Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/04/04 5:0 p.m.71 views

CVE-2017-13258

CVE-2017-13258 affects Android Bluetooth BNEP: a missing bounds check in bnep_data_ind() within bnep_main.cc can trigger an out-of-bounds read, enabling remote information disclosure without user interaction. Affected Android versions include 5.1.1, 6.0/6.0.1, 7.0, 7.1.1/7.1.2, 8.0, and 8.1 (Andr...

7.5CVSS6.8AI score0.07396EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.71 views

CVE-2017-13283

CVE-2017-13283 affects Android devices via a flaw in the Bluetooth stack: in avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out-of-bounds write on the stack due to a missing bounds check. This could enable remote code execution with no privileges or user interaction requir...

10CVSS8.8AI score0.02214EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.71 views

CVE-2017-9714

CVE-2017-9714 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The root cause is an out-of-bounds memory access in limCheckRxRSNIeMatch when an incorrect RSNIE is received in an association request. The CVE is listed with a NVD CVSS v3.0 base score of 7...

7.8CVSS7.2AI score0.00159EPSS
CVE
CVE
added 2024/12/02 7:54 p.m.71 views

CVE-2018-9380

CVE-2018-9380 affects Google Pixel devices via out-of-bounds write in l2c_lcc_proc_pdu() within l2c_fcr.cc, caused by improper input validation. The vulnerability can enable remote privilege escalation with no extra execution privileges required, and exploitation requires user interaction. Public...

8.8CVSS7AI score0.00292EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.71 views

CVE-2019-9259

CVE-2019-9259 affects the Android 10 Bluetooth stack, where a use-after-free leads to an out-of-bounds write. This could allow local elevation of privilege to SYSTEM with no user interaction. Exploitation status is not detailed in the provided docs. Remediation is addressed in Android 10 security...

7.2CVSS7.2AI score0.00167EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.71 views

CVE-2019-9281

CVE-2019-9281 affects GoogleContactsSyncAdapter in Android 10. The issue is a path traversal vulnerability caused by improper input sanitization, enabling a bypass of user interaction requirements without extra execution privileges. Impact is described as allowing access outside restricted direct...

7.5CVSS7.8AI score0.0075EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.71 views

CVE-2019-9322

CVE-2019-9322 affects the Android 10 media framework component (libavc) and involves an information disclosure due to uninitialized data. The issue could allow remote information disclosure with no execution privileges required, and exploitation requires user interaction. The vulnerability is doc...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.71 views

CVE-2019-9338

CVE-2019-9338 affects Android 10 via the Media Framework libavc, where uninitialized data allows information disclosure. Impact is remote information disclosure with user interaction needed; exploit details are not provided. No patch/version is specified in the connected documents; refer to Andro...

6.5CVSS6.1AI score0.00769EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.71 views

CVE-2019-9412

CVE-2019-9412 affects Android 10 via the libSBRdec component, where an out-of-bounds read due to an incorrect bounds check could allow remote information disclosure. Exploitation requires user interaction; no execution privileges are needed. The connected sources describe the issue and reference ...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2020/06/04 5:1 p.m.71 views

CVE-2020-13838

CVE-2020-13838 affects Samsung mobile devices running P (9.0) and Q (10.0) software, where the DeX Lockscreen fails to block access to the Quick Panel and notifications. The issue is documented across multiple sources (NVD entry and Red Hat advisory) without details on a concrete exploit vector o...

3.6CVSS4.3AI score0.0013EPSS
CVE
CVE
added 2021/06/22 11:1 a.m.71 views

CVE-2021-0536

CVE-2021-0536 affects Android 11: in the DropFile path of WiFiInstaller there is a mechanism that allows deletion of files accessible to CertInstaller due to a confused deputy, enabling local escalation of privilege with no additional execution privileges needed; exploitation does not require use...

7.8CVSS7.7AI score0.00117EPSS
CVE
CVE
added 2021/06/22 11:2 a.m.71 views

CVE-2021-0539

CVE-2021-0539 concerns an elevation of privilege in Android 11 via the MmsService.java component. The vulnerability arises in the method archiveStoredConversation , where a missing permission check could allow an attacker to archive a message conversation without user consent. This enables local ...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2021/06/22 11:3 a.m.71 views

CVE-2021-0545

CVE-2021-0545 affects Google Android on Android 11. The issue occurs in the NFC subsystem, specifically in phNxpNciHal_print_res_status within phNxpNciHal.cc, where a missing bounds check enables an out-of-bounds write. This could allow local escalation of privilege on the NFC server with system ...

