Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2019/09/27 6:5 p.m.72 views

CVE-2019-9239

The CVE-2019-9239 entry concerns Android 10 where NFC processing is subject to an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure without requiring advanced privileges; exploitation requires user interaction. The concrete affected product/edition no...

5CVSS5.3AI score0.00171EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.72 views

CVE-2019-9272

CVE-2019-9272 is an Android 10 information-disclosure issue described as a WiFi state leak via a permissions bypass, enabling local disclosure of WiFi state and potential device location without user interaction. Documents agree the affected product is Android 10, with no explicit vendor/componen...

5.5CVSS5.6AI score0.00133EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.72 views

CVE-2019-9303

CVE-2019-9303 is an Android 10 vulnerability in the libFDK component caused by an integer overflow leading to an out-of-bounds write. The issue could enable remote code execution and is described as requiring user interaction for exploitation (no additional privileges required). The vulnerability...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.72 views

CVE-2019-9349

CVE-2019-9349 is a DoS in Android's libstagefright caused by improper input validation that can exhaust resources and trigger a remote denial of service. Exploitation requires user interaction. The vulnerability affects Android 10 (Android Runtime/libstagefright context) and is documented in mult...

7.1CVSS6.8AI score0.00685EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.72 views

CVE-2019-9396

CVE-2019-9396: In Android 10, a Bluetooth vulnerability can cause a remote denial-of-service due to a missing bounds check in Bluetooth handling. This allows an attacker to terminate the process without privileges or user interaction. Affected product: Android 10. Impact: DoS with availability lo...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2020/01/08 6:33 p.m.72 views

CVE-2020-0007

CVE-2020-0007 affects Android 8.0–10 in the System component; the root cause is information disclosure from uninitialized data in Sensor.cpp:flattenString8, leading to local heap memory disclosure with no user interaction. Public details confirm the issue and affected versions; no remediation ver...

5.5CVSS5.1AI score0.00168EPSS
CVE
CVE
added 2020/05/14 8:12 p.m.72 views

CVE-2020-0100

The CVE-2020-0100 entry concerns an out-of-bounds read in IHDCP.cpp during onTransact, allowing local information disclosure without extra privileges in Android 8.0/8.1. Root cause is incorrect error handling that can expose data from a privileged process; exploitation is local and does not requi...

5.5CVSS5AI score0.00148EPSS
CVE
CVE
added 2021/06/22 10:56 a.m.72 views

CVE-2021-0534

CVE-2021-0534 affects Android 11, stemming from an insecure default in DeviceAdminReceiver.java permission declarations, which can allow local privilege escalation without extra privileges or user interaction. The issue’s root cause is lack of broadcast protection due to insufficient default prot...

7.8CVSS7.7AI score0.00117EPSS
CVE
CVE
added 2021/06/22 11:11 a.m.72 views

CVE-2021-0546

The CVE-2021-0546 issue affects Google Android 11 in the phNxpNciHal_print_res_status path within phNxpNciHal.cc, caused by an out-of-bounds write due to a missing bounds check. This leads to local elevation of privilege with System execution privileges required and does not require user interact...

6.7CVSS6.7AI score0.00117EPSS
CVE
CVE
added 2021/06/22 11:12 a.m.72 views

CVE-2021-0553

CVE-2021-0553 affects Android 11 (AppSwitchPreference.java, onBindViewHolder). The issue is a possible bypass of device admin settings caused by an unclear UI, enabling local privilege escalation with user execution privileges required. Exploitation reportedly requires user interaction. The provi...

7.3CVSS7.3AI score0.00147EPSS
CVE
CVE
added 2021/06/22 10:56 a.m.72 views

CVE-2021-0567

CVE-2021-0567 affects Android 11, where isRestricted in RemoteViews.java can be bypassed to inject font files, enabling local escalation of privilege with no additional privileges or user interaction. The vulnerability is categorized as Elevation of Privilege (EoP). In public advisories, patches ...

7.8CVSS7.7AI score0.00138EPSS
CVE
CVE
added 2021/06/22 10:57 a.m.72 views

CVE-2021-0568

The CVE-2021-0568 entry relates to Android 11 and specifically the DevicePolicyManagerService.java onReceive path. The vulnerability is described as a missing permission check that could enable disabled profiles, resulting in local elevation of privilege with no extra execution privileges require...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-0978

CVE-2021-0978 affects Android 12 and concerns the getSerialForPackage path in DeviceIdentifiersPolicyService.java. The vulnerability arises from a side-channel information disclosure that lets an attacker determine whether an app is installed without using query permissions. This enables local in...

