Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/09/08 8:0 p.m.77 views

CVE-2017-0760

CVE-2017-0760 is a remote code execution vulnerability in the Android media framework (libstagefright) affecting Android 6.0–6.0.1 and 7.0–7.1.2. The issue is described as a vulnerability in the Media Framework that could allow code execution, with the Android bulletin noting that the most severe...

9.3CVSS7.9AI score0.01323EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.77 views

CVE-2021-0990

CVE-2021-0990 concerns an information-disclosure flaw in Android 12 via getDeviceId in PhoneSubInfoController.java. The issue allows determining whether an app is installed without query permissions, via a side-channel, leading to local information disclosure without extra execution privileges; u...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.77 views

CVE-2021-1003

The CVE-2021-1003 issue affects Android 12 in AudioService.java (adjustStreamVolume). The root cause is a confused deputy that allows an unprivileged app to change the audio stream volume, enabling local privilege escalation without extra execution privileges, and no user interaction is required ...

7.8CVSS7.7AI score0.00116EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.77 views

CVE-2021-1042

CVE-2021-1042 affects the Android kernel component dsi_panel.c (function dsi_panel_debugfs_read_cmdset). It describes a use-after-free that can disclose freed kernel heap memory, enabling local information disclosure with system privileges (no user interaction required). Connected sources (NVD, R...

4.4CVSS4.2AI score0.00119EPSS
CVE
CVE
added 2021/02/04 5:15 a.m.77 views

CVE-2021-26688

Technical details about CVE-2021-26688 are not publicly available in the provided documents. Monitor for updates from official advisories.

9.8CVSS9.3AI score0.00437EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.77 views

CVE-2021-39642

CVE-2021-39642 affects the Android kernel component, specifically the function synchronous_process_io_entries in lwis_ioctl.c . The issue is a race condition that enables a possible out-of-bounds write, leading to local elevation of privileges with System-level execution rights required. No user ...

6.4CVSS6.5AI score0.00086EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.77 views

CVE-2021-39649

CVE-2021-39649 affects the Android kernel’s regmap.c, specifically regmap_exit, where improper locking can cause a use-after-free. This enables local escalation of privilege with system execution privileges required and no user interaction. Exploitation status is not provided in the sources; reme...

6.7CVSS6.5AI score0.00094EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.77 views

CVE-2021-39776

The Android 12L release notes list CVE-2021-39776 under the System category with Type EoP and High severity, indicating an elevation-of-privilege issue. The notes do not provide explicit technical details, affected subcomponents beyond class, or exploit vectors. Affected product/version is Androi...

7.8CVSS8AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.77 views

CVE-2021-39777

CVE-2021-39777 affects Android 12L Telephony. The issue is a missing permission check that can disclose whether an app is installed, leaking information locally without user interaction and without requiring extra privileges. Documented impact is information disclosure with a LOCAL attack vector ...

5.5CVSS5.5AI score0.00104EPSS
CVE
CVE
added 2022/05/03 7:59 p.m.77 views

CVE-2022-20093

CVE-2022-20093 concerns a vulnerability in telephony on MediaTek chips. The issue is a missing permission check that could allow a local attacker to disable receiving SMS messages, enabling local privilege escalation without extra privileges. Affected products include a broad set of MediaTek MT-s...

7.8CVSS7.6AI score0.00098EPSS
CVE
CVE
added 2022/06/15 9:50 p.m.77 views

CVE-2022-20203

The CVE-2022-20203 entry refers to a memory corruption vulnerability in the nanopb library, arising in multiple locations during decoding of untrusted protobufs. This can lead to local escalation of privilege with no extra privileges or user interaction required. Available connected sources (e.g....

7.8CVSS7.9AI score0.00123EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.77 views

CVE-2022-20552

CVE-2022-20552 affects Android, with the vulnerability in the btif_a2dp_sink_command_ready function of btif_a2dp_sink.cc. The issue is an out-of-bounds read caused by a use-after-free, leading to local information disclosure without extra execution privileges. Exploitation is described as local a...

5.5CVSS5AI score0.00119EPSS
CVE
CVE
added 2022/06/06 5:41 p.m.77 views

CVE-2022-21762

CVE-2022-21762 affects the apusys driver, where an integer overflow can trigger a system crash. The vulnerability enables local denial of service with System execution privileges and does not require user interaction. Affected component is the apusys driver; root cause is integer overflow leading...