6.7CVSS6.7AI score0.00117EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.71 views

CVE-2021-1009

CVE-2021-1009 affects Android 12 and is described as a local information disclosure through the PackageManagerService.setApplicationCategoryHint, enabling an attacker to determine whether an app is installed without any query permissions. The vulnerability arises from a side-channel information d...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.71 views

CVE-2021-1031

CVE-2021-1031 : Android 12’s NotificationManagerService.cancelNotificationsFromListener can indirectly determine whether an app is installed via a side‑channel information disclosure, enabling local information disclosure without additional execution privileges. The issue is documented with a LOW...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/04/09 5:36 p.m.71 views

CVE-2021-25362

CVE-2021-25362 affects Samsung CertInstaller prior to SMR APR-2021 Release 1. Root cause: improper permission management that lets untrusted apps delete certain local files. Impact varies by metric/version (CVSS3.1: LOCAL, LOW integrity, HIGH availability; CVSS2: LOCAL, PARTIAL integrity, PARTIAL...

6.8CVSS6.1AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.71 views

CVE-2021-39647

CVE-2021-39647 concerns the Samsung Exynos 9845-based GS101/boot path where in mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S there is a likely reinitialization of the Trusted Execution Environment due to improper locking. This can enable local information disclosure...

4.4CVSS4.3AI score0.00094EPSS
CVE
CVE
added 2022/08/11 3:7 p.m.71 views

CVE-2022-20245

CVE-2022-20245 affects Android 13 and involves the WindowManager component. An insecure default value in WindowManager may allow a recorded lock-screen capture, leading to local information disclosure. Exploitation requires user interaction, and no additional execution privileges are needed. The ...

2.4CVSS4.3AI score0.00124EPSS
CVE
CVE
added 2022/08/11 3:8 p.m.71 views

CVE-2022-20248

CVE-2022-20248 affects Android 13 where a logic error in the Settings code can bypass DISALLOW_CONFIG_WIFI, enabling a local escalation of privilege to connect to an open network without user interaction. Affected component: Settings; impact: local Privilege Elevation with High confidentiality/in...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2022/08/11 3:9 p.m.71 views

CVE-2022-20250

CVE-2022-20250 affects the Android 13 Messaging component. The issue stems from improper input validation that lets an attacker attach files to a message without proper access checks, enabling local elevation of privilege. Exploitation requires user interaction, and the CVSS 3.1 vector indicates ...

7.8CVSS7.9AI score0.00104EPSS
CVE
CVE
added 2022/08/11 3:10 p.m.71 views

CVE-2022-20253

CVE-2022-20253 affects the Android 13 Bluetooth stack. The issue is a cleanup failure caused by an uncaught exception that could enable remote denial of service without additional privileges or user interaction. Root cause is an uncaught exception in Bluetooth handling leading to DoS. Mitigation ...

6.5CVSS6.8AI score0.00218EPSS
CVE
CVE
added 2022/08/11 3:12 p.m.71 views

CVE-2022-20262

The CVE-2022-20262 issue affects Android 13, specifically the ActivityManager component. It describes a missing permission check that could allow a local attacker to check another process’s capabilities, resulting in potential local information disclosure with no user interaction required. The NV...

3.3CVSS4.4AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:14 p.m.71 views

CVE-2022-20271

CVE-2022-20271 affects Android 13, originating in the PermissionController. The issue enables a user-visible misdirection/insufficient UI to grant certain permissions without proper user consent, resulting in potential local elevation of privilege. The vulnerability is categorized as an EoP issue...

7.8CVSS7.9AI score0.00109EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.71 views

CVE-2022-20276

CVE-2022-20276 concerns the Android 13 framework where the DevicePolicyManager exposes a side-channel that can reveal whether an app is installed without query permissions. The vulnerability is described as a local information-disclosure issue that does not require user interaction. The affected ...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:24 p.m.71 views

CVE-2022-20314

CVE-2022-20314 affects Google Android KeyChain on Android-13. The issue is a spoof keychain chooser activity request caused by improper input validation in KeyChain, enabling local escalation of privilege with System execution privileges required. Exploitation requires no user interaction. The An...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2022/07/06 1:7 p.m.71 views

CVE-2022-21775

CVE-2022-21775 affects MediaTek’s sched driver. The issue is a use-after-free caused by improper locking, enabling local escalation of privileges with System privileges required; user interaction is not needed for exploitation. Affected component: sched driver; root cause: improper locking leadin...

