Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/01/11 8:28 p.m.259 views

CVE-2021-0342

The CVE-2021-0342 issue affects the Android kernel, where a use-after-free in tun_get_user (tun.c) can cause memory corruption, enabling local privilege escalation with kernel/system privileges; exploitation requires no user interaction. No patch/version details are provided in the connected docu...

6.7CVSS7.4AI score0.00174EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.258 views

CVE-2017-13305

CVE-2017-13305 : A vulnerability described as an information disclosure in the Upstream Linux kernel encrypted-keys, with affected product scope as Android kernels. The Initial CVE text notes Android kernel as the impacted component and Android ID A-70526974, describing a local information disclo...

7.1CVSS5.5AI score0.00318EPSS
CVE
CVE
added 2019/06/19 8:6 p.m.258 views

CVE-2019-2024

CVE-2019-2024 affects the Linux kernel’s em28xx-dvb code (em28xx_unregister_dvb) where a use-after-free can enable local privilege escalation with no user interaction. The connected Nessus entries reference Upstream kernel fixes and Unity/Linux advisories, indicating a patch exists upstream; down...

7.8CVSS6.3AI score0.00221EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.256 views

CVE-2020-0215

CVE-2020-0215 affects Android devices via a leak in ConfirmConnectActivity.java related to a permissions bypass that exposes the Bluetooth MAC address. The vulnerability could enable local elevation of privilege to access pairing information, with user interaction required for exploitation. Affec...

7.8CVSS7.3AI score0.00277EPSS
CVE
CVE
added 2024/07/09 8:9 p.m.256 views

CVE-2023-21114

CVE-2023-21114 affects Android devices with a local elevation of privilege due to a confused deputy in components referenced in the Android WiFi stack and related platform code. Exploitation requires local access and does not need user interaction. Multiple vendors’ advisories (e.g., Android secu...

7.8CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2022/07/13 6:23 p.m.255 views

CVE-2022-20229

CVE-2022-20229 affects Android 10–12 (including 12L). The issue is an out-of-bounds write in bta_hf_client_at.cc (function: bta_hf_client_handle_cind_list_item) caused by a missing bounds check. This can enable remote code execution with Network access and no user interaction. CVSS v3 base score ...

10CVSS9.3AI score0.02077EPSS
CVE
CVE
added 2019/09/06 9:42 p.m.254 views

CVE-2019-9345

CVE-2019-9345 affects the Android kernel (sdcardfs) and describes a local elevation of privilege due to shared mapping of OBB files that can breach profile data separation. The vulnerability is classified as Elevation of Privilege (High) in the Kernel component per Pixel update bulletin, with loc...

7.8CVSS7.6AI score0.00199EPSS
CVE
CVE
added 2019/09/06 9:46 p.m.254 views

CVE-2019-9441

CVE-2019-9441 describes an elevation-of-privilege vulnerability in the Android kernel MNH driver. The issue is an out-of-bounds write caused by improper input validation, which could allow a local attacker to gain System-level execution privileges without user interaction. Public documentation in...

6.7CVSS6.8AI score0.00189EPSS
CVE
CVE
added 2019/09/06 9:47 p.m.254 views

CVE-2019-9446

CVE-2019-9446 affects the Android kernel FingerTipS touchscreen driver. The issue is an out-of-bounds write caused by improper input validation, enabling a local escalation of privilege with System execution privileges required. Exploitation does not require user interaction. The connected docume...

6.7CVSS6.7AI score0.0018EPSS
CVE
CVE
added 2021/02/10 4:47 p.m.254 views

CVE-2021-0340

CVE-2021-0340 affects Android 10, with the issue located in IsoInterface.java (parseNextBox). The root cause is improper input validation that can leak unredacted location information, enabling remote information disclosure without additional execution privileges; exploitation requires user inter...

9.3CVSS7.8AI score0.02063EPSS
CVE
CVE
added 2022/03/16 2:3 p.m.254 views

CVE-2021-39713

Technical details about CVE-2021-39713 are not provided in the provided documents; only high-level references (Android kernel and upstream kernel) are present. Monitor for updates.

7CVSS6.8AI score0.0021EPSS
CVE
CVE
added 2019/09/06 9:42 p.m.252 views

CVE-2019-9436

CVE-2019-9436 affects the LG Bootloader component in Android (per Pixel Update Bulletin). The issue is described as a secure boot bypass enabling local elevation of privilege (EoP) with SYSTEM privileges, with exploitation described as requiring user interaction. The vulnerability is listed as Ty...

