Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/02/12 7:43 p.m.78 views

CVE-2011-3901

CVE-2011-3901 affects Android's SQLite journal handling. The vulnerability arises because the journal file of SQLite databases in the Android data directory can be read by all applications, due to permissions on the data directory (/data/data//databases) and the journal itself. Impacted versions ...

7.5CVSS7.1AI score0.00675EPSS
CVE
CVE
added 2022/06/06 5:37 p.m.78 views

CVE-2022-21752

CVE-2022-21752 concerns a vulnerability in the WLAN driver where a missing bounds check allows an out-of-bounds write, enabling local privilege escalation with System execution privileges required. User interaction is not needed and the issue is described consistently across multiple sources (e.g...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2022/07/06 1:8 p.m.78 views

CVE-2022-21781

The CVE-2022-21781 entry concerns a MediaTek WLAN driver with an out-of-bounds write caused by a missing bounds check. The vulnerability could allow local escalation of privilege to System level with no user interaction required. Impact is described as partial confidentiality/integrity/availabili...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/07/06 1:8 p.m.78 views

CVE-2022-21783

CVE-2022-21783 affects MediaTek WLAN driver and is caused by a missing bounds check that enables an out-of-bounds write. This leads to local privilege escalation with SYSTEM execution privileges required and no user interaction. Public references (including Red Hat/RedHat-affiliated postings and ...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.78 views

CVE-2022-24000

CVE-2022-24000 is confirmed by multiple sources to be a local, Privilege-Granted vulnerability in Android components (DataUsageReminderReceiver and KnoxPrivacyNoticeReceiver) where an attacker can hijack a PendingIntent via an implicit Intent to access media files without permission. The issue is...

3.9CVSS3.9AI score0.00116EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.78 views

CVE-2022-26092

CVE-2022-26092 : Affected component is the Quram Agif library before Samsung SMR Apr-2022 Release 1. Description: improper boundary check leads to arbitrary code execution (buffer overflow). Impact is high (local, requires low privileges, no user interaction). Connected sources indicate a Samsung...

7.8CVSS7.8AI score0.00134EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.78 views

CVE-2022-27576

Samsung DeX Home Information Disclosure (CVE-2022-27576) affects Samsung DeX Home prior to the SMR April-2022 Release 1. Root cause: lack of proper access authentication logic that can reveal information about the currently launched foreground application. Impact: information exposure with access...

4.3CVSS3.8AI score0.00258EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.78 views

CVE-2022-27835

CVE-2022-27835 describes an improper boundary check in Samsung SMR UWB firmware prior to Apr-2022 Release 1, enabling arbitrary memory write. Affected component: UWB firmware used in Samsung SMR patch package; root cause: insufficient boundary validation in the firmware. Impact stated: potential ...

9.3CVSS7.5AI score0.00305EPSS
CVE
CVE
added 2022/06/07 5:55 p.m.78 views

CVE-2022-30715

The CVE-2022-30715 issue affects DofViewer prior to the SMR Jun-2022 Release 1, described as an improper access control vulnerability that allows an attacker to control the floating system alert window. Root cause: insufficient access control in DofViewer. Impact: attacker-controlled floating ale...

5.3CVSS5.2AI score0.00188EPSS
CVE
CVE
added 2022/06/07 6:0 p.m.78 views

CVE-2022-30722

CVE-2022-30722 concerns an implicit intent hijacking vulnerability in Samsung Account prior to the SMR Jun-2022 Release 1. The issue allows bypassing user confirmation by exploiting hijacking of non-privileged applications, impacting Samsung Account on Samsung devices. The available documents cit...

9.8CVSS9.3AI score0.00245EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.78 views

CVE-2022-36850

CVE-2022-36850 is a path traversal vulnerability in Samsung CallBGProvider present before SMR Sep-2022 Release 1. The issue could allow an attacker to overwrite arbitrary files using the device UID, with local attack requirements (low privileges, no user interaction). The CVE is addressed by appl...

4.7CVSS4.8AI score0.00103EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.78 views

CVE-2023-20838

CVE-2023-20838 concerns the imgsys component. Multiple connected sources confirm a race-condition–driven out-of-bounds read that can leak local information and, in some scenarios, enable system-level execution with user interaction required for exploitation. Affected references consistently descr...

