Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/09/18 3:5 p.m.73 views

CVE-2020-0347

CVE-2020-0347 affects Android 11 with an out-of-bounds write in iptables caused by an incorrect bounds check. The vulnerability could allow local escalation to SYSTEM privileges without user interaction. Evidence in the initial document notes the affected product (Android 11) and the privilege le...

6.7CVSS7.2AI score0.00185EPSS
CVE
CVE
added 2021/06/22 11:2 a.m.73 views

CVE-2021-0543

CVE-2021-0543 : A vulnerability in phNxpNciHal_ext.cc (function phNxpNciHal_process_ext_rsp) allows a possible out-of-bounds write due to an integer overflow, enabling local elevation of privilege with System execution privileges. Exploitation does not require user interaction. Affected: Android ...

6.7CVSS6.7AI score0.00117EPSS
CVE
CVE
added 2021/06/22 11:11 a.m.73 views

CVE-2021-0548

CVE-2021-0548 affects Android 11; the vulnerability is in rw_i93_send_to_lower (rw_i93.cc) where a missing bounds check can cause an out-of-bounds write, enabling local elevation of privilege with no user interaction. Affected component: Android kernel/userland path rw_i93_send_to_lower. No explo...

7.8CVSS7.7AI score0.00117EPSS
CVE
CVE
added 2022/08/11 3:6 p.m.73 views

CVE-2021-0734

CVE-2021-0734 describes a side-channel information disclosure in Android Settings that can reveal whether an app is installed without query permissions, enabling local information disclosure on Android 13. The issue affects the Settings component and does not require user interaction, with a loca...

5.5CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-0989

CVE-2021-0989 describes a local information-disclosure in Android 12 via hasManageOngoingCallsPermission in TelecomServiceImpl.java, allowing an app to determine if another app is installed without query permissions. This is caused by a side-channel disclosure and requires no user interaction. Th...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-0999

CVE-2021-0999 affects Android 12 and relates to the broadcast definition in AndroidManifest.xml that can set the A2DP Bluetooth device connection state due to a missing permission check. The underlying issue is a privilege-escalation flaw that does not require user interaction and can be exploite...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-1005

CVE-2021-1005 affects Android 12, involving getDeviceIdWithFeature in PhoneInterfaceManager.java. The issue enables a local information disclosure via a side-channel that can reveal whether an app is installed without query permissions, with no user interaction required. The description and conne...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-1030

CVE-2021-1030 affects Android 12 with a vulnerability in NotificationManagerService.setNotificationsShownFromListener that allows a local attacker to deduce whether an app is installed without query permissions via a side-channel. Impact is local information disclosure with no execution privilege...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/03/04 8:58 p.m.73 views

CVE-2021-25336

CVE-2021-25336 affects Samsung mobile devices via improper access control in NotificationManagerService. The root cause is insufficient access checks that allow untrusted applications to obtain notification access by sending a crafted malicious intent. Documented impact is limited to exploitation...

4.3CVSS4.2AI score0.00241EPSS
CVE
CVE
added 2021/10/06 5:9 p.m.73 views

CVE-2021-25478

Summary: CVE-2021-25478 describes a possible stack-based buffer overflow in the Samsung Exynos CP Chipset prior to SMR Oct-2021 Release 1, which could enable arbitrary memory writes and code execution. The affected component is the Exynos CP Chipset; the root cause is a stack-based overflow vulne...

7.2CVSS7.4AI score0.00533EPSS
CVE
CVE
added 2021/03/02 5:56 a.m.73 views

CVE-2021-27901

Summary (CVE-2021-27901) : Affects LG mobile devices running Android 11. The vulnerability arises from mishandling of fingerprint recognition when Local High Beam Mode (LHBM) does not function properly under bright illumination, as identified by LG under ID LVE-SMP-210001 (March 2021). The issue ...

6.8CVSS6.5AI score0.00121EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-39643

CVE-2021-39643 affects the Android kernel component in ic_startRetrieveEntryValue inside acropora/app/identity/ic.c, where a missing validation of a return value can bypass defense-in-depth and enable local privilege escalation to SYSTEM. Exploitation requires local access; no user interaction is...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-39645

CVE-2021-39645 is listed in the Google Pixel security bulletin as an Elevation of Privilege (EoP) vulnerability affecting the Bootloader. The CVE is categorized under Pixel issues with High severity. The Pixel bulletin notes patches are included in updates at the 2021-12-05 security patch level f...

