Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/08/11 3:7 p.m.79 views

CVE-2022-20241

CVE-2022-20241 affects Android 13 Messaging, where improper input validation allows attaching a private file to an SMS, enabling local information disclosure without extra privileges. Impact is Information Disclosure (C) with Local attack vector and no user interaction required per NVD metrics (C...

3.3CVSS4.5AI score0.0009EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.79 views

CVE-2022-20505

CVE-2022-20505 affects Android 13. In CallLogProvider.java openFile, a path traversal bug can bypass permissions, enabling local escalation of privilege with User privileges and no user interaction required. The vulnerability is described as a permission bypass due to a path traversal error, with...

6.7CVSS6.7AI score0.00133EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.79 views

CVE-2022-20541

The CVE-2022-20541 entry concerns Android 13 where the function phNxpNciHal_ioctl in phNxpNciHal.cc may perform an out-of-bounds read due to a missing bounds check. The vulnerability is described as enabling local information disclosure with System execution privileges required, and reporting ind...

4.2CVSS4AI score0.0018EPSS
CVE
CVE
added 2022/06/06 5:37 p.m.79 views

CVE-2022-21752

CVE-2022-21752 concerns a vulnerability in the WLAN driver where a missing bounds check allows an out-of-bounds write, enabling local privilege escalation with System execution privileges required. User interaction is not needed and the issue is described consistently across multiple sources (e.g...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/07/06 1:7 p.m.79 views

CVE-2022-21779

CVE-2022-21779 affects the MediaTek WLAN driver (multiple MediaTek chips). The vulnerability is a missing bounds check that enables a local out-of-bounds write, leading to privilege escalation with SYSTEM execution privileges required; no user interaction is needed. Patch ID: ALPS06704526; Issue ...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/07/06 1:8 p.m.79 views

CVE-2022-21787

CVE-2022-21787 affects MediaTek audio DSP components. The root cause is a missing bounds check that allows an out-of-bounds write, enabling local escalation of privilege with System execution privileges. Exploitation does not require user interaction. A patch is referenced as ALPS06558844 (Issue ...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.79 views

CVE-2022-27826

Technical details about CVE-2022-27826 are not publicly provided in the connected documents; monitor for updates.

8.5CVSS7.5AI score0.00155EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.79 views

CVE-2022-27831

The CVE-2022-27831 entry describes an Improper boundary check in libsflvextractor’s sflvd_rdbuf_bits, before Samsung SMR Apr-2022 Release 1, allowing an attacker to read out-of-bounds memory. Connected sources confirm the component/libsflvextractor and the affected patch level; no exploit code or...

4.4CVSS4.6AI score0.00095EPSS
CVE
CVE
added 2022/06/07 5:59 p.m.79 views

CVE-2022-30729

CVE-2022-30729: Implicit Intent hijacking vulnerability in Samsung Settings prior to SMR Jun-2022 Release 1 enables retrieval of Wi‑Fi SSID and passwords via a malicious QR scanner. Affected component: Samsung Settings; root cause is misuse of implicit intents that can be hijacked by unprivileged...

4.6CVSS4.9AI score0.00098EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.79 views

CVE-2022-42543

CVE-2022-42543 affects Android kernel components (fdt_path_offset_namelen in fdt_ro.c). The weakness is an out-of-bounds read caused by an incorrect bounds check, enabling locally accessible information disclosure with potential system-level impact. Exploitation details are not provided in the su...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.79 views

CVE-2023-20975

CVE-2023-20975 affects Android 13 via a permissions bypass in getAvailabilityStatus of EnableContentCapturePreferenceController.java, enabling a local privilege escalation with no user interaction. Affected vector is not exploitation details in the provided docs, but multiple sources note a DISAL...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.79 views

CVE-2023-20981

CVE-2023-20981 affects Android 13 as described in multiple sources. The vulnerability is located in the Bluetooth stack function btu_ble_rc_param_req_evt in btu_hcif.cc , where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure and requires System-l...

4.4CVSS4.2AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.79 views

CVE-2023-20988

CVE-2023-20988 affects Android-13 Bluetooth stack via function btm_read_rssi_complete in btm_acl.cc, where a missing bounds check allows an out-of-bounds read that could lead to local information disclosure. Exploitation is described as requiring System execution privileges with no user interacti...

4.5CVSS4.2AI score0.00139EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.79 views

CVE-2023-21002

CVE-2023-21002 affects Android 13 in the getAvailabilityStatus logic of Transcode Permission Controllers, where a missing permission check enables local elevation of privilege without user interaction. Impact is described as high (local, with high confidentiality/integrity/availability impact). C...

