Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/02/09 10:5 p.m.76 views

CVE-2022-20038

CVE-2022-20038 affects the ccu driver in MediaTek hardware. The issue is memory corruption caused by an incorrect bounds check, enabling local escalation of privilege with System execution privileges required. Exploitation does not require user interaction. Reported impact is consistent across so...

6.7CVSS6.8AI score0.00119EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.76 views

CVE-2022-20563

CVE-2022-20563 describes an out-of-bounds read caused by memory corruption in ufdt_convert within the Android kernel, enabling local privilege escalation to System. Exploitation is local with no user interaction; no remediation details are provided in the linked documents.

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2022/06/06 5:39 p.m.76 views

CVE-2022-21756

CVE-2022-21756 concerns a MediaTek WLAN driver flaw where an incorrect bounds check permits an out-of-bounds read, potentially causing local information disclosure with higher-privilege execution. Impact is described as requiring System privileges with no user interaction; attack vector is local....

4.4CVSS4.2AI score0.00109EPSS
CVE
CVE
added 2022/07/06 1:8 p.m.76 views

CVE-2022-21782

CVE-2022-21782 affects the MediaTek WLAN driver. The root cause is a missing bounds check leading to an out-of-bounds write, enabling local privilege escalation to SYSTEM with no user interaction required. A patch is available (ALPS06704526; ALPS06704508). Exploitation details are not provided in...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/04/11 7:36 p.m.76 views

CVE-2022-25833

The CVE-2022-25833 entry concerns Samsung SMR prior to Apr-2022 Release 1, where improper authentication in ImsService could allow an attacker to obtain IMSI without the READ_PRIVILEGED_PHONE_STATE permission. The vulnerability involves authentication checks in ImsService, enabling local access t...

3.3CVSS4.2AI score0.00105EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.76 views

CVE-2022-27573

Samsung SMR Apr-2022 Release 1 contains an out-of-bounds write vulnerability in the libsimba library due to improper input validation in parser_infe and sheifd_find_itemIndexin. Exploitation requires privileged access and could be triggered remotely over the network with low attack complexity, pe...

7.2CVSS6.9AI score0.0035EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.76 views

CVE-2022-27821

CVE-2022-27821 concerns the Quram Agif library prior to Samsung SMR Apr-2022 Release 1, where an improper boundary check enables denial of service when processing a crafted image file. Multiple sources (Red Hat, NVD, CNVD, CVE listings) describe the issue consistently as a boundary-checking flaw ...

5.5CVSS5.3AI score0.00267EPSS
CVE
CVE
added 2022/06/07 5:52 p.m.76 views

CVE-2022-30710

CVE-2022-30710 affects Samsung Mobile (Android) RemoteViews. The vulnerability is described as an improper validation in RemoteViews prior to the SMR Jun-2022 Release 1, enabling attackers to launch certain activities. Public sources (NVD, Red Hat, CNVD) align on elevation/privilege aspects, with...

9.4CVSS9.1AI score0.00264EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.76 views

CVE-2022-32590

CVE-2022-32590 describes a use-after-free in the WLAN path that could enable local privilege escalation with SYSTEM privileges, requiring no user interaction. The description and Red Hat/NVD entries consistently reference a patch/Issue ID ALPS07299425. Connected documents confirm the issue is tie...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2022/08/05 3:20 p.m.76 views

CVE-2022-33719

CVE-2022-33719 affects Samsung baseband prior to SMR Aug-2022 Release 1, where improper input validation can cause an integer overflow that leads to a heap overflow. The issue is tied to the baseband component and is mitigated by upgrading to SMR Aug-2022 Release 1 or later. Documentation does no...

9.8CVSS9.4AI score0.00314EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.76 views

CVE-2022-39900

CVE-2022-39900 affects Samsung Nice Catch prior to SMR Dec-2022 Release 1. The issue is an improper access control that could allow a physical attacker to access all toast contents generated in the Secure Folder environment via Nice Catch. Affected component: Nice Catch app (Samsung Mobile). Root...

4.6CVSS4.5AI score0.00127EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.76 views

CVE-2023-20828

The CVE-2023-20828 issue affects the gps component in MediaTek chips (GPS) with an out-of-bounds write caused by a missing bounds check. This can lead to local privilege escalation with SYSTEM rights and does not require user interaction. Affected details are supported by multiple sources (NVD/Re...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.76 views

CVE-2023-20843

CVE-2023-20843 involves an out-of-bounds read in the imgsys_cmdq component caused by missing valid range checking. Impact: local information disclosure with the potential for system-level execution privileges required, and exploitation reportedly needs user interaction. Affected context is MediaT...