4.9CVSS4.6AI score0.00103EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.77 views

CVE-2022-26090

Summary of CVE-2022-26090 : The vulnerability affects SamsungContacts prior to SMR Apr-2022 Release 1, caused by an improper access control error that could allow attackers to access contact information without permission. The issue is documented across multiple sources, with remediation advising...

5.3CVSS3.9AI score0.00102EPSS
CVE
CVE
added 2022/05/03 7:39 p.m.77 views

CVE-2022-28781

The CVE-2022-28781 entry describes an improper input validation in Settings prior to Samsung SMR May 2022 Release 1, enabling attackers to launch arbitrary activities with system privileges. Connected sources confirm this CVE pertains to Samsung Mobile/SMR updates and note the patch adds proper c...

7.7CVSS6.5AI score0.00137EPSS
CVE
CVE
added 2022/05/03 7:40 p.m.77 views

CVE-2022-28783

CVE-2022-28783 concerns Galaxy Themes prior to Samsung SMR May-2022 Release 1, where improper validation allowed uninstalling arbitrary packages without permission. The description in multiple sources confirms the root cause as insufficient validation for removing a package name, enabling unautho...

7.1CVSS6.9AI score0.00097EPSS
CVE
CVE
added 2022/06/07 5:52 p.m.77 views

CVE-2022-30709

CVE-2022-30709 describes an improper input validation logic vulnerability in Samsung SECRIL prior to Jun-2022 Release 1 that can cause a crash. Affected component: SECRIL on Samsung mobile devices. Root cause: fault in input validation logic (no details provided beyond the description). Impact as...

5.3CVSS5.2AI score0.00205EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.77 views

CVE-2022-39908

CVE-2022-39908 affects Samsung decoding library used for video thumbnails on Samsung Mobile devices prior to SMR Dec-2022 Release 1. The root cause is a TOCTOU condition enabling a local attacker to perform an Out-Of-Bounds Write. Affected component: Samsung decoding library for video thumbnails;...

7.4CVSS7.2AI score0.00071EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.77 views

CVE-2022-42515

CVE-2022-42515: In MiscService::DoOemSetRtpPktlossThreshold (miscservice.cpp), a missing bounds check enables an out-of-bounds read. Impact: local information disclosure with system privileges; exploitation requires local access and no user interaction. Affected: Android kernel components (rild_e...

4.4CVSS4.3AI score0.00116EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.77 views

CVE-2023-20811

CVE-2023-20811 involves a boundary-check failure in the MediaTek IOMMU, causing an out-of-bounds write that could enable local privilege escalation with system privileges. Affected component: IOMMU sub-system (MediaTek). Root cause: missing bounds check leading to out-of-bounds write. Impact: loc...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.77 views

CVE-2023-20972

CVE-2023-20972 affects Android 13. The issue is in btm_vendor_specific_evt within btm_devctl.cc, where a missing bounds check enables an out-of-bounds read that could cause local information disclosure. Exploitation is reported as requiring System privileges with LOCAL attack vector and no user i...

5.5CVSS5AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.77 views

CVE-2023-21001

The CVE-2023-21001 issue (Android 13; Pixel devices) is an Elevation of Privilege vulnerability caused by a missing permission check in onContextItemSelected within NetworkProviderSettings.java. It enables local escalation of privilege without additional execution privileges or user interaction, ...

7.8CVSS7.6AI score0.00087EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.77 views

CVE-2023-21042

CVE-2023-21042 corresponds to a memory corruption issue via a use-after-free in lwis_allocator_init (lwis_allocator.c) within the Android kernel’s lwis subsystem. This could enable local privilege escalation to SYSTEM with no user interaction required. The OSV entry PUB-A-239873326 confirms the u...

6.7CVSS6.6AI score0.00097EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.77 views

CVE-2023-21150

CVE-2023-21150 affects the Android kernel, specifically the function handle_set_parameters_ctrl in hal_socket.c. The vulnerability is an out-of-bounds read caused by an incorrect bounds check, leading to potential local information disclosure with System privileges required. No exploitation detai...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.77 views

CVE-2023-21208

CVE-2023-21208 affects Android 13 devices with the vulnerable STA interface implementation (sta_iface.cpp). The issue is an out-of-bounds read caused by improper input validation in setCountryCodeInternal, leading to local information disclosure with system-level execution privileges possible. Ex...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.77 views

CVE-2023-21294

CVE-2023-21294 concerns Android’s Slice component, where a missing permission check enables local information disclosure by exposing installed packages. The exploit requires no user interaction and does not require additional privileges. The connected sources reiterate the same description but do...

