Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/02/07 1:0 a.m.70 views

CVE-2016-0805

CVE-2016-0805 affects Qualcomm ARM kernels, specifically the Qualcomm Performance Module in Android. The issue resides in the kernel function get_krait_evtinfo, which returns an index into an array used by other kernel functions; crafted input can generate a malicious index and cause a buffer ove...

8.4CVSS8.2AI score0.00435EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.70 views

CVE-2016-1503

CVE-2016-1503 affects dhcpcd prior to version 6.10.0 (used in Android 4.x/5.x/6.x and other products). The issue is a mismanagement of DHCP option lengths in the print_option path, leading to a heap-based buffer overflow that can enable remote code execution or cause a denial of service via malfo...

10CVSS8.8AI score0.06344EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.70 views

CVE-2016-1948

Mozilla Firefox for Android before 44.0 is vulnerable to MITM during lightweight-theme installation because it may not require HTTPS for the client-server data stream, allowing an attacker to replace theme images/colors. Connected advisories indicate this is a real vulnerability affecting Firefox...

5.3CVSS5.9AI score0.00452EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.70 views

CVE-2017-0422

CVE-2017-0422 is a DoS in Android’s Bionic DNS that can be triggered by a crafted network packet to cause a device hang or reboot. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The vulnerability stems from the Bionic DNS component and is remote in scope (netwo...

7.8CVSS6.7AI score0.01596EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.70 views

CVE-2017-0427

CVE-2017-0427 is an elevation-of-privilege vulnerability in the Android kernel file system. A local attacker could execute arbitrary code in the kernel context on devices running Kernel-3.10 or Kernel-3.18, with a potential for permanent device compromise. The CVE’s patch status is not publicly a...

9.3CVSS7.2AI score0.00976EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.70 views

CVE-2017-0440

CVE-2017-0440 describes an elevation-of-privilege flaw in the Qualcomm Wi‑Fi driver for Android kernels 3.10 and 3.18. A local malicious app could exploit it to execute code in the kernel context, after compromising a privileged process. The vulnerability is classified as High severity in the pub...

7.6CVSS6.6AI score0.00863EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.70 views

CVE-2017-0718

CVE-2017-0718 is a remote code execution flaw in Android’s media framework MPEG-2 decoder impacting Android 6.0, 6.0.1, 7.0, 7.1.1 and 7.1.2. Public detail confirms it as a Media framework RCE issue; root cause is in the MPEG-2 decoder path. The Android Bulletin (Aug 2017) documents this and note...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.70 views

CVE-2017-0768

CVE-2017-0768 is an Elevation of Privilege (EoP) vulnerability in Android’s media framework (libeffects) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue enables a local attacker to gain privileged code execution within a privileged process, with p...

9.3CVSS7.9AI score0.00414EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.70 views

CVE-2017-0806

CVE-2017-0806 is an elevation of privilege in the Android framework (gatekeeperresponse). The Android bulletin and NVD entries list it as a local, user-interaction-required flaw that could enable a malicious local application to bypass user interaction requirements to gain additional permissions....

9.3CVSS7.4AI score0.01147EPSS
CVE
CVE
added 2024/12/04 5:20 p.m.70 views

CVE-2018-9395

The CVE-2018-9395 issue affects the Mediatek WLAN driver (mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config) in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. It describes a possible out-of-bounds write due to a missing bounds check, enabling local...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2024/11/19 9:6 p.m.70 views

CVE-2018-9411

CVE-2018-9411 describes an out-of-bounds write in decrypt of ClearKeyCasPlugin.cpp caused by a missing bounds check, enabling remote code execution with no extra privileges and requiring user interaction for exploitation. Public sources consistently mirror this description, with Android’s July 20...

8.8CVSS7.6AI score0.00548EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.70 views

CVE-2019-9298

CVE-2019-9298 affects Android 10 in the Media Framework (libAACdec). A vulnerability in the library allows an out-of-bounds write caused by an integer overflow, potentially enabling remote code execution. Exploitation requires user interaction. The issue is categorized as RCE with impact to confi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.70 views

CVE-2019-9363

CVE-2019-9363 affects Android 10 Bluetooth and describes an out-of-bounds write caused by a missing bounds check. This could allow remote code execution with no privileges, requiring user interaction to exploit. Affected product/area: Android 10 Bluetooth stack. Root cause: improper bounds checki...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2020/10/06 6:32 p.m.70 views

CVE-2020-26606

CVE-2020-26606 affects Samsung mobile devices running O(8.x) through R(11.0). The issue allows an attacker to access Secure Folder content via a debugging command. The NVD entry cites CVSS 3.1 base score 7.5 (High) with Network attack vector and no privileges required; confidentiality impact High...