4.2CVSS4AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.76 views

CVE-2023-20973

CVE-2023-20973 affects Android 13, specifically the Bluetooth stack: in btm_create_conn_cancel_complete() of btm_sec.cc, a missing bounds check enables an out-of-bounds read. This can lead to local information disclosure with SYSTEM-level privileges needed; exploitation reportedly does not requir...

5.5CVSS5AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.76 views

CVE-2023-21010

The CVE-2023-21010 issue affects the Android p2p_iface.cpp component (Android 13 and earlier), where a missing bounds check can cause an out-of-bounds read. This creates a potential local information disclosure vulnerability that, per the documents, could enable System-level execution privileges ...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.76 views

CVE-2023-21021

The CVE-2023-21021 issue affects Android 13 where WifiServiceImpl.java’s isTargetSdkLessThanQOrPrivileged path allows a guest user to change admin network settings due to a missing permission check. This enables local privilege escalation with no extra privileges or user interaction required. CVS...

7.8CVSS7.6AI score0.00087EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.76 views

CVE-2023-21022

CVE-2023-21022 is a memory corruption vulnerability in the Pixel/Android stack: in BufferBlock of Suballocation.cpp, an out-of-bounds write could lead to local escalation of privilege without user interaction. Affected software is Android 13 on Google Pixel devices (per the Pixel Update Bulletin ...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.76 views

CVE-2023-21043

CVE-2023-21043 affects Android kernel components with memory corruption via a use-after-free, enabling local escalation to System privileges. Exploitation details, affected versions, and patch status are not provided in the connected documents; the description remains TBD. If pursuing remediation...

6.7CVSS6.6AI score0.00097EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.76 views

CVE-2023-21171

CVE-2023-21171 affects Android 13 and is tied to the InputDispatcher.cpp function verifyInputEvent. Descriptions across multiple connected sources state a side-channel information disclosure that could enable click fraud, potentially enabling local escalation to System privileges. Exploitation is...

6.7CVSS6.4AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.76 views

CVE-2023-21185

CVE-2023-21185 affects Android 13 devices, where multiple functions in WifiNetworkFactory.java lack a required permission check. This creates a path for local privilege escalation from a guest user, with no additional execution privileges and no user interaction required to exploit. Public source...

7.8CVSS7.7AI score0.00088EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.76 views

CVE-2023-21195

CVE-2023-21195 concerns Android 13 devices. The issue is in the Bluetooth stack: function btm_ble_periodic_adv_sync_tx_rcvd in btm_ble_gap.cc may perform an out-of-bounds read due to an incorrect bounds check. This could allow local information disclosure over Bluetooth if the device firmware is ...

4.5CVSS4.3AI score0.00138EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.76 views

CVE-2023-21207

CVE-2023-21207 affects Android 13, targeting the function initiateTdlsSetupInternal in sta_iface.cpp. It describes an out-of-bounds read due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction required. Exploitation details or in-the-wild status are n...

6.7CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.76 views

CVE-2023-21214

CVE-2023-21214 describes an out-of-bounds read caused by unsafe deserialization in the Android component p2p_iface.cpp, within addGroupWithConfigInternal. This leads to local information disclosure with potential system-level execution privileges required for exploitation, and does not require us...

4.4CVSS4.2AI score0.00099EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.76 views

CVE-2025-0084

CVE-2025-0084 is a remote code execution risk in the Android Bluetooth stack (HFP enabled) caused by an out-of-bounds write due to a use-after-free condition in multiple locations. The vulnerability could allow an attacker, with adjacent access and no user interaction, to execute code on the devi...

8.8CVSS7.6AI score0.00209EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.76 views

CVE-2025-0086

Technical details such as affected products, versions, root cause, or remediation for CVE-2025-0086 are not publicly provided in the connected documents. Monitor for updates.

6.2CVSS6AI score0.00124EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.76 views

CVE-2025-26417

CVE-2025-26417 affects the Android framework via the function in DownloadProvider.java, where a bypass of user consent in shared storage could occur due to a confusing deputy. This may enable local information disclosure without requiring additional execution privileges, and does not require user...