4CVSS3.9AI score0.00084EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.78 views

CVE-2023-20908

CVE-2023-20908 affects Android releases 10–13, with a DoS in SettingsState.java that can cause a system crash loop through resource exhaustion. Exploitation is local with no user interaction; available CVSS vectors indicate local, low complexity, low privileges, high availability impact. The prim...

5.5CVSS5.3AI score0.00124EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-20968

CVE-2023-20968 affects Android 13; root cause is a missing bounds check in multiple functions of p2p_iface.cpp, causing a possible out-of-bounds read and local information disclosure with system privileges. Exploitation is described as requiring local access with no user interaction, and confiden...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-20986

CVE-2023-20986 is a vulnerability in Android 13 tied to the function btm_ble_clear_resolving_list_completecomplete in btm_ble_privacy.cc. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure and requiring system privileges for impact. The de...

4.4CVSS4.2AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-20995

CVE-2023-20995 concerns a logic error in the Fingerprint workflow within Android 13. In code path captureImage of CustomizedSensor.cpp, the flaw can bypass fingerprint unlock, enabling local elevation of privilege without additional execution privileges and without user interaction. Affected prod...

7.8CVSS7.7AI score0.00092EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21003

CVE-2023-21003 is described across multiple sources as a local elevation of privilege in Android 13 related to the getAvailabilityStatus path of several Transcode Permission Controllers. The root cause is a missing permission check, allowing a user with LOW privileges to bypass protections with n...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21009

CVE-2023-21009 describes an out-of-bounds read in Android’s p2p_iface.cpp caused by a missing bounds check. Affects Android-13 devices; impact is local information disclosure with system-level privileges required. Exploitation does not require user interaction. The issue is listed in the Pixel se...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21011

CVE-2023-21011 affects Android 13 on Pixel devices, with vulnerable code in p2p_iface.cpp due to a missing bounds check that can cause an out-of-bounds read. This may lead to local information disclosure with system privileges required; exploitation does not require user interaction. Multiple con...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21012

CVE-2023-21012 affects Android 13 (Pixel devices) with an out-of-bounds read in p2p_iface.cpp caused by a missing bounds check, leading to possible local information disclosure and requiring system privileges for exploitation. The vulnerability description states no user interaction is needed. Pu...

4.4CVSS4.3AI score0.00154EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21018

CVE-2023-21018 concerns Google Pixel/Android 13 where the UnwindingWorker in unwinding.cc can trigger an out-of-bounds write due to a use-after-free. This leads to local elevation of privilege with System execution privileges and does not require user interaction. The public descriptions consiste...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21038

CVE-2023-21038 affects the Android kernel driver Cs40l2x (cs40l2x_cp_trigger_queue_show). The vulnerability is a use-after-free that enables an out-of-bounds write, yielding local escalation of privilege with SYSTEM privileges required. Exploitation is local and does not require user interaction....

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21039

CVE-2023-21039 involves an out-of-bounds read in the Android kernel component Dumpstate.cpp (dumpstateBoard). The root cause is an incorrect bounds check, allowing a local information disclosure with SYSTEM privileges required. Exploitation details (vectors, exploits) are not documented in the pr...

4.4CVSS4.3AI score0.00093EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.78 views

CVE-2023-21046

CVE-2023-21046 affects the Android kernel (aidl_utils.cc, ConvertToHalMetadata). The bug is an out-of-bounds read caused by an incorrect bounds check, leading to possible local information disclosure with system privileges required; exploitation is LOCAL with LOW complexity and does not require u...

4.4CVSS4.3AI score0.00097EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.78 views

CVE-2023-21149

CVE-2023-21149 affects the ShannonRcsService.java in Android kernel, where registerGsmaServiceIntentReceiver lacks a required permission check. This enables possible activation/deactivation of the RCS service via local escalation of privilege, without additional execution privileges or user inter...

7.8CVSS7.6AI score0.00088EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.78 views

CVE-2023-21200

CVE-2023-21200 documents an out-of-bounds read in on_remove_iso_data_path() of btm_iso_impl.h on Android 13, caused by improper input validation. This can enable local information disclosure without extra execution privileges or user interaction (per NVD metrics: LOCAL access, LOW privileges, no ...

5.5CVSS5AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.78 views

CVE-2023-21204

CVE-2023-21204 is described in the provided documents as an out-of-bounds read in multiple files affecting the Android wifi server, enabling local information disclosure and requiring System-level privileges for exploitation, with no user interaction needed. The Android Pixel security bulletin li...