3.3CVSS3.5AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-0987

CVE-2021-0987 : In Android 12, the vulnerability affects the PhoneInterfaceManager.getNeighboringCellInfo function, where an information-disclosure side channel can reveal whether an app is installed without needing query permissions. This enables local information leakage with no extra execution...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-0993

CVE-2021-0993 affects Android 12 and is due to a resource exhaustion condition in TextLine.java’s getOffsetBeforeAfter. The issue can cause remote denial of service with no extra privileges, and exploitation requires user interaction. Public references in the connected records corroborate a DoS i...

6.5CVSS6.4AI score0.00563EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-1015

CVE-2021-1015 affects Android 12 via the getMeidForSlot path in PhoneInterfaceManager.java, enabling side-channel disclosure to determine if an app is installed without query permissions. Outcome is local information disclosure with no extra privileges required and no user interaction. Connected ...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.72 views

CVE-2021-1044

CVE-2021-1044 affects the Android kernel component in the function eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c , where a missing bounds check enables an out-of-bounds write. This can lead to local elevation of privilege with no extra execution privileges or user interaction...

7.8CVSS7.7AI score0.00126EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-39646

CVE-2021-39646 is an information-disclosure issue affecting the Android kernel Bootloader, listed under the Pixel vulnerability bulletin with type ID and moderate severity for that component. Public details in the connected records indicate an information-disclosure impact (confidentiality) with ...

7.5CVSS7.4AI score0.00411EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.72 views

CVE-2021-39651

Technical details are not publicly available in the provided documents for CVE-2021-39651; the connected sources describe a placeholder TBD vulnerability without concrete affected products or fixes. Monitor for updates as information remains unavailable.

7.8CVSS7.6AI score0.0011EPSS
CVE
CVE
added 2022/06/06 5:35 p.m.72 views

CVE-2022-21748

CVE-2022-21748 affects MediaTek telephony on MediaTek chips. The root cause is a missing permission check in the telephony path, enabling local information disclosure. Exploitation would require user interaction, with the attacker already at User execution privileges; no remote access. Patch ALPS...

5.5CVSS5AI score0.00098EPSS
CVE
CVE
added 2022/07/06 1:6 p.m.72 views

CVE-2022-21769

The CVE-2022-21769 issue affects the CCCI component and is caused by a missing bounds check that enables an out-of-bounds read. This could allow local information disclosure with system-privilege execution requirements (no user interaction). Public references in Red Hat and NVD describe the same ...

4.4CVSS4.2AI score0.00114EPSS
CVE
CVE
added 2022/07/06 1:7 p.m.72 views

CVE-2022-21780

CVE-2022-21780 affects the MediaTek WLAN driver. It is an out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with SYSTEM execution privileges required and no user interaction. CVSSv3.1: 6.7 (LOCAL, HIGH impact on Confidentiality/Integrity/Availability; HIGH ...

6.7CVSS6.7AI score0.00106EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.72 views

CVE-2022-26099

CVE-2022-26099 is a null pointer dereference in the parser_infe function of the libsimba library, applicable before the Samsung SMR Apr-2022 Release 1. The vulnerability can cause out-of-bounds reads and is exploitable remotely without authentication, per the CVE description. Connected sources re...

9.1CVSS9AI score0.00503EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.72 views

CVE-2022-27570

CVE-2022-27570 is a heap-based buffer overflow in the parser_single_iref function of the Samsung SMR/libsimba library prior to the April 2022 SMR Release 1 . The vulnerability allows remote code execution with network-based access and no user interaction, due to an overflow in heap memory handlin...

10CVSS9.8AI score0.01306EPSS
CVE
CVE
added 2022/06/07 5:54 p.m.72 views

CVE-2022-30713

CVE-2022-30713 concerns a vulnerability in Samsung/LSOItemData, where improper validation (and lack of proper authentication logic per CNVD) may allow a local attacker to elevate privileges and initiate certain activities on affected Samsung mobile devices. Evidence across sources indicates the i...