7.8CVSS7.7AI score0.00109EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.79 views

CVE-2023-21049

CVE-2023-21049 affects the Android kernel, specifically the function append_camera_metadata in camera_metadata.c. The vulnerability is an out-of-bounds read caused by a missing bounds check, leading to potential local information disclosure with system execution privileges required; no user inter...

4.4CVSS4.3AI score0.00114EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.79 views

CVE-2023-21078

CVE-2023-21078 affects the Android kernel, with the flaw located in function dhd_rtt.c: rtt_unpack_xtlv_cbfn . It describes a possible out-of-bounds write caused by a buffer overflow, which could enable a local escalation of privilege with System privileges required. Exploitation is stated as loc...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.79 views

CVE-2023-21158

CVE-2023-21158 is an Android kernel issue in the encode function of miscdata.cpp where a heap buffer overflow can cause an out-of-bounds read. The described impact is local information disclosure with system privileges required (no user interaction needed). Public exploitation details are not pro...

4.4CVSS4.5AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.79 views

CVE-2023-21187

CVE-2023-21187 affects Android 13 and is caused by a logic error in UsbAccessoryUriActivity.java onCreate that can let an attacker escape the Setup Wizard, enabling local privilege escalation with no user interaction required. Public documents consistently describe the impact as local escalation ...

7.8CVSS7.6AI score0.00093EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.79 views

CVE-2023-21191

CVE-2023-21191 affects Android 13 and originates from a logic error in NotificationManagerService.fixNotification, allowing a bypass of the notification hide preference that could lead to local privilege escalation with no extra execution privileges or user interaction required. Documents consist...

7.8CVSS7.7AI score0.00102EPSS
CVE
CVE
added 2023/07/12 11:30 p.m.79 views

CVE-2023-21247

CVE-2023-21247 affects Android’s BluetoothScanningMainSwitchPreferenceController.java, specifically the getAvailabilityStatus method. The issue is a missing permission check that could allow local elevation of privilege, requiring no additional execution privileges and with no user interaction re...

7.8CVSS7.7AI score0.00092EPSS
CVE
CVE
added 2023/10/11 7:23 p.m.79 views

CVE-2023-35655

CVE-2023-35655 affects the darwinn_mlir_converter_aidl.cc CanConvertPadV2Op function, where a heap buffer overflow can cause an out-of-bounds read and local escalation of privilege with System execution privileges required; exploitation is reported as no user interaction required. Public document...

6.7CVSS6.7AI score0.00092EPSS
CVE
CVE
added 2023/07/12 11:56 p.m.79 views

CVE-2023-35693

CVE-2023-35693 affects the IncFS kernel component (fs/incfs/vfs.c). The issue is a use-after-free that can cause memory corruption, enabling local privilege escalation with system execution privileges required. Exploitation details are not provided in the supplied documents. The bulletins referen...

6.7CVSS6.8AI score0.00117EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.79 views

CVE-2024-20046

CVE-2024-20046 concerns MediaTek battery module vulnerability: an integer overflow could enable local privilege escalation with System execution privileges required, without user interaction. Affected component is the battery subsystem (MediaTek chips). Root cause: integer overflow in the battery...

6.6CVSS6.9AI score0.00269EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.79 views

CVE-2024-27231

The provided connected documents confirm a concrete vulnerability: in function tmu_get_tr_stats() of tmu.c there is a missing bounds check causing an out-of-bounds read, enabling local information disclosure with no additional privileges or user interaction required. Affected software/versions ar...

5.9CVSS6AI score0.00089EPSS
CVE
CVE
added 2024/04/05 8:2 p.m.79 views

CVE-2024-29744

CVE-2024-29744: A missing bounds check in the tmu_get_gov_time_windows function allows an out-of-bounds read, causing local information disclosure without extra privileges or user interaction. Exploitation details are not fully provided in the documents; remediation references Android Pixel bulle...

5.5CVSS6AI score0.00088EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.79 views

CVE-2024-32914

CVE-2024-32914 affects the tpu_get_int_state function in tpu.c, enabling local information disclosure due to uninitialized data. The impact is information disclosure without additional execution privileges and without user interaction. Documented in multiple sources (NVD/Red Hat/NVD and Android P...

