information disclosure without extra privileges or user interaction. The issue is described consistently across multiple sources (Linux kernel context in Android, ...

4CVSS6.3AI score0.00091EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.79 views

CVE-2015-5572

Adobe Flash Player and related Adobe AIR components are affected by CVE-2015-5572, a security bypass that allows information disclosure by bypassing intended access restrictions. The vulnerability affects Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X, and before 11...

5CVSS6.1AI score0.02997EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.79 views

CVE-2017-0714

CVE-2017-0714 is a remote code execution vulnerability in Android’s media framework h263 decoder . Affected products/versions: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause: vulnerability exists in decoding of H.263 files/streams, enabling arbitrary code execution. Docume...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.79 views

CVE-2017-0722

Summary of CVE-2017-0722 : A remote code execution vulnerability in the Android media framework, specifically the h263 decoder. Affected products/versions: Android devices running 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause as stated in the provided documents is the vulnerabili...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2024/11/27 10:31 p.m.79 views

CVE-2018-9352

CVE-2018-9352 affects the ihevcd_allocate_dynamic_bufs function in ihevcd_api.c. The vulnerability is a resource exhaustion due to an integer overflow, potentially enabling remote denial of service with no code execution required. Exploitation requires user interaction. Connected sources (Red Hat...

6.5CVSS8.9AI score0.00299EPSS
CVE
CVE
added 2024/12/04 11:27 p.m.79 views

CVE-2018-9402

CVE-2018-9402: A buffer overwrite in multiple functions of gl_proc.c due to a missing bounds check could lead to kernel privilege escalation. The issue is documented across several sources (NVD/Red Hat CNVD/CNNVD/CIRCL and related Android Pixel bulletin context) with no exploitation details provi...

8.8CVSS7AI score0.00097EPSS
CVE
CVE
added 2019/07/08 5:34 p.m.79 views

CVE-2019-2104

CVE-2019-2104 affects the Android Framework component (HIDL/safe_union and related C++ structs/unions) used when sending data to application processes. The issue exposes uninitialized fields, enabling local information disclosure without user interaction. The vulnerability is scoped to Android 8....

5.5CVSS5.8AI score0.0016EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.79 views

CVE-2019-9416

CVE-2019-9416 concerns an information disclosure in Android’s libstagefright caused by uninitialized data. Affected software: Android 10; vulnerable component: libstagefright. Root cause: uninitialized data leading to remote information disclosure. As per the entry, exploitation requires user int...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2020/03/10 8:2 p.m.79 views

CVE-2020-0063

CVE-2020-0063 affects Android SurfaceFlinger, where the UI confirmation screen protected by the TEE can be overridden, enabling local elevation of privilege. Root cause: manipulation of the UI flow in SurfaceFlinger allows bypassing user interaction. Impact: local privilege escalation with high s...

7.3CVSS7.7AI score0.00168EPSS
CVE
CVE
added 2020/12/18 8:45 a.m.79 views

CVE-2020-35550

The CVE-2020-35550 entry describes a vulnerability affecting Samsung mobile devices running O(8.x), P(9.0), Q(10.0), and R(11.0) software, where attackers can bypass Factory Reset Protection (FRP) via the StatusBar. This entry is linked to Samsung’s internal ID SVE-2020-17888 (December 2020). No ...

9.8CVSS9.4AI score0.00598EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.79 views

CVE-2021-0986

CVE-2021-0986 affects Android 12 via a logic error in DevicePolicyManagerService hasGrantedPolicy, enabling local information disclosure about the device owner/profile owner/device admin without extra privileges or user interaction. Exploitation is local; impact is partial confidentiality loss an...

5.5CVSS5.1AI score0.0011EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.79 views

CVE-2021-39752

CVE-2021-39752 affects Google's Android 12L with the Bubbles component. It describes a permissions bypass that could enable local elevation of privilege without extra execution privileges or user interaction. Affected product/version: Android 12L (Android ID A-202756848). Root cause: a bypass wit...

7.8CVSS7.8AI score0.00107EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.79 views

CVE-2022-20063

CVE-2022-20063 affects atf (spm) with an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges required and user interaction for exploitation. Patch ALPS06171715 / ALPS06171715 is noted. Connected sources confirm this descrip...

6.9CVSS6.6AI score0.00128EPSS
CVE
CVE
added 2022/05/03 7:59 p.m.79 views

CVE-2022-20094

CVE-2022-20094 affects imgsensor with an out-of-bounds write caused by an incorrect bounds check. The vulnerability enables local privilege escalation with System execution privileges required; exploitation does not require user interaction. The issue is mitigated by patch ALPS06479763 (Issue ALP...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/08/11 3:7 p.m.79 views

CVE-2022-20241

CVE-2022-20241 affects Android 13 Messaging, where improper input validation allows attaching a private file to an SMS, enabling local information disclosure without extra privileges. Impact is Information Disclosure (C) with Local attack vector and no user interaction required per NVD metrics (C...

3.3CVSS4.5AI score0.0009EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.79 views

CVE-2022-20505

CVE-2022-20505 affects Android 13. In CallLogProvider.java openFile, a path traversal bug can bypass permissions, enabling local escalation of privilege with User privileges and no user interaction required. The vulnerability is described as a permission bypass due to a path traversal error, with...

6.7CVSS6.7AI score0.00133EPSS
Total number of security vulnerabilities8153