8153 matches found
CVE-2011-3901
CVE-2011-3901 affects Android's SQLite journal handling. The vulnerability arises because the journal file of SQLite databases in the Android data directory can be read by all applications, due to permissions on the data directory (/data/data//databases) and the journal itself. Impacted versions ...
CVE-2022-21752
CVE-2022-21752 concerns a vulnerability in the WLAN driver where a missing bounds check allows an out-of-bounds write, enabling local privilege escalation with System execution privileges required. User interaction is not needed and the issue is described consistently across multiple sources (e.g...
CVE-2022-21781
The CVE-2022-21781 entry concerns a MediaTek WLAN driver with an out-of-bounds write caused by a missing bounds check. The vulnerability could allow local escalation of privilege to System level with no user interaction required. Impact is described as partial confidentiality/integrity/availabili...
CVE-2022-21783
CVE-2022-21783 affects MediaTek WLAN driver and is caused by a missing bounds check that enables an out-of-bounds write. This leads to local privilege escalation with SYSTEM execution privileges required and no user interaction. Public references (including Red Hat/RedHat-affiliated postings and ...
CVE-2022-24000
CVE-2022-24000 is confirmed by multiple sources to be a local, Privilege-Granted vulnerability in Android components (DataUsageReminderReceiver and KnoxPrivacyNoticeReceiver) where an attacker can hijack a PendingIntent via an implicit Intent to access media files without permission. The issue is...
CVE-2022-26092
CVE-2022-26092 : Affected component is the Quram Agif library before Samsung SMR Apr-2022 Release 1. Description: improper boundary check leads to arbitrary code execution (buffer overflow). Impact is high (local, requires low privileges, no user interaction). Connected sources indicate a Samsung...
CVE-2022-27576
Samsung DeX Home Information Disclosure (CVE-2022-27576) affects Samsung DeX Home prior to the SMR April-2022 Release 1. Root cause: lack of proper access authentication logic that can reveal information about the currently launched foreground application. Impact: information exposure with access...
CVE-2022-27835
CVE-2022-27835 describes an improper boundary check in Samsung SMR UWB firmware prior to Apr-2022 Release 1, enabling arbitrary memory write. Affected component: UWB firmware used in Samsung SMR patch package; root cause: insufficient boundary validation in the firmware. Impact stated: potential ...
CVE-2022-30715
The CVE-2022-30715 issue affects DofViewer prior to the SMR Jun-2022 Release 1, described as an improper access control vulnerability that allows an attacker to control the floating system alert window. Root cause: insufficient access control in DofViewer. Impact: attacker-controlled floating ale...
CVE-2022-30722
CVE-2022-30722 concerns an implicit intent hijacking vulnerability in Samsung Account prior to the SMR Jun-2022 Release 1. The issue allows bypassing user confirmation by exploiting hijacking of non-privileged applications, impacting Samsung Account on Samsung devices. The available documents cit...
CVE-2022-36850
CVE-2022-36850 is a path traversal vulnerability in Samsung CallBGProvider present before SMR Sep-2022 Release 1. The issue could allow an attacker to overwrite arbitrary files using the device UID, with local attack requirements (low privileges, no user interaction). The CVE is addressed by appl...
CVE-2023-20838
CVE-2023-20838 concerns the imgsys component. Multiple connected sources confirm a race-condition–driven out-of-bounds read that can leak local information and, in some scenarios, enable system-level execution with user interaction required for exploitation. Affected references consistently descr...
CVE-2023-20908
CVE-2023-20908 affects Android releases 10–13, with a DoS in SettingsState.java that can cause a system crash loop through resource exhaustion. Exploitation is local with no user interaction; available CVSS vectors indicate local, low complexity, low privileges, high availability impact. The prim...
CVE-2023-20968
CVE-2023-20968 affects Android 13; root cause is a missing bounds check in multiple functions of p2p_iface.cpp, causing a possible out-of-bounds read and local information disclosure with system privileges. Exploitation is described as requiring local access with no user interaction, and confiden...
CVE-2023-20986
CVE-2023-20986 is a vulnerability in Android 13 tied to the function btm_ble_clear_resolving_list_completecomplete in btm_ble_privacy.cc. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure and requiring system privileges for impact. The de...
CVE-2023-20995
CVE-2023-20995 concerns a logic error in the Fingerprint workflow within Android 13. In code path captureImage of CustomizedSensor.cpp, the flaw can bypass fingerprint unlock, enabling local elevation of privilege without additional execution privileges and without user interaction. Affected prod...
CVE-2023-21003
CVE-2023-21003 is described across multiple sources as a local elevation of privilege in Android 13 related to the getAvailabilityStatus path of several Transcode Permission Controllers. The root cause is a missing permission check, allowing a user with LOW privileges to bypass protections with n...
