Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/05/03 7:42 p.m.75 views

CVE-2022-28788

CVE-2022-28788 concerns the aviextractor library. A buffer size check logic defect allowed out-of-bounds reads, potentially causing a temporary denial of service prior to Samsung SMR May-2022 Release 1. The patch introduces buffer size checks to address this. The issue is cited across multiple fe...

5.5CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2022/06/07 5:55 p.m.75 views

CVE-2022-30716

CVE-2022-30716 concerns the Samsung DisplayToast component on Android. The issue is an unprotected broadcast in sendIntentForToastDumpLog within DisplayToast, which could let untrusted apps access toast message information from the device. The vulnerability enables information disclosure with a n...

5.3CVSS5.1AI score0.00209EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.75 views

CVE-2022-39885

CVE-2022-39885 affects Samsung DeviceManagement, BootCompletedReceiver_CMCC component, prior to SMR Nov-2022 Release 1. Root cause: improper access control allowing a local attacker to access device information via the BootCompletedReceiver_CMCC in DeviceManagement. Impact: local disclosure of de...

5.9CVSS4AI score0.00082EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.75 views

CVE-2022-47359

CVE-2022-47359 concerns the Log Service, where a missing permission check is identified as the root cause. The exposure enables local denial of service in the log service. The available connected records consistently describe a privilege check omission as the flaw, but do not provide product/vend...

5.5CVSS5.3AI score0.00087EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.75 views

CVE-2023-20846

CVE-2023-20846 concerns MediaTek chips where the vulnerability resides in the imgsys_cmdq path, caused by missing valid range checking that enables an out-of-bounds read. The documented impact is local information disclosure with system-level execution privileges required, and exploitation report...

4.2CVSS4AI score0.00091EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.75 views

CVE-2023-20850

The CVE concerns the imgsys_cmdq component in MediaTek chips, where an out-of-bounds write can occur due to missing valid range checking. This could permit local escalation of privilege with system execution privileges required, and user interaction is needed for exploitation. Documented impact i...

6.5CVSS6.6AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.75 views

CVE-2023-21005

CVE-2023-21005 affects Android 13, specifically the Transcode Permission Controllers. The root cause is a missing permission check in getAvailabilityStatus, enabling a possible local escalation of privilege with no additional execution privileges and no user interaction required. Public reference...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.75 views

CVE-2023-21007

The CVE-2023-21007 entry affects Android 13 and is caused by a missing bounds check in p2p_iface.cpp, resulting in an out-of-bounds read that can lead to local information disclosure with system privileges. The issue is exploitable locally, with no user interaction required, and is tied to the p2...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.75 views

CVE-2023-21008

Summary : CVE-2023-21008 affects Android 13 with code in p2p_iface.cpp. The root cause is a missing bounds check causing an out-of-bounds read, leading to local information disclosure with system privileges required. Exploitation is described as requiring local access and no user interaction. Imp...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.75 views

CVE-2023-21079

CVE-2023-21079 affects the Android kernel component related to the dhd_rtt.c function, specifically in the routine named rtt_unpack_xtlv_cbfn . The issue is a heap buffer overflow that can cause an out-of-bounds write. The published descriptions consistently warn of local escalation of privilege ...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.75 views

CVE-2023-21199

CVE-2023-21199 affects Android 13; the issue is in btu_ble_proc_ltk_req of btu_hcif.cc where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure with System privileges required. Attack vector is LOCAL with LOW complexity and no user interaction; conf...

4.4CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.75 views

CVE-2023-21307

CVE-2023-21307 affects Android’s Bluetooth component. A paired Bluetooth device can bypass permissions to read the device’s long-term identifier, leading to local information disclosure without additional execution privileges; user interaction is required for exploitation. The issue is categorize...

5CVSS4.9AI score0.00086EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.75 views

CVE-2023-21377

CVE-2023-21377 : Concrete information shows a local information disclosure via a restriction bypass in the Android SELinux Policy. The issue is triggered by a permissions bypass within the policy, allowing disclosure without extra execution privileges and without user interaction. Exploitation st...

5.5CVSS5.8AI score0.00089EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.75 views

CVE-2023-21387

The CVE-2023-21387 entry concerns Google Android’s User Backup Manager. The connected documents describe a token leakage via log information disclosure that can bypass user confirmation for backups, leading to local information disclosure with System execution privileges potentially required. Thi...