6.7CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.251 views

CVE-2017-0540

CVE-2017-0540 describes a remote code execution in the Android Mediaserver’s libhevc component. The underlying issue is a memory corruption vulnerability triggered by specially crafted media files during processing, enabling code execution within the Mediaserver process. Affected Android versions...

9.3CVSS7.7AI score0.02312EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.250 views

CVE-2021-0941

CVE-2021-0941 is a Linux kernel vulnerability reported as an out-of-bounds read in bpf_skb_change_head() within filter.c caused by a use-after-free. It enables local privilege escalation to SYSTEM with no user interaction. Exploitability is LOCAL; impact includes confidentiality, integrity, and a...

7.2CVSS6.7AI score0.00163EPSS
CVE
CVE
added 2022/08/11 2:59 p.m.250 views

CVE-2022-20368

CVE-2022-20368 is confirmed in connected advisories as a slab-out-of-bounds access in packet_recvmsg() within the Linux kernel networking stack. The linked documents (e.g., ALSA-2022 kernel advisories for Linux kernels used in Debian/OpenSUSE/OpenSUSE/Linux distributions) explicitly reference thi...

7.8CVSS7.5AI score0.00126EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.250 views

CVE-2023-20954

CVE-2023-20954 affects Android systems (Android 11, 12, 12L, 13). In SDP_AddAttribute() within sdp_db.cc, an out-of-bounds write is caused by an incorrect bounds check, enabling potential remote code execution with no privileges and no user interaction required. The vulnerability is triggered via...

9.8CVSS9.2AI score0.00489EPSS
CVE
CVE
added 2020/12/14 9:49 p.m.249 views

CVE-2020-0099

CVE-2020-0099 affects Android 8.0–10 and involves the WindowManagerService.addWindow, with an insecure default value enabling a possible window overlay attack (tapjacking) leading to local privilege escalation. Exploitation requires user interaction in the documented reports, and the issue is cat...

9.3CVSS7.7AI score0.00526EPSS
CVE
CVE
added 2020/11/10 12:46 p.m.249 views

CVE-2020-0439

CVE-2020-0439 affects Android 8.0–11 and is caused by an incorrect permission check in PackageManagerService.generatePackageInfo, leading to a local elevation of privilege where instant apps could access permissions not allowed for instant apps without extra execution privileges. The vulnerabilit...

7.8CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2016/08/06 8:0 p.m.248 views

CVE-2016-5696

Technical details about CVE-2016-5696 are not publicly provided in the supplied connected documents; monitor for updates.

5.8CVSS6.3AI score0.15073EPSS
CVE
CVE
added 2019/08/20 7:49 p.m.248 views

CVE-2019-2126

CVE-2019-2126: In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer, which could enable remote code execution with no extra privileges. Reported across libvpx usage in Android packages: Android-7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. User...

9.3CVSS8.6AI score0.05392EPSS
CVE
CVE
added 2020/10/14 1:0 p.m.248 views

CVE-2019-2194

CVE-2019-2194 affects Android 9, specifically SurfaceFlinger::createLayer in SurfaceFlinger.cpp. The issue is an improper cast that can enable arbitrary code execution and local escalation of privileges without user interaction. Affected component is the Android graphics stack (SurfaceFlinger). T...

7.8CVSS7.9AI score0.00149EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.247 views

CVE-2017-13166

CVE-2017-13166 describes an elevation of privilege in the kernel v4l2 video driver, affecting the Android kernel. The underlying issue enables a local attacker with minimal privileges to escalate to higher privileges by exploiting the v4l2 component, as reflected in vulnerabilities tracked across...

7.8CVSS6.5AI score0.00357EPSS
CVE
CVE
added 2019/09/06 9:43 p.m.246 views

CVE-2019-9248

The CVE-2019-9248 entry concerns the Android kernel FingerTipS touchscreen driver, where a missing bounds check enables a local out-of-bounds write that can escalate privileges to System with no user interaction. Affected component: FingerTipS touchscreen driver in the Android kernel. Root cause:...

6.7CVSS6.7AI score0.00179EPSS
CVE
CVE
added 2020/07/17 8:6 p.m.246 views

CVE-2020-0227

CVE-2020-0227 affects Android (Android-8.0 to Android-10) via a flaw in onCommand of CompanionDeviceManagerService.java where a missing permission check allows local elevation of privilege. Exploitation could enable background data usage or launching from the background without extra execution pr...

7.8CVSS7.7AI score0.00268EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.245 views

CVE-2017-13215

CVE-2017-13215 describes an elevation-of-privilege in the Upstream Linux kernel skcipher_recvmsg path. The vulnerability, tied to the skcipherRecvMsg function, enables local privilege escalation when exploited via the Android kernel (Android kernel reference). Exploitation status is not detailed ...