5.5CVSS5.8AI score0.00093EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.77 views

CVE-2023-21331

The CVE-2023-21331 issue is in Android’s InputMethod component. It enables local information disclosure by determining whether an app is installed without query permissions, via a side-channel. Impact per the provided data: attacker gains access to sensitive information (C=High) with local access...

5.5CVSS5.6AI score0.00101EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.77 views

CVE-2023-21390

CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2023/09/26 12:0 a.m.77 views

CVE-2023-44216

The CVE-2023-44216 entry concerns PVRIC (PowerVR Image Compression) on Imagination 2018+ GPU devices. The vulnerability stems from software-transparent compression that enables cross-origin pixel-stealing attacks against SVG Filter functions like feTurbulence and feBlend (GPU.zip issue). Affected...

5.3CVSS5.3AI score0.01809EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.77 views

CVE-2023-52342

The CVE-2023-52342 entry concerns the modem-ps-nas-ngmm component, where an undefined behavior due to incorrect error handling could allow remote information disclosure without additional execution privileges. Documents confirm the vulnerability impact is a confidentiality exposure (CVE described...

7.5CVSS6.5AI score0.00338EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.77 views

CVE-2024-23658

This CVE (CVE-2024-23658) affects UNISOC chipsets’ camera driver. The issue is a use-after-free caused by a logic error leading to memory reuse after release, with local denial of service and potential SYSTEM-level execution privileges. Documents describe the vulnerability consistently but do not...

4.4CVSS6.7AI score0.00084EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.77 views

CVE-2024-32922

CVE-2024-32922 involves a logic error in the Pixel GPU power management path, specifically in gpu_pm_power_on_top_nolock within pixel_gpu_power.c, which can lead to a protected memory compromise. The vulnerability could enable local escalation of privilege to the TEE with no additional execution ...

7.4CVSS6.8AI score0.00079EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.77 views

CVE-2024-47015

CVE-2024-47015 affects Google Pixel devices via the function ProtocolMiscHwConfigChangeAdapter::GetData() in protocolmiscadapter.cpp. The vulnerability is caused by a missing bounds check, leading to a possible out-of-bounds read and local information disclosure. Impact is stated as requiring bas...

5.5CVSS6.3AI score0.00076EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.77 views

CVE-2024-47018

CVE-2024-47018 affects Google's Pixel platform; the flaw is in pmucal_rae_handle_seq_int within flexpmu_cal_rae.c. The vulnerability is an out-of-bounds read caused by a buffer overflow, enabling local information disclosure without additional execution privileges and without user interaction. Th...

5.5CVSS6.5AI score0.00077EPSS
CVE
CVE
added 2025/03/10 6:19 p.m.77 views

CVE-2024-56186

Summary (CVE-2024-56186): A vulnerability in the Google Pixel/Android stack where in closeChannel of secureelementimpl.cpp an incorrect bounds check can cause an out-of-bounds read, leading to local information disclosure without extra privileges or user interaction. The CVSSv3.1 base score is 5....

5.1CVSS6.3AI score0.00081EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.77 views

CVE-2025-22404

CVE-2025-22404 is a use-after-free vulnerability in Android's avct_lcb_act.cc (avct_lcb_msg_ind) that could allow local privilege escalation without user interaction or extra privileges. Affected component is within the Bluetooth-related code path; exploitation leads to arbitrary code execution l...

8.4CVSS7.6AI score0.00097EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.76 views

CVE-2015-6677

Technical details about CVE-2015-6677 are not provided in the connected documents. The supplied sources do not reveal affected products, vulnerable components, exploit information, or remediation. Monitor for updates and await published technical specifics.

10CVSS7.8AI score0.0474EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.76 views

CVE-2016-3862

CVE-2016-3862 affects Android mediaserver’s ExifInterface usage in media/ExifInterface.java, where improper interaction with static variables in libjhead_jni can allow remote attackers to craft a media file to trigger memory corruption or remote code execution. Impact is described as memory corru...