4.4CVSS4.8AI score0.00102EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.75 views

CVE-2024-20036

CVE-2024-20036 describes a permission bypass in the vdec component that may allow local information disclosure with System privileges. Affected: vdec (details across Red Hat, NVD/NIST records). Impact per metrics: confidentiality impact High; integrity/availability not affected; attack vector Loc...

4.4CVSS6AI score0.00083EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.75 views

CVE-2024-32917

CVE-2024-32917 affects the pl330_dma_from_peri_start() routine in fp_spi_dma.c, where a missing bounds check enables a possible out-of-bounds write. This can lead to local elevation of privilege with no additional execution privileges required, and does not require user interaction. The issue is ...

7.1CVSS6.9AI score0.00078EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.75 views

CVE-2024-47012

CVE-2024-47012 affects Google Pixel devices via the mm_GetMobileIdIndexForNsUpdate path in mm_GmmPduCodec.c, where an incorrect bounds check can cause an out-of-bounds write. This is described as enabling local escalation of privilege with no extra execution privileges or user interaction require...

7.8CVSS7.2AI score0.0008EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.75 views

CVE-2024-47020

CVE-2024-47020 affects Google Pixel devices running Android prior to the 2024-10-05 patch level, with the vulnerability classified as Information Disclosure in the ABL component (A-331966488). Public descriptors identify an information disclosure bug in ABL on Pixel hardware, but the available do...

7.5CVSS6.2AI score0.0016EPSS
CVE
CVE
added 2011/10/25 7:0 p.m.74 views

CVE-2011-3881

CVE-2011-3881 affects WebKit as used in Google Chrome <15.0.874.102 and Android

4.3CVSS5.4AI score0.01779EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.74 views

CVE-2012-3979

CVE-2012-3979 : The OpenVAS/Nessus entries indicate a vulnerability in Mozilla Firefox for Android where insecure use of __android_log_print can be triggered by a crafted web page using the dump() function, potentially allowing remote code execution. The issue is tied to Firefox for Android speci...

6.8CVSS7.4AI score0.01884EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.74 views

CVE-2016-10276

CVE-2016-10276 (Qualcomm bootloader) targets the Qualcomm bootloader on Android devices, enabling a local malicious app to execute arbitrary code within the kernel context (elevation of privilege). The issue is described as critical due to potential local, permanent device compromise that may req...

9.3CVSS7.2AI score0.00523EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.74 views

CVE-2016-10381

CVE-2016-10381 : The issue affects Qualcomm components in Android CAF releases using the Linux kernel, where the UE can send unprotected MeasurementReports that disclose UE location. Connected documents confirm a Qualcomm information-disclosure vulnerability linked to MeasurementReports, with the...

10CVSS8.8AI score0.00976EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.74 views

CVE-2017-0386

CVE-2017-0386 describes an elevation of privilege in the libnl library that could allow a local malicious application to execute arbitrary code within the context of a privileged process on Android. Affected products/versions include Android 5.0.2–7.1 (as listed). The impact is local code executi...

9.3CVSS7.3AI score0.00989EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.74 views

CVE-2017-0424

CVE-2017-0424 affects AOSP Messaging in Android (versions 6.0–7.1.1). It is an information disclosure vulnerability that could allow a local malicious app to bypass OS protections and access data outside its permitted scope when processing a specially crafted file. The issue is described as a mod...

5.5CVSS5.2AI score0.00802EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.74 views

CVE-2017-0477

CVE-2017-0477 is a remote code execution vulnerability in libgdx used by Android. A specially crafted file could cause arbitrary code execution within the context of an unprivileged process, with impact described as High. The vulnerability entry notes affected product/version as Android 7.1.1 and...

7.8CVSS7.6AI score0.00948EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.74 views

CVE-2017-0548

CVE-2017-0548 describes a remote denial-of-service vulnerability in libskia that could allow an attacker to cause a device hang or reboot by processing a specially crafted file. Affected product: Android, specifically versions 7.0 and 7.1.1. The issue is classified as High severity in the Android...

7.1CVSS5.7AI score0.00795EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.74 views

CVE-2017-0604

CVE-2017-0604 concerns Android devices with the Qualcomm power driver in the kernel. The flaw enables a local malicious application to gain elevation of privilege and execute arbitrary code in the kernel context, implying potential local compromise that could require reflashing to repair. The lin...