10CVSS9AI score0.00543EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.73 views

CVE-2021-39655

CVE-2021-39655 is listed in Pixel bulletin as an Elevation of Privilege in the Android kernel (Kernel component) affecting Pixel devices, with a high-severity CVSS in NVD (Critical in 3.1). The connected Pixel bulletin entry confirms the issue is categorized under Kernel with EoP impact, but the ...

9.8CVSS9AI score0.00453EPSS
CVE
CVE
added 2022/08/11 3:8 p.m.73 views

CVE-2022-20246

CVE-2022-20246 affects Android 13 (WindowManager). The issue is an incorrect UID/permission check that allows bypassing background-activity start restrictions, leading to local escalation of privilege without user interaction. Exploitation is local and requires no additional privileges; CVSS indi...

7.8CVSS7.9AI score0.00088EPSS
CVE
CVE
added 2022/08/11 3:12 p.m.73 views

CVE-2022-20261

The CVE-2022-20261 entry concerns the Android LocationManager component. A missing permission check could allow an attacker to obtain location information, causing local information disclosure. Exploitation requires System privileges but not user interaction, with a local attack vector. Affected ...

2.3CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2022/07/06 1:6 p.m.73 views

CVE-2022-21771

CVE-2022-21771 affects the GED driver and is a use-after-free caused by a race condition, enabling local privilege escalation to System with no user interaction required. The vulnerability details indicate the impact is partial to higher in integrity/availability per CVSS, with local exploit prer...

6.7CVSS6.7AI score0.00086EPSS
CVE
CVE
added 2022/07/06 1:8 p.m.73 views

CVE-2022-21786

CVE-2022-21786 describes a memory corruption vulnerability in MediaTek’s audio DSP caused by improper type casting. The issue can lead to local privilege escalation with system execution privileges required, and does not require user interaction. Affected component: audio DSP type conversion logi...

6.7CVSS6.8AI score0.00106EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.73 views

CVE-2022-26093

CVE-2022-26093 is a vulnerability in the libsimba library’s parser_irot function. The issue is a null pointer dereference that enables an out-of-bounds write by a remote attacker in affected builds prior to Samsung SMR Apr-2022 Release 1. Reports in multiple feeds (NVD, Red Hat, CNVD, CVE lists) ...

9.8CVSS9.4AI score0.00503EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.73 views

CVE-2022-27569

CVE-2022-27569 is a heap-based buffer overflow in the parser_infe function of the libsimba library, exploitable remotely to achieve code execution. The condition is with software versions prior to SMR Apr-2022 Release 1 . Affected component: libsimba parser_infe; root cause: heap overflow. Impact...

10CVSS9.8AI score0.01306EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.73 views

CVE-2022-27824

CVE-2022-27824 : The exposed issue is an improper size check in the function sapefd_parse_meta_DESCRIPTION within the libsapeextractor library, before the Samsung SMR Apr-2022 Release 1. This causes an out-of-bounds read when processing a crafted media file. Publicly documented variations describ...

7.1CVSS6.7AI score0.0029EPSS
CVE
CVE
added 2022/08/05 3:21 p.m.73 views

CVE-2022-33730

CVE-2022-33730 describes a heap-based buffer overflow in Samsung Dex for PC prior to SMR Aug-2022 Release 1, allowing arbitrary code execution by physical attackers. Affected: Samsung Dex for PC (pre‑SMR Aug‑2022 Release 1). Root cause: heap-based overflow in Samsung Dex for PC. Impact: potential...

6.8CVSS7AI score0.00165EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.73 views

CVE-2022-38682

CVE-2022-38682 affects the contacts service, where a missing permission check could allow a local denial of service without requiring additional privileges. The Red Hat, NVD, CNNVD, and other connected records corroborate the same description; no explicit exploitation details, affected software v...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.73 views

CVE-2022-39903

CVE-2022-39903 describes an improper access control vulnerability in Samsung RCS calls prior to SMR Dec-2022 Release 1. The issue allows local attackers to access the RCS incoming call number (information disclosure). Affected component: RCS call handling on Samsung mobile devices; root cause: im...

4CVSS4AI score0.00082EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.73 views

CVE-2023-20841

CVE-2023-20841 affects imgsys and is described as an out-of-bounds write caused by missing valid range checking, enabling local escalation of privileges with System execution privileges needed. User interaction is required for exploitation. Reported patch ID: ALPS07326455 (Issue ID: ALPS07326441)...

6.5CVSS6.6AI score0.00094EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.73 views

CVE-2023-21006

CVE-2023-21006 affects Google Pixel/Android 13 where a missing bounds check in the p2p_iface.cpp file allows an out-of-bounds read, leading to local information disclosure with System privileges required. No user interaction is needed. Remediation: apply Android security updates; Pixel bulletin i...