7.5CVSS7.5AI score0.00431EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0976

CVE-2021-0976 concerns an out-of-bounds read in Android’s toBARK implementation (floor0.c). The root cause is a missing bounds check, enabling possible remote information disclosure with no execution privileges; exploitation requires user interaction. Affected software is Android 12 (Android ID A...

6.5CVSS6.1AI score0.00649EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0985

CVE-2021-0985 affects Android 12 via AlertReceiver.java (onReceive). A missing permission check could allow dismissing a system dialog, enabling local privilege escalation without extra execution privileges or user interaction. The Pixel bulletin lists this under Framework with updated AOSP patch...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0991

CVE-2021-0991 affects Android 12 via the OnMetadataChangedListener in AdvancedBluetoothDetailsHeaderController.java, causing a log information disclosure that could leak Bluetooth MAC addresses. The root cause is information disclosure through verbose/loggable data, enabling local information dis...

2.7CVSS3.2AI score0.00155EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0995

The CVE-2021-0995 entry affects Android 12 and is tied to the WifiServiceImpl.registerSuggestionConnectionStatusListener function, enabling a side-channel information disclosure to infer whether an app is installed without query permissions. This results in local information disclosure with no ex...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-1001

CVE-2021-1001 describes a vulnerability in the Android Media/Video encoding path: In PVInitVideoEncoder of mp4enc_api.cpp, an out-of-bounds read caused by a heap buffer overflow can lead to local information disclosure without additional privileges or user interaction. Affected is Android 12; exp...

5.5CVSS5.2AI score0.00117EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-1021

CVE-2021-1021 affects Google Android 12 (and related Android builds) where a flaw in SnoozeNotificationInt within NotificationManagerService.java allows disabling notifications for an arbitrary user due to improper input validation. This can enable local elevation of privilege with user-execution...

7.3CVSS7.3AI score0.00121EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-1024

CVE-2021-1024 affects Android 12 and is described in multiple connected sources as a flaw in EventResultPersister.java where an intent redirection can occur due to a confused deputy. This leads to local escalation of privilege with system execution privileges potentially required. The exploitatio...

6.7CVSS6.6AI score0.00113EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-1026

Affected software: Android 12 (CVE-2021-1026) involves the RttServiceImpl.java startRanging flow. Vulnerability summary: A side-channel information disclosure could allow a local attacker to infer whether an app is installed without query permissions, leading to local information disclosure with ...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.70 views

CVE-2021-1045

CVE-2021-1045 is acknowledged in multiple feeds as affecting the Android kernel component Titan‑M used in Google Pixel devices. The Pixel Update Bulletin groups CVE-2021-1045 under Pixel → Titan‑M with severity High, indicating a kernel‑level issue likely resolved in the 2021‑11‑05 patch level. T...

7.5CVSS7.4AI score0.00462EPSS
CVE
CVE
added 2021/02/04 5:16 a.m.70 views

CVE-2021-26687

The CVE-2021-26687 entry concerns LG mobile devices running Android 8–10 where the HostnameVerified default is mishandled in preloaded applications. Connected sources confirm the affected platform (LG Android devices) and the root cause: mishandling of HostnameVerified in preloaded apps, which ca...

9.8CVSS9.2AI score0.00549EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-39637

The CVE-2021-39637 entry describes an out-of-bounds read in CreateDeviceInfo of trusty_remote_provisioning_context.cpp due to a missing bounds check. This vulnerability could allow local information disclosure with system privileges required, and is exploitable without user interaction. Affected ...

4.4CVSS4.2AI score0.00119EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-39638

CVE-2021-39638 relates to the Android kernel: in the function periodic_io_work_func of lwis_periodic_io.c there is an out-of-bounds write caused by a use-after-free. This leads to local elevation of privilege with System execution privileges required and no user interaction needed. The descriptio...