4.4CVSS4.3AI score0.00097EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.78 views

CVE-2023-21210

CVE-2023-21210 affects Android 13. The issue is an out-of-bounds read in the function initiateHs20IconQueryInternal within sta_iface.cpp, caused by improper input validation. Reported impact: local information disclosure with system-level execution privileges required; exploitation requires no us...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.78 views

CVE-2024-20033

CVE-2024-20033 concerns a missing bounds check in the nvram module of MediaTek-based components, enabling local information disclosure that requires SYSTEM/privilege level for exploitation. The documented impact is information disclosure with no user interaction; no exploit vectors are provided i...

4.4CVSS6AI score0.00088EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.78 views

CVE-2024-20058

The CVE-2024-20058 issue affects MediaTek devices (keyInstall function) where a missing bounds check enables an out-of-bounds read. This can lead to local information disclosure and potential System-level execution privileges, with no user interaction required. Multiple connected sources (includi...

4.4CVSS5.9AI score0.00106EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.78 views

CVE-2024-44101

CVE-2024-44101 is a DoS vulnerability affecting Google Pixel devices’ Modem, caused by a Null Pointer Dereference from improper input validation. Exploitation requires no user interaction and is modeled as network-accessible with high impact (remote DoS). Public details across sources confirm the...

7.5CVSS7AI score0.00352EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.78 views

CVE-2024-47024

CVE-2024-47024 involves an integer overflow in vring_size within external/headers/include/virtio/virtio_ring.h, causing a possible out-of-bounds write. The impact is local escalation of privilege with no additional execution privileges required and no user interaction needed, as described across ...

7.8CVSS7.3AI score0.00076EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.78 views

CVE-2024-47031

CVE-2024-47031 is an elevation-of-privilege flaw in the ABL component (A-329163861) affecting Google Pixel devices running Android before the 2024-10-05 patch. The issue enables local privilege escalation with no user interaction; CVSSv3.1 indicates LOCAL access and High impact to confidentiality...

7.4CVSS6.9AI score0.00096EPSS
CVE
CVE
added 2025/03/10 6:19 p.m.78 views

CVE-2024-56187

CVE-2024-56187 involves a logic error in Google Pixel’s ppcfw_deny_sec_dram_access (ppcfw.c) that allows an arbitrary read of TEE memory, enabling local information disclosure with System privileges and no user interaction required. Affected: Pixel devices; root cause: logic flaw in memory access...

6.6CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2013/09/25 10:0 a.m.77 views

CVE-2013-5933

The CVE-2013-5933 entry describes a stack-based buffer overflow in the sub_E110 function of init on Android 2.3.7 running on the Motorola Defy XT (Republic Wireless configuration). The vulnerability arises when a long string is written to the /dev/socket/init_runit LocalSocket, in a way inconsist...

6.9CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.77 views

CVE-2015-5581

CVE-2015-5581 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that allows remote arbitrary-code execution. Affected: Flash Player on Windows, OS X (before 18.0.0.241; before 19.0.0.185 for 19.x), Linux (before 11.2.202.521); Adobe AIR before 19.0.0.190; AIR SD...

10CVSS7.5AI score0.0484EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.77 views

CVE-2015-5584

Technical details about CVE-2015-5584 are not publicly provided in the connected documents. The initial description lists affected products/versions but no concrete exploit/vulnerability details. Monitor for updates from advisories.

10CVSS7.5AI score0.0497EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.77 views

CVE-2016-1943

Consolidated details show CVE-2016-1943 affects Mozilla Firefox on Android, where the address bar can be spoofed via the scrollTo method. OpenSUSE release notes (openSUSE-2016-128/0306-1/0309) document Firefox 44.0 and NSS/NSPR updates as fixes, explicitly listing CVE-2016-1943 as part of address...

4.7CVSS6.3AI score0.00959EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.77 views

CVE-2016-2068

The CVE-2016-2068 issue affects the MSM QDSP6 (sound) driver in the Linux kernel 3.x, used in Qualcomm QuIC Android contributions. The vulnerability arises in the driver when handling AUDIO_EFFECTS_WRITE (or AUDIO_EFFECTS_READ) operations, due to integer overflow and potential buffer overflow or ...