6.7CVSS6.7AI score0.00086EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.71 views

CVE-2022-26094

The CVE-2022-26094 entry describes a null pointer dereference in the parser_auxC function of the libsimba library, prior to Samsung SMR Apr-2022 Release 1, which allows remote attackers to cause an out-of-bounds write. The vulnerability is discussed across multiple feeds (NVD/Red Hat/CNVD/CVELIST...

9.8CVSS9.4AI score0.00503EPSS
CVE
CVE
added 2022/08/01 1:58 p.m.71 views

CVE-2022-26433

The CVE-2022-26433 entry concerns MediaTek mailbox (mailbox controller) with a type-confusion caused out-of-bounds write leading to local privilege escalation to SYSTEM. Affected component: mailbox handling in MediaTek devices; root cause: type confusion resulting in out-of-bounds write (exact co...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.71 views

CVE-2022-26475

CVE-2022-26475 concerns a local privilege-escalation in MediaTek wlan due to an out-of-bounds write from a missing bounds check. Affected component is wlan code within MediaTek-based devices; exploitation would grant System-level privileges without user interaction, as described in multiple sourc...

6.7CVSS6.7AI score0.00092EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.71 views

CVE-2022-27571

CVE-2022-27571 describes a heap-based buffer overflow in the function sheifd_get_info_image of the libsimba library, prior to the Samsung SMR Apr-2022 Release 1. This vulnerability could enable remote code execution without user interaction, with network access as the attack vector. The CVSS data...

10CVSS9.8AI score0.01306EPSS
CVE
CVE
added 2022/06/07 5:56 p.m.71 views

CVE-2022-30717

The CVE-2022-30717 entry concerns Samsung AR Emoji prior to SMR Jun-2022 Release 1, with an underlying issue described as an improper caller check. The vulnerability allows untrusted applications to access certain camera functions via deeplink, presenting a remote-like risk without user interacti...

7.5CVSS7.4AI score0.00194EPSS
CVE
CVE
added 2022/07/11 1:32 p.m.71 views

CVE-2022-30753

Affected software: Samsung SecSoterService on Samsung mobile devices. Issue: improper use of a unique device ID in unprotected SecSoterService, enabling local attackers to obtain the device ID without permission. Impact: information disclosure limited to local access. Root cause: unprotected hand...

3.3CVSS3.9AI score0.00093EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.71 views

CVE-2022-32595

CVE-2022-32595 affects Widevine with an out-of-bounds read caused by an incorrect bounds check. This vulnerability could lead to local information disclosure; the impact is described as high for confidentiality, with system-level execution privileges needed and no user interaction required. The a...

4.4CVSS4.2AI score0.00137EPSS
CVE
CVE
added 2022/07/11 1:33 p.m.71 views

CVE-2022-33685

Samsung Wearable Manager Service on Samsung mobile devices is affected by an unprotected dynamic receiver vulnerability, allowing attackers to launch arbitrary activity and access sensitive information. The issue stems from an unprotected receiver in the Wearable Manager and is mitigated by the S...

5.5CVSS5.4AI score0.00105EPSS
CVE
CVE
added 2022/08/05 3:21 p.m.71 views

CVE-2022-33720

CVE-2022-33720 concerns Samsung AppLock. The vulnerability is an improper authentication issue in AppLock prior to SMR Aug-2022 Release 1, which could let a physical attacker bypass the lock and access Chrome secured by AppLock via a new tap shortcut. Affected component: AppLock’s Chrome access c...

2.4CVSS3.9AI score0.00136EPSS
CVE
CVE
added 2022/08/05 3:18 p.m.71 views

CVE-2022-33731

CVE-2022-33731 involves an improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1. The issue allows an attacker with local access to enable or disable arbitrary components within DesktopSystemUI. Affected software: DesktopSystemUI (pre-SMR Aug-2022 Release 1). Ro...