CVE-2023-21009
CVE-2023-21009 describes an out-of-bounds read in Android’s p2p_iface.cpp caused by a missing bounds check. Affects Android-13 devices; impact is local information disclosure with system-level privileges required. Exploitation does not require user interaction. The issue is listed in the Pixel se...
CVE-2023-21011
CVE-2023-21011 affects Android 13 on Pixel devices, with vulnerable code in p2p_iface.cpp due to a missing bounds check that can cause an out-of-bounds read. This may lead to local information disclosure with system privileges required; exploitation does not require user interaction. Multiple con...
CVE-2023-21012
CVE-2023-21012 affects Android 13 (Pixel devices) with an out-of-bounds read in p2p_iface.cpp caused by a missing bounds check, leading to possible local information disclosure and requiring system privileges for exploitation. The vulnerability description states no user interaction is needed. Pu...
CVE-2023-21018
CVE-2023-21018 concerns Google Pixel/Android 13 where the UnwindingWorker in unwinding.cc can trigger an out-of-bounds write due to a use-after-free. This leads to local elevation of privilege with System execution privileges and does not require user interaction. The public descriptions consiste...
CVE-2023-21038
CVE-2023-21038 affects the Android kernel driver Cs40l2x (cs40l2x_cp_trigger_queue_show). The vulnerability is a use-after-free that enables an out-of-bounds write, yielding local escalation of privilege with SYSTEM privileges required. Exploitation is local and does not require user interaction....
CVE-2023-21039
CVE-2023-21039 involves an out-of-bounds read in the Android kernel component Dumpstate.cpp (dumpstateBoard). The root cause is an incorrect bounds check, allowing a local information disclosure with SYSTEM privileges required. Exploitation details (vectors, exploits) are not documented in the pr...
CVE-2023-21046
CVE-2023-21046 affects the Android kernel (aidl_utils.cc, ConvertToHalMetadata). The bug is an out-of-bounds read caused by an incorrect bounds check, leading to possible local information disclosure with system privileges required; exploitation is LOCAL with LOW complexity and does not require u...
CVE-2023-21149
CVE-2023-21149 affects the ShannonRcsService.java in Android kernel, where registerGsmaServiceIntentReceiver lacks a required permission check. This enables possible activation/deactivation of the RCS service via local escalation of privilege, without additional execution privileges or user inter...
CVE-2023-21200
CVE-2023-21200 documents an out-of-bounds read in on_remove_iso_data_path() of btm_iso_impl.h on Android 13, caused by improper input validation. This can enable local information disclosure without extra execution privileges or user interaction (per NVD metrics: LOCAL access, LOW privileges, no ...
CVE-2023-21204
CVE-2023-21204 is described in the provided documents as an out-of-bounds read in multiple files affecting the Android wifi server, enabling local information disclosure and requiring System-level privileges for exploitation, with no user interaction needed. The Android Pixel security bulletin li...
CVE-2023-21210
CVE-2023-21210 affects Android 13. The issue is an out-of-bounds read in the function initiateHs20IconQueryInternal within sta_iface.cpp, caused by improper input validation. Reported impact: local information disclosure with system-level execution privileges required; exploitation requires no us...
CVE-2024-20033
CVE-2024-20033 concerns a missing bounds check in the nvram module of MediaTek-based components, enabling local information disclosure that requires SYSTEM/privilege level for exploitation. The documented impact is information disclosure with no user interaction; no exploit vectors are provided i...
CVE-2024-20058
The CVE-2024-20058 issue affects MediaTek devices (keyInstall function) where a missing bounds check enables an out-of-bounds read. This can lead to local information disclosure and potential System-level execution privileges, with no user interaction required. Multiple connected sources (includi...
CVE-2024-44101
CVE-2024-44101 is a DoS vulnerability affecting Google Pixel devices’ Modem, caused by a Null Pointer Dereference from improper input validation. Exploitation requires no user interaction and is modeled as network-accessible with high impact (remote DoS). Public details across sources confirm the...
CVE-2024-47024
CVE-2024-47024 involves an integer overflow in vring_size within external/headers/include/virtio/virtio_ring.h, causing a possible out-of-bounds write. The impact is local escalation of privilege with no additional execution privileges required and no user interaction needed, as described across ...
CVE-2024-47031
CVE-2024-47031 is an elevation-of-privilege flaw in the ABL component (A-329163861) affecting Google Pixel devices running Android before the 2024-10-05 patch. The issue enables local privilege escalation with no user interaction; CVSSv3.1 indicates LOCAL access and High impact to confidentiality...
CVE-2024-56187
CVE-2024-56187 involves a logic error in Google Pixel’s ppcfw_deny_sec_dram_access (ppcfw.c) that allows an arbitrary read of TEE memory, enabling local information disclosure with System privileges and no user interaction required. Affected: Pixel devices; root cause: logic flaw in memory access...