7.8CVSS7.6AI score0.00739EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.77 views

CVE-2016-3857

CVE-2016-3857 is an Android/Linux kernel privilege-escalation flaw in the ARM OABI compatibility layer present on Nexus 7 (2013) devices prior to 2016-08-05. The issue arises from two bugs in the ARM OABI area that can let local attackers escalate privileges via a crafted app (internal bug 285225...

9.3CVSS7.2AI score0.00582EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.77 views

CVE-2017-0390

CVE-2017-0390 affects the Mediaserver Tremolo/dpen.s component in Android. A denial-of-service vulnerability could allow a remote attacker to cause a device hang or reboot by processing a specially crafted file. Affected products/versions span Android 4.4.4 through 7.1.1 (Android IDs include A-31...

7.1CVSS5.7AI score0.00675EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.77 views

CVE-2017-0832

CVE-2017-0832 is a remote code execution vulnerability in Android’s media framework (libmpeg2) affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-62887820). Public material in the connected documents confirms the vulnerability class (RCE) and affected components, but t...

9.3CVSS7.7AI score0.01233EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.77 views

CVE-2017-14904

CVE-2017-14904 affects Android’s libgralloc/MediaServer path. A crafted binder request can cause an arbitrary unmap in MediaServer, enabling sandbox escape and, per ThreatPost, could allow code injection into system_server via a malicious URL in Chrome. Exploitation details in sources describe an...

7.8CVSS7.1AI score0.00244EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.77 views

CVE-2020-0047

CVE-2020-0047 affects Android 10; a missing permission check in AudioService.java (setMasterMute) allows local silencing of audio without extra execution privileges or user interaction. The issue is documented as Elevation of Privilege with likely impact limited to audio control. Public reference...

3.3CVSS5AI score0.0013EPSS
CVE
CVE
added 2020/12/15 4:17 p.m.77 views

CVE-2020-27066

CVE-2020-27066 involves a use-after-free in the Linux kernel’s xfrm6_tunnel_free_spi (net/ipv6/xfrm6_tunnel.c) caused by improper locking, enabling local privilege escalation with system execution privileges required and no user interaction. Affected context from connected docs includes Android k...

6.7CVSS6.8AI score0.00157EPSS
CVE
CVE
added 2021/06/22 11:0 a.m.77 views

CVE-2021-0562

The CVE-2021-0562 entry corresponds to an information disclosure flaw in Android 11 related to RasterIntraUpdate in motion_est.cpp. The root cause is an out-of-bounds read caused by an incorrect bounds check, allowing local information disclosure without extra execution privileges. Affected compo...

5.5CVSS5AI score0.00115EPSS
CVE
CVE
added 2021/06/22 11:1 a.m.77 views

CVE-2021-0566

CVE-2021-0566 affects Android 11, specifically in accessAudioHalPidscpp within TimeCheck.cpp. The issue is an out-of-bounds read due to missing bounds checks, leading to potential local information disclosure with system privileges required. No user interaction is needed for exploitation, and exp...

4.4CVSS4.2AI score0.00117EPSS
CVE
CVE
added 2021/06/22 10:58 a.m.77 views

CVE-2021-0569

CVE-2021-0569 affects Android 11 and is caused by a tapjacking/overlay flaw in ContactsDumpActivity.java that can lead to local information disclosure with user interaction required. Impact is information disclosure; exploitation is local and requires user action. Remediation is not explicitly st...

5CVSS4.7AI score0.00114EPSS
CVE
CVE
added 2021/06/22 10:57 a.m.77 views

CVE-2021-0570

The CVE-2021-0570 entry maps to an elevation-of-privilege issue in Android 11’s BugreportProgressService.sendBugreportNotification caused by an unsafe PendingIntent. This can bypass privileges locally without user interaction, as vendor records and the Pixel update bulletin note patches for Andro...

7.8CVSS7.7AI score0.00109EPSS
CVE
CVE
added 2021/06/22 11:13 a.m.77 views

CVE-2021-0607

CVE-2021-0607 affects the Android kernel in the Knowles IAXXX adnc driver. The issue is in iaxxx_calc_i2s_div (iaxxx-codec.c) where a missing bounds check on a hardware port write allows an attacker with local access to supply data that leads to local elevation of privilege. Exploitation requires...

7.8CVSS7.7AI score0.00117EPSS
Total number of security vulnerabilities8153