4CVSS8AI score0.0031EPSS
CVE
CVE
added 2013/09/25 10:0 a.m.75 views

CVE-2013-4777

Summary of CVE-2013-4777 (Android 2.3.7, Motorola Defy XT, Republic Wireless) The advisory describes an exploit path where the device’s init process creates a /dev/socket/init_runit LocalSocket to accept shell commands. The underlying issue is a stack-based buffer overflow in the sub_E110 functio...

6.9CVSS6.7AI score0.00211EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.75 views

CVE-2015-5568

CVE-2015-5568 affects Adobe Flash Player and related AIR components. Public docs confirm this vulnerability is part of the APSB15-23 set and is tied to a vector-length corruption that could enable a denial of service or other impact. Affected software and versions per the sources include: Windows...

10CVSS7.1AI score0.19871EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.75 views

CVE-2017-0475

Technical details about CVE-2017-0475 are not publicly provided in the supplied documents. Monitor for updates from Android security bulletins and vendor advisories.

9.3CVSS7.2AI score0.0086EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.75 views

CVE-2017-10998

CVE-2017-10998 : In Qualcomm’s audio driver used on Android CAF builds, the function audio_aio_ion_lookup_vaddr uses a user-provided buffer length to validate the region. If length is large, the address+length check can overflow, yielding a result well below the valid region. This can lead to out...

7.8CVSS8AI score0.00435EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.75 views

CVE-2017-13260

CVE-2017-13260 is an information disclosure flaw in Android Bluetooth’s BNEP implementation. In bnep_data_ind of bnep_main.cc, a missing bounds check enables a possible out-of-bounds read, allowing remote disclosure without user interaction. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7....

7.5CVSS6.8AI score0.07581EPSS
CVE
CVE
added 2024/11/20 5:30 p.m.75 views

CVE-2018-9478

CVE-2018-9478 involves an out-of-bounds write in the sdp_server.cc file, specifically in process_service_attr_req and process_service_search_attr_req, caused by a missing bounds check. The vulnerability could allow remote code execution with no privileges and without user interaction, as describe...

9.8CVSS7.6AI score0.00368EPSS
CVE
CVE
added 2019/05/08 4:23 p.m.75 views

CVE-2019-2044

CVE-2019-2044 affects the Android Media framework, specifically in MakeMP>G4VideoCodecSpecificData within APacketSource.cpp. The issue is an out-of-bounds write caused by an incorrect bounds check, which could allow a remote attacker to execute code in the context of a privileged process in th...

9.3CVSS8.7AI score0.01153EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.75 views

CVE-2019-2072

CVE-2019-2072 affects Android 10 through the libxaac library. The issue is an out-of-bounds write caused by a missing bounds check in libxaac, enabling remote code execution with the attacker’s interaction required. Impact is described as RCE with high severity under CVSS 3.1 (HIGH, network attac...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/08/20 7:50 p.m.75 views

CVE-2019-2130

CVE-2019-2130 affects Android: the issue is in CompilationJob::FinalizeJob of compiler.cc, caused by type confusion that can enable remote code execution with no user interaction. Exploitation could escalate privileges via a crafted malicious proxy configuration. Affected Android versions include...

10CVSS9.4AI score0.0165EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.75 views

CVE-2019-2169

CVE-2019-2169 affects the Android 10 libxaac library, where an information disclosure can occur due to uninitialized data. The issue could expose partial confidential data with no additional execution privileges required, and exploitation requires user interaction. | Affected component: libxaac i...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.75 views

CVE-2019-9233

CVE-2019-9233 affects wpa_supplicant_8 on Android-10. Root cause: an out-of-bounds read due to an incorrect bounds check, enabling remote information disclosure without privileges and without user interaction. The impact is info disclosure; no exploit details or in-the-wild status are provided in...

7.5CVSS7.2AI score0.00827EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.75 views

CVE-2019-9432

CVE-2019-9432 refers to an out-of-bounds read in Bluetooth on Android 10, caused by improper input validation. The issue can lead to remote information disclosure from the Bluetooth server without requiring user interaction or privileges. Documents confirm the affected platform as Android 10 and ...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2020/09/11 9:6 p.m.75 views

CVE-2020-25279

CVE-2020-25279 describes a buffer overflow in the baseband on Samsung mobile devices (Exynos) running O(8.x), P(9.0), and Q(10.0) via an abnormal SETUP message, enabling arbitrary code execution. Affected component: baseband firmware; root cause: buffer overflow. Impact: high across confidentiali...