9.3CVSS7.8AI score0.01559EPSS
CVE
CVE
added 2024/11/20 5:27 p.m.76 views

CVE-2018-9475

The CVE-2018-9475 issue affects Android’s Bluetooth stack (HeadsetInterface::ClccResponse in btif_hf.cc), causing an out-of-bounds stack write that could enable remote elevation of privilege via Bluetooth when SIP calls are enabled, with no user interaction required. Exploitation details are not ...

8.8CVSS7.2AI score0.00148EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.76 views

CVE-2019-2086

CVE-2019-2086 affects the Android 10 libxaac library, with an out-of-bounds write due to a missing bounds check. This could enable remote code execution and requires user interaction to exploit. The issue is documented across multiple sources (NVD entry and Red Hat advisory) as a Libxaac/Android-...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.76 views

CVE-2019-9247

CVE-2019-9247 affects the Android 10 AAC Codec component, stemming from a missing variable initialization that can lead to remote information disclosure. According to NVD metadata, the CVSS v3.1 base score is 6.5 (Medium) with NETWORK attack vector, LOW complexity, no privileges required, but use...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.76 views

CVE-2019-9421

CVE-2019-9421 affects the Android framework library libandroidfw, with an out-of-bounds read caused by an integer overflow . The issue enables a potential local information disclosure vulnerability and, per the sources, requires some user interaction to exploit. The vulnerability entry lists affe...

5CVSS5.3AI score0.00143EPSS
CVE
CVE
added 2021/06/22 11:11 a.m.76 views

CVE-2021-0550

The CVE-2021-0550 issue affects Android 11, involving the AnnotateActivity.java onLoadFailed path. It enables local elevation of privilege (EoP) by gaining WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy, with no user interaction required. The vulnerability is des...

7.8CVSS7.8AI score0.00117EPSS
CVE
CVE
added 2021/06/22 10:59 a.m.76 views

CVE-2021-0556

CVE-2021-0556: Affected component is getBlockSum in fastcodemb.cpp on Android 11. The issue is a heap buffer overflow leading to an out-of-bounds read that could cause local information disclosure. Exploitation details are not provided in the connected sources; user interaction is not required. N...

5.5CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2021/06/22 11:14 a.m.76 views

CVE-2021-0608

The CVE-2021-0608 entry concerns Android’s AppLaunchActivity.handleAppLaunch, with a local elevation-of-privilege via a confused deputy. Affected component: Pixel Launcher on Pixel devices (and related Android kernel/framework context as per mappings). Root cause: improper handling in AppLaunchAc...

7.8CVSS7.7AI score0.00117EPSS
CVE
CVE
added 2021/10/06 5:9 p.m.76 views

CVE-2021-25479

CVE-2021-25479 affects the Exynos CP Chipset. The issue is a heap-based buffer overflow in the chipset before SMR Oct-2021 Release 1, leading to arbitrary memory writes and potential code execution. The primary documented impact is memory corruption with potential device compromise; exploitation ...

7.2CVSS7.3AI score0.00533EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.76 views

CVE-2021-39683

CVE-2021-39683 targets Android kernel code, specifically in copy_from_mbox within sss_ice_util.c, where a missing bounds check can trigger an out-of-bounds write. This leads to local elevation of privilege with System execution privileges required, and does not require user interaction. The issue...

7.2CVSS6.7AI score0.00121EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.76 views

CVE-2021-39744

CVE-2021-39744 affects Android 12L and is described in Android 12L security release notes. The vulnerability arises in the DevicePolicyManager, enabling a side-channel that can determine whether an app is installed without query permissions, leading to local information disclosure without additio...

5.5CVSS5.4AI score0.00104EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.76 views

CVE-2021-39753

The CVE-2021-39753 issue affects Android 12L, involving DomainVerificationService where a missing permission check allows local information disclosure without extra privileges. This is a framework-level information leak (no user interaction required) with a local attack surface. The Android 12L s...

5.5CVSS5.5AI score0.00098EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.76 views

CVE-2021-39784

The CVE-2021-39784 issue is reported for Android 12L and involves the CellBroadcastReceiver. The root cause is a missing permission check, enabling a path to turn on specific cellular features, which can lead to local elevation of privilege without extra execution privileges and without user inte...

7.8CVSS7.8AI score0.00098EPSS
Total number of security vulnerabilities8153