6.7CVSS6.7AI score0.00118EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.70 views

CVE-2021-39641

CVE-2021-39641 affects Android kernel on Pixel devices (Android ID A-126949257). The connected Pixel security bulletin lists it as a Bootloader-related Elevation of Privilege (EoP) with moderate impact. The entry indicates patch guidance through the December 2021 Pixel Update Bulletin, where upda...

9.8CVSS9AI score0.00453EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.70 views

CVE-2021-39650

CVE-2021-39650: In the Android kernel, an out-of-bounds write due to a missing bounds check enables local escalation to System privileges without user interaction. This is tied to Android kernel code and is documented with a MEDIUM base CVSS and LOCAL access. The provided connected documents conf...

6.7CVSS6.7AI score0.00118EPSS
CVE
CVE
added 2022/03/30 4:2 p.m.70 views

CVE-2021-39780

CVE-2021-39780 affects Android 12L Traceur: a missing permission check allows bypassing developer settings to capture system traces, enabling local privilege escalation with user interaction required. The Android 12L security release notes indicate this issue is addressed in Android 12L; devices ...

7.8CVSS7.9AI score0.003EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.70 views

CVE-2022-26467

CVE-2022-26467 affects the rpmb component in MediaTek chips. An out-of-bounds write caused by an incorrect bounds check could enable local privilege escalation to SYSTEM with no user interaction required. The advisory references patch ALPS07167738 (Issue ALPS07167738) as a fix. Exploitation statu...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.70 views

CVE-2022-27567

This CVE (CVE-2022-27567) affects the libsimba library via a null pointer dereference in the parser_hvcC function, leading to an out-of-bounds write. The issue is triggered remotely by attackers and is tied to the libsimba code before SMR Apr-2022 Release 1. Several connected sources corroborate ...

9.8CVSS9.4AI score0.00503EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.70 views

CVE-2022-27825

The CVE-2022-27825 vulnerability affects the libsapeextractor library, specifically the sapefd_parse_meta_HEADER function. A faulty size check can allow an out-of-bounds read when processing a crafted media file. This issue is addressed in Samsung SMR Apr-2022 Release 1 (patch package), mitigatin...

7.1CVSS6.6AI score0.00234EPSS
CVE
CVE
added 2022/05/03 7:41 p.m.70 views

CVE-2022-28785

CVE-2022-28785 concerns an improper buffer size check in the aviextractor library prior to Samsung’s SMR May-2022 Release 1, enabling out-of-bounds reads and a potential temporary denial-of-service. Multiple connected sources (NVD, Red Hat advisory, CVE listings, Samsung SMR notes) confirm the is...

5.5CVSS5.5AI score0.00094EPSS
CVE
CVE
added 2022/06/07 6:4 p.m.70 views

CVE-2022-30727

CVE-2022-30727 affects Samsung Mobile’s PersonaManagerService, due to improper handling of permissions in addAppPackageNameToAllowList. The issue allows a local attacker to set certain workspace settings. Root cause: permission management weakness in PersonaManagerService prior to the SMR Jun-202...

6.2CVSS5.3AI score0.00085EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.70 views

CVE-2022-32638

CVE-2022-32638 describes a race-condition in the ISP component allowing an out-of-bounds write that can lead to local privilege escalation with SYSTEM privileges; exploitation reportedly requires no user interaction. A patch is referenced (ALPS07494449/ALPS07494449). Some connected sources attrib...

6.4CVSS6.5AI score0.00096EPSS
CVE
CVE
added 2022/08/05 3:15 p.m.70 views

CVE-2022-33725

The CVE-2022-33725 issue affects Samsung Knox VPN, where a flaw in PendingIntent usage could allow a local attacker to access a content provider with system privileges. Root cause: improper PendingIntent handling within Knox VPN prior to SMR Aug-2022 Release 1. Impact per sources: potential media...

4CVSS4.1AI score0.00109EPSS
CVE
CVE
added 2022/08/05 3:19 p.m.70 views

CVE-2022-33732

CVE-2022-33732 is an improper access control vulnerability in Samsung Dex for PC, affecting versions prior to SMR Aug-2022 Release 1. The issue allows a local attacker with unprotected binder access to scan and connect to a PC. The associated remediation is to update to SMR Aug-2022 Release 1 or ...

7.1CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.70 views

CVE-2022-39886

CVE-2022-39886 concerns an improper access control vulnerability in the IpcRxServiceModeBigDataInfo component of RIL, prior to Samsung SMR Nov-2022 Release 1. A local attacker could access device information due to the access-control weakness in RIL. Affected: Samsung devices running RIL before t...