5.5CVSS6AI score0.00076EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.79 views

CVE-2024-47016

CVE-2024-47016 affects Google Pixel devices in the ACPM component. The vulnerability arises from an insecure default value, enabling local privilege escalation with no additional execution privileges or user interaction required. The impact is described as local escalation to a higher privilege l...

7.8CVSS7.2AI score0.00074EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.79 views

CVE-2024-47033

CVE-2024-47033 describes a potential memory corruption in the lwis allocator by a use-after-free in lwis_allocator_free (lwis_allocator.c). The weakness can lead to local escalation of privilege with no additional execution privileges required and without user interaction. Publicly available deta...

7.8CVSS7.4AI score0.00075EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.79 views

CVE-2024-47034

CVE-2024-47034 is a local information-disclosure flaw caused by an out-of-bounds read due to a missing bounds check. The available connected documents corroborate a local-information-disclosure impact without requiring user interaction. The Pixel Update Bulletin (Android Pixel security bulletin) ...

5.5CVSS6.3AI score0.00072EPSS
CVE
CVE
added 2025/01/03 3:28 a.m.79 views

CVE-2024-53838

CVE-2024-53838 stems from an incorrect bounds check in Exynos_parsing_user_data_registered_itu_t_t35 within VendorVideoAPI.cpp, causing an out-of-bounds write. The flaw enables local privilege escalation with no additional execution privileges required and does not require user interaction. Affec...

7.8CVSS7.2AI score0.0008EPSS
CVE
CVE
added 2020/02/12 7:43 p.m.78 views

CVE-2011-3901

CVE-2011-3901 affects Android's SQLite journal handling. The vulnerability arises because the journal file of SQLite databases in the Android data directory can be read by all applications, due to permissions on the data directory (/data/data//databases) and the journal itself. Impacted versions ...

7.5CVSS7.1AI score0.00675EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.78 views

CVE-2015-5577

Adobe Flash Player and Adobe AIR are affected by CVE-2015-5577. Affected products include Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows/macOS, and before 11.2.202.521 on Linux, as well as Adobe AIR before 19.0.0.190 and related AIR SDK/Compiler versions. The vulnerability a...

10CVSS7.8AI score0.04046EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.78 views

CVE-2015-6678

CVE-2015-6676 affects Adobe Flash Player and AIR components. The vulnerability is a buffer overflow in Flash Player before 18.0.0.241 and in the 19.x line before 19.0.0.185 (Windows/OS X) and before 11.2.202.521 on Linux, plus Adobe AIR before 19.0.0.190 and AIR SDK/Compiler before 19.0.0.190. Th...

10CVSS7.7AI score0.06479EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.78 views

CVE-2016-1943

Consolidated details show CVE-2016-1943 affects Mozilla Firefox on Android, where the address bar can be spoofed via the scrollTo method. OpenSUSE release notes (openSUSE-2016-128/0306-1/0309) document Firefox 44.0 and NSS/NSPR updates as fixes, explicitly listing CVE-2016-1943 as part of address...

4.7CVSS6.3AI score0.00959EPSS
CVE
CVE
added 2016/08/30 5:0 p.m.78 views

CVE-2016-5342

The CVE-2016-5342 entry describes a heap-based buffer overflow in the wcnss_wlan_write function of the Linux kernel 3.x wcnss_wlan driver (drivers/net/wireless/wcnss/wcnss_wlan.c) used in Qualcomm QuIC MSM Android contributions. An attacker could trigger a denial of service or potentially other i...

7.8CVSS7.9AI score0.00511EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.78 views

CVE-2017-0523

CVE-2017-0523 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver that could allow a local malicious app to execute arbitrary code in the kernel. The CVSS3 vector indicates LOCAL access, high complexity, no privileges required, but user interaction is required; root cause is e...

7.6CVSS6.7AI score0.00746EPSS
CVE
CVE
added 2024/11/27 9:28 p.m.78 views

CVE-2017-13321

The CVE-2017-13321 issue affects Android’s SensorService::isDataInjectionEnabled in frameworks/native/services/sensorservice/SensorService.cpp, where a missing bounds check can cause an out-of-bounds read. This leads to local information disclosure with no user interaction and without additional ...

6.2CVSS7.4AI score0.00099EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.78 views

CVE-2018-9465

Summary : CVE-2018-9465 affects the Android kernel, specifically the binder.c task_get_unused_fd_flags path, where a use-after-free can cause memory corruption. This could enable local privilege escalation with no extra privileges required and without user interaction. Multiple connected advisori...