9.4CVSS9.1AI score0.00294EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.72 views

CVE-2022-32626

CVE-2022-32626 involves an out-of-bounds write caused by an incorrect bounds check in display logic. The vulnerability is reported in MediaTek chips and could enable local escalation of privilege with SYSTEM-level execution privileges; exploitation requires no user interaction per the sources. Th...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2022/07/11 1:33 p.m.72 views

CVE-2022-33690

The CVE-2022-33690 issue concerns Samsung Contacts Storage on Samsung mobile devices, due to improper input validation that enables path traversal. The vulnerability allows an attacker to access arbitrary files via the Contacts Storage component prior to the SMR July 2022 Release 1. Documented im...

4CVSS4.1AI score0.00117EPSS
CVE
CVE
added 2022/07/11 1:35 p.m.72 views

CVE-2022-33699

CVE-2022-33699 affects Samsung TelephonyUI’s getDsaSimImsi, where IMSI can be disclosed through logs due to insufficient protection in TelephonyUI. The issue is a local disclosure vulnerability, enabling a local attacker to access IMSI data. Affected component is Samsung TelephonyUI prior to SMR ...

2.3CVSS3.7AI score0.00099EPSS
CVE
CVE
added 2022/08/05 3:14 p.m.72 views

CVE-2022-33716

CVE-2022-33716 affects ICCC TA prior to SMR Aug-2022 Release 1. The issue is an absence of variable initialization in ICCC TA, enabling a local attacker to read uninitialized memory. Red‑hat and PT/security databases corroborate: affected versions are ICCC TA before SMR Aug-2022 Release 1. Remedi...

4.4CVSS4.5AI score0.00091EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.72 views

CVE-2022-39879

CVE-2022-39879 concerns an improper authorization vulnerability in Samsung CallBGProvider prior to SMR Nov-2022 Release 1. A local attacker can exploit this to grant permissions for accessing information tied to the device’s phone UID. The issue is documented across multiple sources as affecting ...

5.9CVSS3.8AI score0.00081EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.72 views

CVE-2022-39914

The CVE-2022-39914 entry describes an information-disclosure vulnerability in Samsung DisplayManagerService prior to Android T (13). A local attacker could access information about connected DLNA devices due to exposure of sensitive data by DisplayManagerService. The available sources indicate th...

4CVSS3.9AI score0.00082EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.72 views

CVE-2022-47344

Summary of CVE-2022-47344 : Multiple sources describe a missing permission check in engineermode services , leading to a potential local denial of service . The root cause appears to be a privilege-check bypass within engineermode services, enabling an attacker with local access to trigger DoS co...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.72 views

CVE-2023-20990

CVE-2023-20990 affects Android 13, due to an out-of-bounds read in the function btm_ble_rand_enc_complete of btm_ble.cc caused by a missing bounds check. This can lead to local information disclosure with System execution privileges required; no user interaction is needed. The available connected...

4.4CVSS4.2AI score0.00096EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.72 views

CVE-2023-21028

CVE-2023-21028 affects Android 13 and is tied to ipphelper.c in parse_printerAttributes, where an out-of-bounds read can occur from a string not terminated with a null character. This leads to remote information disclosure without additional execution privileges and does not require user interact...

7.5CVSS7AI score0.00436EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.72 views

CVE-2023-21161

CVE-2023-21161 affects the Android kernel, caused by an out-of-bounds write in the Parse function of simdata.cpp due to a missing bounds check. This can lead to local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. Several con...

6.7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.72 views

CVE-2023-21176

The vulnerability CVE-2023-21176 affects Android 13 via the list_key_entries function in utils.rs, where a path to disable user credentials could exhaust resources, enabling a local DoS with SYSTEM privileges and no user interaction. Exploitation details, affected builds, and official fixes are n...

4.4CVSS4.6AI score0.00093EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.72 views

CVE-2023-21222

CVE-2023-21222 : In the Android kernel, the vulnerability is in the function that parses device tree data (storage.c: load_dt_data). A missing bounds check can trigger an out-of-bounds write, enabling local escalation of privilege with System execution privileges required. User interaction is not...

6.7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.72 views

CVE-2023-21382

This CVE (CVE-2023-21382) concerns Android’s Content Resolver allowing local information disclosure due to a missing permission check. Affected: Android devices (Content Resolver metadata about content providers). Root cause: insufficient permission validation on access to content provider metada...

5.5CVSS5.2AI score0.00082EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.72 views

CVE-2024-20102

CVE-2024-20102 affects the WLAN driver in MediaTek-based components, where improper input validation can cause an out-of-bounds read. Attackers could achieve remote information disclosure, with system execution privileges required and no user interaction needed. A fixed version/patch is identifie...