7.8CVSS7.2AI score0.00308EPSS
CVE
CVE
added 2019/09/06 9:50 p.m.245 views

CVE-2019-9452

CVE-2019-9452 affects the Android kernel, specifically the SEC_TS touch driver. The issue is an out-of-bounds read caused by a missing bounds check, leading to local information disclosure with System execution privileges required. Exploitation does not require user interaction. The provided conn...

4.4CVSS4.3AI score0.00178EPSS
CVE
CVE
added 2019/09/06 9:43 p.m.244 views

CVE-2019-9270

Technical details for CVE-2019-9270 are not publicly provided in the supplied Connected documents. The initial description contains only a high‑level summary. Monitor for updates from vendors/security advisories; no additional exploit, affected products, or remediation details are provided here.

7.8CVSS7.7AI score0.00174EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.242 views

CVE-2022-20433

CVE-2022-20433 is reported with a missing authorization check in a system service, leading to Local Elevation of Privilege on affected Android components. Connected sources link this CVE to UNISOC Telephony (A-242221901) and Android SoC contexts, describing the root cause as a missing permission ...

7.8CVSS7.5AI score0.00154EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.240 views

CVE-2017-0720

The CVE-2017-0720 entry concerns Android's media framework libhevc, where a remote code execution vulnerability affects Android versions 5.0.2, 5.1.1, 6.0/6.0.1, and 7.0/7.1.1/7.1.2. The issue is triggered by processing a specially crafted file, with impact described as remote execution of arbitr...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2020/04/17 6:3 p.m.239 views

CVE-2020-0067

In CVE-2020-0067, the Linux kernel’s F2FS implementation (f2fs_xattr_generic_list in xattr.c) is vulnerable to an out-of-bounds read caused by a missing bounds check. This could enable local information disclosure and requires System privileges, with no user interaction needed for exploitation. T...

4.4CVSS5AI score0.00477EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.235 views

CVE-2022-20419

CVE-2022-20419 (Android 12L–13) arises from a logic error in ActivityRecord.java setOptions that can load arbitrary Java code into the launcher process, enabling local escalation of privilege without extra execution privileges. Affected Products/Versions: Android-12L and Android-13 per the publis...

7.8CVSS7.8AI score0.00102EPSS
CVE
CVE
added 2021/02/10 4:50 p.m.234 views

CVE-2021-0341

CVE-2021-0341 affects the OkHostnameVerifier.verifyHostName path in Android (OkHostnameVerifier.java). It describes a possible acceptance of a certificate for the wrong domain due to improper crypto usage, leading to remote information disclosure without extra privileges. Affected Android version...

7.5CVSS6.9AI score0.00877EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.234 views

CVE-2021-39665

CVE-2021-39665 affects Android 12 with a vulnerability in checkSpsUpdated (AAVCAssembler.cpp) that can trigger a heap-based out-of-bounds read, enabling remote information disclosure. Exploitation requires user interaction (per the description); no explicit patch/version is provided in the connec...

6.5CVSS6.3AI score0.00693EPSS
CVE
CVE
added 2023/12/04 10:40 p.m.234 views

CVE-2023-40088

CVE-2023-40088 is a memory corruption via a use-after-free in Android’s Bluetooth stack (callback_thread_event in com_android_bluetooth_btservice_AdapterService.cpp). The issue could allow remote code execution with no privileges and no user interaction, limited to proximal/nearby Bluetooth range...

8.8CVSS8.8AI score0.01717EPSS
CVE
CVE
added 2017/09/14 7:0 p.m.233 views

CVE-2017-0783

CVE-2017-0783 is described in connected documents as the Bluetooth Pineapple vulnerability affecting the Android Bluetooth stack. The flaw allows an attacker to create a malicious network interface on a victim device, reconfigure IP routing, and force all communications to pass through the attack...

6.5CVSS6.7AI score0.00417EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.232 views

CVE-2022-20127

CVE-2022-20127: Out-of-bounds write due to a double free in ce_t4t_data_cback (ce_t4t.cc) can lead to remote code execution with no user interaction on Android 10–12 (including 12L). Affected: Android versions listed in the CVE entry; multiple vendor advisories (Google Android bulletin; Red Hat/C...

10CVSS9.3AI score0.06663EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.231 views

CVE-2020-0198

The CVE-2020-0198 entry concerns the libexif library used on Android-10. The issue is in exif_data_load_data_content of exif-data.c, where an integer overflow can trigger a UBSAN abort, potentially enabling remote denial of service with no additional execution privileges. Exploitation requires us...