4.4CVSS4.3AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.73 views

CVE-2023-21073

CVE-2023-21073 affects the Android kernel component where the function rtt_unpack_xtlv_cbfn in dhd_rtt.c is vulnerable. The issue is a possible out-of-bounds write caused by a buffer overflow, which could enable local escalation of privilege with System execution privileges required. User interac...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.73 views

CVE-2023-21125

CVE-2023-21125 affects Google Android Bluetooth stack: the function btif_hh_hsdata_rpt_copy_cb in bta_hh.cc suffers a memory corruption due to a use-after-free, enabling local privilege escalation over Bluetooth with no user interaction. The vulnerability is adjacent-network exploitable as per CV...

8CVSS8.9AI score0.00186EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.73 views

CVE-2023-21153

CVE-2023-21153 affects Android kernel via Do_AIMS_SET_CALL_WAITING in imsservice.cpp, causing an out-of-bounds read due to a missing bounds check. This can allow local escalation of privilege to System level without user interaction. The issue impacts Android kernel components and is associated w...

6.7CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.73 views

CVE-2023-21170

CVE-2023-21170 affects Android 13 devices (notably Pixel). Root cause: a missing bounds check in the function executeSetClientTarget inside ComposerCommandEngine.h, causing a possible out-of-bounds read. Impact: local information disclosure with system privileges required; exploitation does not r...

4.4CVSS4.2AI score0.00094EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.73 views

CVE-2023-21174

CVE-2023-21174 is a vulnerability in Android 13 affecting the isPageSearchEnabled function of BillingCycleSettings.java. The issue allows a guest user to bypass permissions and change data limits, resulting in local privilege escalation with no additional execution privileges and with no user int...

7.8CVSS7.6AI score0.00097EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.73 views

CVE-2023-32880

CVE-2023-32880 concerns the battery module with a missing bounds check that can cause local information disclosure (high confidentiality impact) and requires local access and high privileges; no user interaction is needed. A patch is available (Patch ID: ALPS08308070; Issue ID: ALPS08308076). No ...

4.4CVSS4.3AI score0.00087EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.73 views

CVE-2024-20034

CVE-2024-20034 affects MediaTek battery module, with a missing bounds check that could enable local privilege escalation to System level. The vulnerability relies on no user interaction and has a network-style CVSS base with high impact across confidentiality, integrity, and availability, though ...

7.2CVSS6.9AI score0.00302EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.73 views

CVE-2024-20053

CVE-2024-20053 affects the flashc component. The vulnerability is an out-of-bounds write caused by an uncaught exception, enabling local escalation of privileges with System-level execution privileges required. User interaction is not required. A patch is referenced (ALPS08541757; ALPS08541764). ...

8.4CVSS7AI score0.0009EPSS
CVE
CVE
added 2024/06/13 9:2 p.m.73 views

CVE-2024-32923

CVE-2024-32923 concerns Google Pixel devices. The issue is a logic error in the Modem component that can cause a denial of service. It can be triggered remotely with no user interaction and requires no additional privileges (attack vector: LOCAL; impact: Availability. Severity: High per Pixel bul...

4CVSS6.6AI score0.00106EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.73 views

CVE-2024-44100

CVE-2024-44100 relates to information disclosure on Google Pixel devices prior to 2024-10-05, specifically in the modem component (A-299774545). The issue stems from a vulnerability in the Pixel modem that enables leakage of information, with a CVSS v3.1 base score of 7.5 (High). Affected product...

7.5CVSS6.2AI score0.00248EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.73 views

CVE-2024-47013

CVE-2024-47013 is described across multiple sources as a flaw in the PMU firmware path (pmucal_rae_handle_seq_int in flexpmu_cal_rae.c) where uninitialized data allows an arbitrary write, enabling local privilege escalation with no user interaction. Documents consistently note the issue affects P...

7.8CVSS7.3AI score0.00074EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.73 views

CVE-2025-0075

CVE-2025-0075 is a use-after-free in process_service_search_attr_req of sdp_server.cc that can lead to remote code execution with no privileges or user interaction. Affected software is the Android platform (System component in the 2025-03-01/03 bulletin) and related Android sources describe this...

9.8CVSS8AI score0.00396EPSS
CVE
CVE
added 2025/05/05 2:49 a.m.73 views

CVE-2025-20665

CVE-2025-20665 affects MediaTek chipsets’ devinfo component where a missing SELinux policy enables local information disclosure of the device identifier without additional privileges. Multiple sources corroborate the issue and reference patch ALPS09555228 / MSV-2760 from MediaTek’s bulletin. Impa...