9.3CVSS7.2AI score0.0052EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.74 views

CVE-2017-0641

CVE-2017-0641 is a remote denial-of-service vulnerability in the libvpx Mediaserver component used by Android. A specially crafted file can cause a device to hang or reboot. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The description does not provide ...

7.1CVSS5.1AI score0.01677EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.74 views

CVE-2017-0776

CVE-2017-0776 is an information-disclosure vulnerability in Android’s Media Framework affecting Android 7.0, 7.1.1, 7.1.2 and 8.0. Root-cause and exact exploit details are not provided in the connected documents; no mitigation/patch details are specified here. Monitor for official patches in Andr...

5.5CVSS5.8AI score0.00398EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.74 views

CVE-2017-13262

CVE-2017-13262 is an Android Bluetooth vulnerability in the BNEP path (bnep_data_ind in bnep_main.cc) where a missing length decrement causes an out-of-bounds read. This can enable remote information disclosure without user interaction. Affected Android versions include 5.1.1 through 8.1. Public ...

6.5CVSS6.1AI score0.08337EPSS
CVE
CVE
added 2024/11/27 9:24 p.m.74 views

CVE-2017-13320

CVE-2017-13320 affects libmpeg2dec, specifically the impeg2d_bit_stream_flush() function, where a missing bounds check can cause an out-of-bounds read. This leads to a remote denial-of-service possibility with no different privileges required; exploitation requires user interaction. Public source...

6.5CVSS8.2AI score0.00208EPSS
CVE
CVE
added 2019/02/13 10:0 p.m.74 views

CVE-2018-6268

CVE-2018-6268 affects NVIDIA Tegra libnvmmlite_video.so, where a use-after-free can cause DoS or privilege escalation. Connected NVIDIA bulletins tie this to Jetson TX1/TX2 Linux for Tegra (L4T) and list R28.3 as the updated release to address multiple related flaws, including 2018-6268. Affected...

9.3CVSS6.2AI score0.00816EPSS
CVE
CVE
added 2024/11/27 10:37 p.m.74 views

CVE-2018-9354

CVE-2018-9354 is a vulnerability in the Android VideoFrameScheduler component: in VideoFrameScheduler.cpp, PLL::fit can trigger a divide-by-zero error leading to a remote denial of service. Multiple connected records confirm the affected area but do not provide concrete patch/version details or a...

6.5CVSS9.1AI score0.00296EPSS
CVE
CVE
added 2024/12/03 12:8 a.m.74 views

CVE-2018-9449

The CVE-2018-9449 entry concerns Google Pixel/Nexus Android devices. The vulnerability is in the SDP discovery path, specifically the function process_service_search_attr_rsp in sdp_discovery.cc, where a missing bounds check can cause an out-of-bounds read. This leads to local information disclos...

5.5CVSS7.8AI score0.00081EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.74 views

CVE-2019-2065

CVE-2019-2065 affects the Android 10 libxaac library, where a missing bounds check enables an out-of-bounds write. This could permit remote code execution over the network with user interaction required. Connected Red Hat and CNVD entries confirm the same description. No concrete patch/version is...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/07/08 5:37 p.m.74 views

CVE-2019-2111

CVE-2019-2111 affects Android 9. The issue is a heap memory corruption in DnsTlsSocket.cpp caused by a use-after-free, potentially allowing remote code execution in the netd server without user interaction. Publicly stated impact is remote code execution with high severity; exploitation status is...

9.8CVSS9.3AI score0.00842EPSS
CVE
CVE
added 2019/07/08 5:40 p.m.74 views

CVE-2019-2117

The CVE-2019-2117 issue affects Android (7.0–9) and is tied to TelephonyProvider.java. The root cause is a missing permission check in checkQueryPermission, leading to local information disclosure about carrier systems without requiring privileges or user interaction. Impact is information disclo...

5.5CVSS5AI score0.00136EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.74 views

CVE-2019-9297

CVE-2019-9297 affects Android 10, within the Android Media Framework (libAACdec). The issue is a potential out-of-bounds write caused by an integer overflow in a decoder component, which could enable remote code execution. Exploitation requires user interaction, and successful exploitation would ...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.74 views

CVE-2019-9367

CVE-2019-9367 concerns Bluetooth on Android 10 with a missing bounds check causing an out-of-bounds read and potential remote information disclosure. The vulnerability requires no user interaction and can be exploited over the network; exploitation status is not detailed in the provided documents...