5.9CVSS4AI score0.00082EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.70 views

CVE-2022-39912

CVE-2022-39912 describes an improper handling of permissions in the Android PersonaManagerService; prior to Android T(13), setSecureFolderPolicy can be exploited locally to modify settings in Secure Folder. The issue arises from insufficient permission checks in the affected function, enabling a ...

6.2CVSS3.9AI score0.00081EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.70 views

CVE-2023-20802

In imgsys, a memory corruption vulnerability arises from improper input validation that could enable local escalation of privilege requiring System execution privileges. User interaction is needed for exploitation. A patch is identified (Patch ID: ALPS07420968; Issue ID: ALPS07420976). Public tec...

6.5CVSS6.8AI score0.00092EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.70 views

CVE-2023-20821

CVE-2023-20821 concerns an out-of-bounds write in nvram due to a missing bounds check in MediaTek-based hardware. The underlying issue can allow local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. Reported remediation refere...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.70 views

CVE-2023-20923

In CVE-2023-20923, the issue affects ShannonRcs content providers in Android kernel space. The root cause is a permissions bypass in exported content providers that can grant access to protected content providers without additional execution privileges. The practical impact is local information d...

5.5CVSS5.1AI score0.00106EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.70 views

CVE-2023-21152

Summary (CVE-2023-21152) : The vulnerability is an out-of-bounds read in FaceStatsAnalyzer::InterpolateWeightList within face_stats_analyzer.cc on Android kernel. The root cause is a missing bounds check in the weight interpolation logic, enabling a local information disclosure with user-privileg...

5.5CVSS5.1AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.70 views

CVE-2023-21168

CVE-2023-21168 affects Android 13 and specifically the ColorConverter.cpp function convertCbYCrY, where a missing bounds check may cause an out-of-bounds read and local information disclosure without requiring user interaction. Multiple sources (NVD entry, Red Hat advisory, PRION/OSV enrichment, ...

5.5CVSS5AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.70 views

CVE-2023-21184

CVE-2023-21184 affects Android 13 and is tied to CarrierPrivilegesTracker.java in getCurrentPrivilegedPackagesForAllUsers, where a logic error enables a local privilege bypass with no extra execution privileges and no user interaction required. Public documents consistently describe a permission ...

7.8CVSS7.7AI score0.00102EPSS
CVE
CVE
added 2025/02/03 3:24 a.m.70 views

CVE-2024-20147

CVE-2024-20147 concerns a vulnerability in MediaTek Bluetooth firmware where an improper exception handling can lead to a reachable assertion, enabling remote denial of service without privileges or user interaction. Affected components are MediaTek chipsets, including MT79XX (and MT2737, MT3603,...

5.3CVSS7AI score0.00211EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.70 views

CVE-2025-22405

CVE-2025-22405 is an Android elevation-of-privilege vulnerability described as a use-after-free in multiple locations that could enable local code execution with no user interaction. Public sources/connected documents note this CVE as an EoP issue with high severity affecting Android components; ...

8.4CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.70 views

CVE-2025-22407

CVE-2025-22407 is a use-after-free in the Android HID (hidd) component, specifically in hidd_check_config_done of hidd_conn.cc, enabling potential arbitrary code execution and local information disclosure without extra privileges or user interaction. The vulnerability is discussed across multiple...

5.5CVSS7AI score0.00079EPSS
CVE
CVE
added 2012/11/30 11:0 a.m.69 views

CVE-2012-4220

CVE-2012-4220 / CVE-2012-4221 affect the Qualcomm DIAG kernel-mode driver for Android 2.3–4.2. diagchar_core.c (CVE-2012-4220) and diagchar_core.c with an untrusted pointer dereference (CVE-2012-4221) allow a local application to exploit crafted arguments via diagchar_ioctl to execute arbitrary c...

6.8CVSS7.5AI score0.03032EPSS
CVE
CVE
added 2014/03/30 10:0 a.m.69 views

CVE-2013-6770

CVE-2013-6770 affects CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 on Android 4.3/4.4. The flaw lets any user with ADB shell access and a suitable Linux UID exploit /system/xbin/su --daemon to gain root privileges and create a Trojan script, due to inadequate restriction of who can ru...

7.6CVSS7AI score0.00668EPSS
Total number of security vulnerabilities8153