7.5CVSS7.6AI score0.04262EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.230 views

CVE-2022-20132

CVE-2022-20132 : The Android/Linux kernel contains an out-of-bounds read in the HID path (lg_probe and related hid-lg.c functions) due to improper input validation. This could allow local information disclosure when a malicious USB HID device is plugged in, with no privileges required and no user...

4.9CVSS5.3AI score0.00198EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.229 views

CVE-2017-0811

CVE-2017-0811 is a remote code execution vulnerability in the Android media framework (libhevc). Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The vulnerability originates in the media framework and could allow an attacker with local access to ru...

9.3CVSS7.7AI score0.01624EPSS
CVE
CVE
added 2019/09/06 9:50 p.m.228 views

CVE-2019-9444

CVE-2019-9444 affects the Android kernel’s sync debugfs driver, where a kernel pointer leak occurs due to using printf with %p. This leads to potential local information disclosure with system privileges required for exploitation. The vulnerability can be triggered locally, and user interaction i...

4.4CVSS4.6AI score0.00197EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.227 views

CVE-2019-9433

CVE-2019-9433 is a libvpx vulnerability identified in multiple advisories. The issue is described as an information disclosure caused by improper input validation in libvpx, enabling remote information disclosure without extra execution privileges (user interaction required per the CVE entry). Th...

6.5CVSS6.7AI score0.03054EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.227 views

CVE-2021-39686

The CVE-2021-39686 entry concerns a race condition in the Android binder driver (binder.c) that can cause incorrect domain checks in SELinux, enabling local privilege escalation without extra privileges. This is tied to the Android kernel; exploitation is stated as local with no user interaction....

7CVSS7.3AI score0.00145EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.227 views

CVE-2021-39692

CVE-2021-39692 describes a local elevation of privilege in Android (10–12) via SetupLayoutActivity.java (tapjacking/overlay) that could bypass user consent to set up a work profile. Exploitation requires user interaction; CVSS indicates high impact (EoP) with local attack vector. Public reference...

9.3CVSS7.6AI score0.00698EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.227 views

CVE-2022-20421

CVE-2022-20421 : In the Android kernel, the memory corruption arises from a use-after-free in binder_inc_ref_for_node() inside binder.c, enabling a possible local escalation of privilege with no extra execution privileges and without user interaction. The affected software is the Android kernel; ...

7.8CVSS7.4AI score0.00645EPSS
CVE
CVE
added 2024/11/19 6:0 p.m.227 views

CVE-2023-21270

CVE-2023-21270 affects Android’s PermissionManagerServiceImpl.java, specifically in restorePermissionState, where a flaw can allow an app to retain permissions that should be revoked due to incorrect permission flag clearance during an update. This can lead to local elevation of privilege with Us...

7.8CVSS6.8AI score0.00082EPSS
CVE
CVE
added 2022/06/15 12:0 a.m.226 views

CVE-2022-20186

CVE-2022-20186 affects the Mali kernel driver (mali_kbase_mem_linux.c) in Android, where improper input validation in kbase_mem_alias enables arbitrary kernel code execution and local privilege escalation with no user interaction. Public details come from NVD and the Pixel bulletin; exploitation ...

7.8CVSS8AI score0.00507EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.223 views

CVE-2022-20465

CVE-2022-20465 affects Android 10–13 where a logic error in KeyguardHostViewController.java (and related files) can cause a lockscreen bypass via the dismiss() flow, enabling local privilege escalation without user interaction. Connected sources confirm the vulnerable component and impact; mitiga...

4.6CVSS5AI score0.00834EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.223 views

CVE-2024-49747

CVE-2024-49747 affects Android via the Bluetooth stack: in function gatts_process_read_by_type_req within gatt_sr.cc, a logic error can cause an out-of-bounds write. This could enable remote code execution with no additional privileges and without user interaction. The available documents consist...

9.8CVSS7.5AI score0.00459EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.222 views

CVE-2021-39701

CVE-2021-39701 affects Google Android System components, with the issue described as a flaw in serviceConnection of ControlsProviderLifecycleManager.kt that could allow a foreground service to run without a notification or required permission due to improper input validation. This could enable lo...

9.3CVSS7.6AI score0.00374EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.221 views

CVE-2020-0213

CVE-2020-0213 affects Android Media Framework (ihevcd_fmt_conv_420sp_to_420sp_av8) and is caused by a heap buffer overflow leading to a possible out-of-bounds write. Impact: remote information disclosure with no execution privileges required, exploitable with user interaction. Affected products/v...

6.5CVSS6.5AI score0.00858EPSS
Total number of security vulnerabilities8153