7.5CVSS7.2AI score0.00844EPSS
CVE
CVE
added 2020/05/14 8:10 p.m.74 views

CVE-2020-0103

CVE-2020-0103 exploits a memory corruption in a2dp_aac_decoder_cleanup within a2dp_aac_decoder.cc, enabling remote code execution with no privileges or user interaction. Affected software per the initial data includes Android 9 and Android 10. The Android Security Bulletin notes this issue under ...

10CVSS9.2AI score0.01608EPSS
CVE
CVE
added 2021/06/22 11:12 a.m.74 views

CVE-2021-0542

CVE-2021-0542 affects Android 11, with the issue residing in the BeamTransferManager.java workflow where a missing permission check in updateNotification can lead to local information disclosure of paired Bluetooth addresses. Exploitation requires no additional execution privileges but may requir...

5.5CVSS5.1AI score0.00115EPSS
CVE
CVE
added 2021/06/22 11:2 a.m.74 views

CVE-2021-0544

CVE-2021-0544 affects Android 11 and is described across multiple sources as an out-of-bounds write in phNxpNciHal.cc (function: phNxpNciHal_print_res_status) caused by a missing bounds check. The vulnerability can lead to local elevation of privilege with System execution privileges required, an...

6.7CVSS6.7AI score0.00117EPSS
CVE
CVE
added 2021/06/22 11:12 a.m.74 views

CVE-2021-0549

CVE-2021-0549 affects Android 11 (Android-11) Bluetooth stack; the vulnerability is in sspRequestCallback within BondStateMachine.java, where log statements can leak Bluetooth MAC addresses, causing local information disclosure with potentially SYSTEM-level privileges. The issue is confirmed acro...

4.4CVSS4.1AI score0.00117EPSS
CVE
CVE
added 2021/06/22 10:59 a.m.74 views

CVE-2021-0558

CVE-2021-0558 is a vulnerability in the Android 11 Media Framework where fillMainDataBuf in pvmp3_framedecoder.cpp can trigger an out-of-bounds read due to a heap buffer overflow. This could allow remote information disclosure and, per the available data, would require user interaction for exploi...

6.5CVSS6.3AI score0.00716EPSS
CVE
CVE
added 2021/06/22 11:0 a.m.74 views

CVE-2021-0559

CVE-2021-0559 is a reported out-of-bounds read in Lag_max of p_ol_wgh.cpp for Android 11, allowing remote information disclosure with user interaction required. Multiple sources (NVD entry, Red Hat advisory, CNVD, NCSC, and OSV) describe the same issue with the bound-check failure in Lag_max; exp...

6.5CVSS6.1AI score0.00671EPSS
CVE
CVE
added 2021/06/22 10:56 a.m.74 views

CVE-2021-0571

CVE-2021-0571 affects Android 11, specifically the code paths in ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() , where a permissions bypass can allow access to restricted activities. The Red Hat/UK and CVE listings corroborate an Elevation of Privilege (EoP) risk with...

7.8CVSS7.7AI score0.00109EPSS
CVE
CVE
added 2021/06/22 10:58 a.m.74 views

CVE-2021-0572

CVE-2021-0572 affects Android 11 with a vulnerability in AccountManagerService.doNotification where an unsafe PendingIntent allows a local permission bypass and potential local information disclosure. Exploitation requires no user interaction and privileges are potentially low with local access. ...

5.5CVSS5.1AI score0.00109EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.74 views

CVE-2021-0939

CVE-2021-0939 affects the Android kernel, description states: in set_default_passthru_cfg of passthru.c there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with system privileges required; user interaction not needed. The provided ...

4.4CVSS4.3AI score0.00113EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.74 views

CVE-2021-0940

CVE-2021-0940 concerns the Android kernel with a vulnerability described as an out-of-bounds write due to improper locking. The issue could enable local escalation of privilege to System execution privileges without user interaction, affecting Android kernel components. Concrete exploit details, ...

7.2CVSS6.6AI score0.0012EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.74 views

CVE-2021-0973

CVE-2021-0973 affects Android 12 and involves a flaw in isFileUri in UriUtil.java that allows bypassing the ignoring of file:// URIs due to improper case-sensitive handling. The issue can lead to local information disclosure with no additional privileges required, and exploitation requires user i...

5CVSS4.8AI score0.00133EPSS
Total number of security vulnerabilities8153