CVE-2013-5933
The CVE-2013-5933 entry describes a stack-based buffer overflow in the sub_E110 function of init on Android 2.3.7 running on the Motorola Defy XT (Republic Wireless configuration). The vulnerability arises when a long string is written to the /dev/socket/init_runit LocalSocket, in a way inconsist...
CVE-2015-5581
CVE-2015-5581 is a use-after-free vulnerability in Adobe Flash Player (and related AIR components) that allows remote arbitrary-code execution. Affected: Flash Player on Windows, OS X (before 18.0.0.241; before 19.0.0.185 for 19.x), Linux (before 11.2.202.521); Adobe AIR before 19.0.0.190; AIR SD...
CVE-2015-5584
Technical details about CVE-2015-5584 are not publicly provided in the connected documents. The initial description lists affected products/versions but no concrete exploit/vulnerability details. Monitor for updates from advisories.
CVE-2016-1943
Consolidated details show CVE-2016-1943 affects Mozilla Firefox on Android, where the address bar can be spoofed via the scrollTo method. OpenSUSE release notes (openSUSE-2016-128/0306-1/0309) document Firefox 44.0 and NSS/NSPR updates as fixes, explicitly listing CVE-2016-1943 as part of address...
CVE-2016-2068
The CVE-2016-2068 issue affects the MSM QDSP6 (sound) driver in the Linux kernel 3.x, used in Qualcomm QuIC Android contributions. The vulnerability arises in the driver when handling AUDIO_EFFECTS_WRITE (or AUDIO_EFFECTS_READ) operations, due to integer overflow and potential buffer overflow or ...
CVE-2016-3857
CVE-2016-3857 is an Android/Linux kernel privilege-escalation flaw in the ARM OABI compatibility layer present on Nexus 7 (2013) devices prior to 2016-08-05. The issue arises from two bugs in the ARM OABI area that can let local attackers escalate privileges via a crafted app (internal bug 285225...
CVE-2017-0390
CVE-2017-0390 affects the Mediaserver Tremolo/dpen.s component in Android. A denial-of-service vulnerability could allow a remote attacker to cause a device hang or reboot by processing a specially crafted file. Affected products/versions span Android 4.4.4 through 7.1.1 (Android IDs include A-31...
CVE-2017-0832
CVE-2017-0832 is a remote code execution vulnerability in Android’s media framework (libmpeg2) affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-62887820). Public material in the connected documents confirms the vulnerability class (RCE) and affected components, but t...
CVE-2017-14904
CVE-2017-14904 affects Android’s libgralloc/MediaServer path. A crafted binder request can cause an arbitrary unmap in MediaServer, enabling sandbox escape and, per ThreatPost, could allow code injection into system_server via a malicious URL in Chrome. Exploitation details in sources describe an...
CVE-2020-0047
CVE-2020-0047 affects Android 10; a missing permission check in AudioService.java (setMasterMute) allows local silencing of audio without extra execution privileges or user interaction. The issue is documented as Elevation of Privilege with likely impact limited to audio control. Public reference...
CVE-2020-27066
CVE-2020-27066 involves a use-after-free in the Linux kernel’s xfrm6_tunnel_free_spi (net/ipv6/xfrm6_tunnel.c) caused by improper locking, enabling local privilege escalation with system execution privileges required and no user interaction. Affected context from connected docs includes Android k...
CVE-2021-0562
The CVE-2021-0562 entry corresponds to an information disclosure flaw in Android 11 related to RasterIntraUpdate in motion_est.cpp. The root cause is an out-of-bounds read caused by an incorrect bounds check, allowing local information disclosure without extra execution privileges. Affected compo...
CVE-2021-0566
CVE-2021-0566 affects Android 11, specifically in accessAudioHalPidscpp within TimeCheck.cpp. The issue is an out-of-bounds read due to missing bounds checks, leading to potential local information disclosure with system privileges required. No user interaction is needed for exploitation, and exp...
CVE-2021-0569
CVE-2021-0569 affects Android 11 and is caused by a tapjacking/overlay flaw in ContactsDumpActivity.java that can lead to local information disclosure with user interaction required. Impact is information disclosure; exploitation is local and requires user action. Remediation is not explicitly st...
CVE-2021-0570
The CVE-2021-0570 entry maps to an elevation-of-privilege issue in Android 11’s BugreportProgressService.sendBugreportNotification caused by an unsafe PendingIntent. This can bypass privileges locally without user interaction, as vendor records and the Pixel update bulletin note patches for Andro...
CVE-2021-0607
CVE-2021-0607 affects the Android kernel in the Knowles IAXXX adnc driver. The issue is in iaxxx_calc_i2s_div (iaxxx-codec.c) where a missing bounds check on a hardware port write allows an attacker with local access to supply data that leads to local elevation of privilege. Exploitation requires...