7.8CVSS7.1AI score0.00209EPSS
CVE
CVE
added 2019/06/19 8:1 p.m.78 views

CVE-2018-9563

CVE-2018-9563 affects Android devices via an out-of-bounds read in llcp_util_parse_cc in llcp_util.cc, leading to local information disclosure. The flaw requires user interaction for exploitation and is tracked across Android versions 7.0–9.0. Public documentation indicates the issue is addressed...

7.1CVSS5.9AI score0.00758EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.78 views

CVE-2019-2000

CVE-2019-2000 is a local elevation-of-privilege vulnerability in the Android kernel Binder driver (binder.c) caused by a use-after-free in binder-related paths. Affected: Android kernel Binder driver (binder.c). Impact: memory corruption enabling local privilege escalation without user interactio...

7.8CVSS7.8AI score0.00665EPSS
CVE
CVE
added 2019/07/08 5:36 p.m.78 views

CVE-2019-2109

CVE-2019-2109 affects Android via the Media/AVIExtractor path: In MakeMPEG4VideoCodecSpecificData (AVIExtractor.cpp) there is an out-of-bounds write caused by an incorrect bounds check, enabling remote code execution with no extra privileges and requiring user interaction for exploitation. Affect...

9.3CVSS8.8AI score0.01199EPSS
CVE
CVE
added 2020/02/13 2:22 p.m.78 views

CVE-2020-0030

CVE-2020-0030 describes a race condition in binder_thread_release within binder.c, leading to a use-after-free that can enable local privilege escalation without additional privileges or user interaction. Affected component is the Android/Linux kernel (binder subsystem). The provided connected do...

7CVSS6.9AI score0.00152EPSS
CVE
CVE
added 2020/06/11 2:11 p.m.78 views

CVE-2020-0187

CVE-2020-0187 affects Android 10 where in engineSetMode of BaseBlockCipher.java a comparison error could permit information disclosure without extra privileges. Documents confirm the vulnerability type as information disclosure with local access required, and no user interaction. Public reference...

5.5CVSS5.8AI score0.00152EPSS
CVE
CVE
added 2020/12/24 6:2 p.m.78 views

CVE-2020-35693

The CVE-2020-35693 entry describes a BLE pairing flaw on some Samsung Android devices up to 7.1.1 where an attacker-controlled BLE device can pair silently when Bluetooth is on and a connectable BLE advertisement is present, without user interaction. During pairing, identifying information such a...

8.8CVSS8.3AI score0.00446EPSS
CVE
CVE
added 2021/06/22 11:13 a.m.78 views

CVE-2021-0552

CVE-2021-0552 affects Android on Android-11 via the MediaOutputSlice.java getEndItemSliceAction path. The root cause is an unsafe PendingIntent that enables a permission bypass, leading to potential information disclosure with local attack practicality. The vulnerability is categorized as an info...

5.5CVSS5.1AI score0.00109EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.78 views

CVE-2021-39751

CVE-2021-39751 affects Android 12L due to a missing permission check in Settings that allows reading Bluetooth device names without proper permissions. The vulnerability enables local information disclosure without requiring user interaction or elevated privileges, relying on an attacker with loc...

5.5CVSS5.4AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.78 views

CVE-2021-39759

CVE-2021-39759 is an Android libstagefright vulnerability described in connected sources as a local privilege-escalation due to an integer overflow that enables an out-of-bounds write. Exploitation is possible locally without user interaction, affecting Android 12L. The issue is categorized under...

7.8CVSS7.9AI score0.00107EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.78 views

CVE-2021-39764

CVE-2021-39764 is documented in Android 12L release notes as a Framework Elevation of Privilege (EoP) vulnerability with moderate severity. The entry specifies an improper input validation issue in Settings that can display an incorrect app name, enabling local privilege escalation via app spoofi...

7.8CVSS7.8AI score0.00309EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.78 views

CVE-2021-39782

The CVE-2021-39782 issue affects Android 12L Telephony, enabling a local elevation of privilege via unauthorized modification of the PLMN SIM file due to a missing permission check. Exploitation is described as local with no user interaction; the Android 12L security release notes indicate mitiga...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.78 views

CVE-2022-20553

CVE-2022-20553 affects Android 13 where an overlay tapjacking in onCreate of LogAccessDialogActivity.java can bypass a permission check, enabling local elevation of privilege with system execution privileges. Exploitation requires user interaction and is described as LOCAL with HIGH confidentiali...

6.5CVSS6.6AI score0.00129EPSS
Total number of security vulnerabilities8153