5.5CVSS5.9AI score0.00089EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.73 views

CVE-2025-22408

CVE-2025-22408 affects Google Android in the rfc_check_send_cmd function of rfc_utils.cc, caused by a use-after-free; this enables remote code execution with no extra privileges and without user interaction. Public documents confirm the issue as a System-level vulnerability in Android, with CVSS ...

9.8CVSS8AI score0.00374EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.73 views

CVE-2025-22410

CVE-2025-22410 is a use-after-free in Google Android that can lead to arbitrary code execution and local privilege escalation with no user interaction. The issue is classified as RCE, Critical, affecting the Framework/System and is addressed by Android security patches for the 2025-03-01/2025-03-...

8.4CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2013/02/05 3:0 p.m.72 views

CVE-2011-1350

The CVE-2011-1350 entry describes an information-disclosure vulnerability in the PowerVR SGX driver used by Android prior to 2.3.6. The flaw allows an attacker to leak potentially sensitive data from kernel stack memory via a crafted request to the pvrsrvkm device. Affected component: PowerVR SGX...

7.1CVSS5.8AI score0.01109EPSS
CVE
CVE
added 2020/01/24 5:11 p.m.72 views

CVE-2015-1530

The CVE-2015-1530 issue affects Android’s media/libmedia/IAudioPolicyService.cpp prior to Android 5.1. It describes an integer overflow in BnAudioPolicyService::onTransact that can be exploited by a crafted application with an invalid array size to either execute arbitrary code with media_server ...

7.8CVSS7.8AI score0.00389EPSS
CVE
CVE
added 2017/07/14 5:0 p.m.72 views

CVE-2016-10398

CVE-2016-10398 affects Android 6.0 where an authentication bypass exists for attackers with root and physical access. AuthTokens used by the Trusted Execution Environment (TEE) are protected by a weak challenge, enabling replay of captured responses and use of the TEE without authenticating. All ...

7.2CVSS6.3AI score0.0019EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.72 views

CVE-2016-5348

CVE-2016-5348 affects the GPS component in Android, dating from 4.x up to 7.0, where a man-in-the-middle can trigger memory exhaustion and a DoS by sending a large xtra.bin/xtra2.bin from spoofed gpsonextra.net or izatcloud.net hosts. Root cause is malformed/overlarge GPS data files processed by ...

7.1CVSS5.5AI score0.04323EPSS
Web
CVE
CVE
added 2017/09/08 8:0 p.m.72 views

CVE-2017-0756

CVE-2017-0756 is a remote code execution vulnerability in Android’s Media Framework (libstagefright) affecting Android versions 4.4.4 through 7.1.2. The Android bulletin notes this as a critical issue in the Media Framework, with impact described as execution of arbitrary code in a privileged con...

9.3CVSS7.9AI score0.00824EPSS
CVE
CVE
added 2024/11/19 6:45 p.m.72 views

CVE-2018-9339

CVE-2018-9339 affects Android’s framework Parcel.java, specifically in the methods writeTypedArrayList/readTypedArrayList, with a root cause of type confusion that enables local privilege escalation. The vulnerability can be exploited with no user interaction and requires local access. Public doc...

7.8CVSS6.9AI score0.0009EPSS
CVE
CVE
added 2024/12/05 10:22 p.m.72 views

CVE-2018-9388

CVE-2018-9388 affects the Linux touchscreen driver component ftm4_pdc.c (functions store_upgrade and store_cmd). The issue is out-of-bounds writes caused by missing bounds checks or integer underflows, leading to potential elevation of privilege. Documentation across sources (NVD, Red Hat, CVE li...

9.8CVSS6.9AI score0.0016EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.72 views

CVE-2018-9515

CVE-2018-9515 is a kernel vulnerability affecting the Android kernel sdcardfs code (inode.c) where memory corruption can occur due to improper locking, enabling local privilege escalation without user interaction. The issue is categorized as a high-severity Elevation of Privilege (EoP) in the 201...

7.8CVSS7.7AI score0.00712EPSS
CVE
CVE
added 2019/08/20 7:53 p.m.72 views

CVE-2019-2134

CVE-2019-2134 affects Android due to an out-of-bounds write in phFriNfc_ExtnsTransceive (phNxpExtns_MifareStd.cpp) caused by integer overflow. Impact: local privilege escalation with HIGH confidentiality/integrity/availability implications; exploitation requires user interaction and local access....

9.3CVSS7.7AI score0.00519EPSS
Total number of security vulnerabilities8153