9.8CVSS9.7AI score0.00709EPSS
CVE
CVE
added 2021/06/22 11:2 a.m.75 views

CVE-2021-0538

CVE-2021-0538 affects Android 11 via EmergencyCallbackModeExitDialog.java, where a tapjacking/overlay attack can exit emergency callback mode, enabling local elevation of privilege with user interaction required. Documented impact: local EoP with high likelihood of access via exposed UI flow; CVS...

7.3CVSS7.2AI score0.00115EPSS
CVE
CVE
added 2021/06/22 11:13 a.m.75 views

CVE-2021-0551

CVE-2021-0551 affects Android 11 with a DoS via a vulnerability in the MediaControlPanel.java bind. The root cause is improper input validation in the bind path, allowing a malicious media file to lock up the system UI and cause remote denial of service. Exploitation requires user interaction. Pu...

6.5CVSS6.4AI score0.00588EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.75 views

CVE-2021-0988

CVE-2021-0988 affects Android 12 and involves information disclosure via getLaunchedFromUid/getLaunchedFromPackage in ActivityClientController.java. The issue allows a local attacker to determine whether an app is installed without query permissions due to a side-channel information disclosure, l...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.75 views

CVE-2021-0992

CVE-2021-0992 affects Android 12 via PaymentDefaultDialog.java, where a tapjack overlay could allow changing the default payment app without user consent. This is described as a local elevation of privilege requiring user interaction for exploitation, with no additional privileges needed. Connect...

3.3CVSS4.4AI score0.00113EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.75 views

CVE-2021-0998

CVE-2021-0998 affects Android 12 in the media/ih264e path: the function ih264e_find_bskip_params() in ih264e_me.c can trigger an out-of-bounds read due to a heap buffer overflow, enabling local information disclosure without user interaction. Exploitation details and impact are described in multi...

5.5CVSS5.2AI score0.00117EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.75 views

CVE-2021-1002

CVE-2021-1002 affects Android 12 and is detailed in multiple sources as a vulnerability in WT_Interpolate within eas_wtengine.c, caused by a missing bounds check that allows an out-of-bounds read. This can lead to remote information disclosure without extra execution privileges and without user i...

7.5CVSS7AI score0.00755EPSS
CVE
CVE
added 2021/04/09 5:36 p.m.75 views

CVE-2021-25364

CVE-2021-25364 affects Samsung Secure Folder prior to SMR APR-2021 Release 1, where a pendingIntent hijacking issue allows unprivileged apps to access contact information. The vulnerability is linked to Secure Folder’s handling of PendingIntents and exposes contact data locally. Affected software...

4CVSS4AI score0.00125EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.75 views

CVE-2021-39789

CVE-2021-39789 affects Android 12L where a missing permission check could allow a local attacker to leak TTY mode changes, enabling local elevation of privilege with no additional execution privileges and no user interaction required. The NVD entry confirms the vulnerability type as EoP with loca...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.75 views

CVE-2022-20561

CVE-2022-20561 affects the Android kernel in aud_hal_tunnel.c, where a use-after-free can cause memory corruption. The impact is local elevation of privilege with no extra execution privileges required and no user interaction needed. Affected component: Android kernel (aud_hal_tunnel.c). Root cau...

7.8CVSS7.8AI score0.00125EPSS
CVE
CVE
added 2022/06/06 5:39 p.m.75 views

CVE-2022-21757

CVE-2022-21757 affects the WIFI firmware (noted in MediaTek context) with a missing count check that can cause a system crash, enabling remote denial of service without required privileges or user interaction. The entry lists a patch ID ALPS06468894 / issue ALPS06468894 as the remediation. No fur...

7.8CVSS7.3AI score0.00496EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.75 views

CVE-2022-27827

The CVE-2022-27827 entry concerns an improper validation vulnerability in MediaMonitorDimension, prior to Samsung SMR Apr-2022 Release 1. Affected item appears to be the MediaMonitorDimension component (in Samsung context) where input validation fails, enabling attackers to launch certain activit...

8.5CVSS7.5AI score0.00136EPSS
Total number of security vulnerabilities8153