7.1CVSS6.9AI score0.00087EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.71 views

CVE-2022-38684

The CVE-2022-38684 entry describes a vulnerability in the Contacts service caused by a missing permission check, enabling local denial of service with no additional privileges required. The connected documents corroborate the core issue (missing permission validation) and the local impact, but do...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21151

CVE-2023-21151 affects the Google BMS kernel module in the Android kernel (Pixel devices). The issue is a heap buffer overflow that can cause an out-of-bounds write, enabling local escalation of privileges to System level. Exploitation requires local access; user interaction is not needed. Public...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21160

CVE-2023-21160 affects the Android kernel via a heap buffer overflow in BuildSetTcsFci (protocolmiscbuilder.cpp) that can cause a local out-of-bounds read and information disclosure without requiring user interaction. Public details across sources confirm the impact as local information disclosur...

5.5CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21167

CVE-2023-21167 affects Android 13, in DevicePolicyManagerService.setProfileName. The issue is an out-of-bounds/ missing bounds check that can crash the SystemUI menu, causing local denial of service without extra privileges and without user interaction. Public documents consistently frame this as...

5.5CVSS5.4AI score0.0009EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21181

CVE-2023-21181: In btm_ble_update_inq_result in btm_ble_gap.cc (Android 13) there is a possible out-of-bounds read due to a heap buffer overflow, potentially enabling local information disclosure with system privileges. Exploitation does not require user interaction. Affected product/version: And...

4.4CVSS4.4AI score0.00098EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.71 views

CVE-2023-21367

CVE-2023-21367 concerns the Android Scudo memory allocator. The connected documents confirm a heap OOB read/write due to an insecure implementation/design, enabling local information disclosure without extra execution privileges and with no user interaction required. The Android 14 security relea...

5.5CVSS5.8AI score0.00086EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.71 views

CVE-2023-21419

CVE-2023-21419 describes an issue in Samsung Secure Folder where improper implementation logic can cause the Secure Folder container to remain unlocked under certain conditions. Affected software: Secure Folder on Samsung devices (prior to SMR Jan-2023 Release 1). Root cause: implementation flaw ...

7.5CVSS7.4AI score0.00237EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.71 views

CVE-2023-32830

CVE-2023-32830 concerns a vulnerability in TVAPI where a missing bounds check can cause an out-of-bounds write. The root cause is a bounds-check omission in TVAPI, enabling local escalation of privilege with System execution privileges required; no user interaction is needed. The impact is descri...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.71 views

CVE-2023-32883

CVE-2023-32883 affects MediaTek devices with Engineer Mode where a missing bounds check enables an out-of-bounds write, potentially allowing local escalation of privileges (System) without user interaction. Root cause: improper bounds checking in Engineer Mode. Impact: local privilege escalation ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2024/08/14 3:2 a.m.71 views

CVE-2024-20083

CVE-2024-20083 affects venc and stems from a missing bounds check that enables an out-of-bounds write. This may allow local escalation of privilege with System execution privileges required. No user interaction is needed for exploitation per connected Red Hat/NVD entries. The vulnerability is ass...

9.8CVSS6.8AI score0.00261EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.71 views

CVE-2025-0092

CVE-2025-0092 : A permission bypass exists in Android’s Bluetooth stack, specifically in handleBondStateChanged of AdapterService.java, caused by a misleading or insufficient UI. This can lead to information disclosure to a proximal attacker without additional execution privileges; exploitation r...

6.5CVSS6.4AI score0.00146EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.71 views

CVE-2025-20650

CVE-2025-20650: A possible out-of-bounds write due to a missing bounds check could allow local elevation of privilege on affected MediaTek devices when an attacker has physical access. The vulnerability requires no additional execution privileges but does require user interaction according to the...

6.8CVSS6.9AI score0.00109EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.71 views

CVE-2025-22411

CVE-2025-22411 affects the Android Bluetooth SDP discovery path: use-after-free in process_service_attr_rsp (sdp_discovery.cc) due to a logic error, enabling remote code execution with no privileges and no user interaction. Exploitation is described as proximal/adjacent (Bluetooth range). Root ca...

8.8CVSS7.2AI score0.00162EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.70 views

CVE-2016-0802

CVE-2016-0802 affects the Broadcom Wi‑Fi kernel driver, vulnerable in Android 4.x up to 4.4.3/4.4.4, 5.x up to 5.1.x, and 6.x up to 2016-02-01. An unauthenticated, adjacent attacker can send crafted wireless control message packets to trigger memory corruption, leading to remote code execution or...

8.8CVSS7.5AI score0.01701EPSS
Total number of security vulnerabilities8153