4.9CVSS6.5AI score0.00297EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.72 views

CVE-2024-44098

Summary: CVE-2024-44098 affects the LWIS component in lwis_event.c (Google Pixel). The issue is a double-free leading to a possible local privilege escalation with no required user interaction. The risk assessment is supported by multiple sources indicating Elevation of Privilege (EoP) concerns, ...

7.4CVSS7.2AI score0.00083EPSS
CVE
CVE
added 2011/04/21 10:0 a.m.71 views

CVE-2011-1149

CVE-2011-1149 : Android versions before 2.3 expose the system property space, allowing local apps to bypass the sandbox and gain privileges via ashmem usage and ASHMEM_SET_PROT_MASK. The issue enables local privilege escalation, illustrated by references to psneuter and KillingInTheNameOf; exploi...

7.2CVSS6.8AI score0.0032EPSS
CVE
CVE
added 2012/01/27 3:0 p.m.71 views

CVE-2011-3874

CVE-2011-3874 describes a use-after-free vulnerability in Android’s libsysutils, triggered via FrameworkListener::dispatchCommand when invoked with an incorrect number of arguments. Affected Android versions are 2.2.x–2.2.2 and 2.3.x–2.3.6. The issue was demonstrated by zergRush and, per sources,...

9.3CVSS8.3AI score0.11533EPSS
CVE
CVE
added 2012/10/07 3:0 p.m.71 views

CVE-2011-3918

The CVE-2011-3918 entry concerns the Android Zygote process: on Android 4.0.3 and earlier, Zygote accepts fork requests from processes with arbitrary UIDs, enabling a crafted app to cause a denial-of-service reboot loop. The issue is described in multiple sources (e.g., NVD/Red Hat entries) and i...

7.8CVSS6.7AI score0.01354EPSS
CVE
CVE
added 2012/12/10 8:0 p.m.71 views

CVE-2012-6301

The CVE-2012-6301 issue affects Android 4.0.3’s Stock/Browser component. A remote attacker can trigger a denial of service (application crash) by presenting a crafted market: URI in the SRC attribute of an IFRAME element. Multiple connected sources corroborate the vulnerability and describe its i...

5CVSS6.6AI score0.06448EPSS
CVE
CVE
added 2020/02/20 3:34 p.m.71 views

CVE-2014-7951

The CVE-2014-7951 entry details a Directory traversal vulnerability in Android's adb (Android 4.0.4) where an attacker with physical access and a direct connection can write to arbitrary system-owned files by crafting tar headers with a .. sequence. Connected documents (including exploit examples...

4.6CVSS4.4AI score0.01074EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.71 views

CVE-2015-3837

CVE-2015-3837 affects Android’s OpenSSLX509Certificate class (org/conscrypt/OpenSSLX509Certificate.java) in builds prior to 5.1.1 LMY48I. The root cause is improper inclusion of certain context data during serialization and deserialization, enabling a malicious local application to trigger code e...

9.3CVSS7.5AI score0.01491EPSS
CVE
CVE
added 2016/05/05 9:0 p.m.71 views

CVE-2016-2059

The CVE-2016-2059 issue affects the Linux kernel IPC router module (msm_ipc_router_bind_control_port) in the IPC router core for kernel 3.x used in Qualcomm QuIC Android MSM devices. The vulnerability arises because the function does not verify that a port is a client port, enabling a local attac...

7CVSS7.4AI score0.00207EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.71 views

CVE-2017-0620

CVE-2017-0620 is a local elevation-of-privilege in the Qualcomm Secure Channel Manager driver on Android, allowing a malicious local app to run code in the kernel. Affected: Android devices with Kernel-3.10/3.18 (per the CVE entry). Impact per sources is High (CVSSv3: 7.0). Affected devices liste...

7.6CVSS6.6AI score0.00632EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.71 views

CVE-2017-0708

CVE-2017-0708 is an information-disclosure issue in the HTC sound driver (Android kernel). The HTC component entry flags it as an Information Disclosure (ID) vulnerability, Moderate severity, within the Android stack. The Android bulletin for 2017-07-05 lists this HTC sound-driver CVE under the H...

5.5CVSS5.5AI score0.00407EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.71 views

CVE-2017-0764

CVE-2017-0764 is a remote code execution in Android’s media framework (libvorbis). Affected Android versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. The root cause is a flaw in media processing by libvorbis that could be exploited via a crafted file. CVSS3/ATT&CK context from th...

9.3CVSS7.9AI score0.01323EPSS
Total number of security vulnerabilities8153