Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/07/11 1:32 p.m.71 views

CVE-2022-30753

Affected software: Samsung SecSoterService on Samsung mobile devices. Issue: improper use of a unique device ID in unprotected SecSoterService, enabling local attackers to obtain the device ID without permission. Impact: information disclosure limited to local access. Root cause: unprotected hand...

3.3CVSS3.9AI score0.00093EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.71 views

CVE-2022-32595

CVE-2022-32595 affects Widevine with an out-of-bounds read caused by an incorrect bounds check. This vulnerability could lead to local information disclosure; the impact is described as high for confidentiality, with system-level execution privileges needed and no user interaction required. The a...

4.4CVSS4.2AI score0.00137EPSS
CVE
CVE
added 2022/07/11 1:33 p.m.71 views

CVE-2022-33685

Samsung Wearable Manager Service on Samsung mobile devices is affected by an unprotected dynamic receiver vulnerability, allowing attackers to launch arbitrary activity and access sensitive information. The issue stems from an unprotected receiver in the Wearable Manager and is mitigated by the S...

5.5CVSS5.4AI score0.00105EPSS
CVE
CVE
added 2022/08/05 3:21 p.m.71 views

CVE-2022-33720

CVE-2022-33720 concerns Samsung AppLock. The vulnerability is an improper authentication issue in AppLock prior to SMR Aug-2022 Release 1, which could let a physical attacker bypass the lock and access Chrome secured by AppLock via a new tap shortcut. Affected component: AppLock’s Chrome access c...

2.4CVSS3.9AI score0.00136EPSS
CVE
CVE
added 2022/08/05 3:18 p.m.71 views

CVE-2022-33731

CVE-2022-33731 involves an improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1. The issue allows an attacker with local access to enable or disable arbitrary components within DesktopSystemUI. Affected software: DesktopSystemUI (pre-SMR Aug-2022 Release 1). Ro...

7.1CVSS6.9AI score0.00087EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.71 views

CVE-2022-38684

The CVE-2022-38684 entry describes a vulnerability in the Contacts service caused by a missing permission check, enabling local denial of service with no additional privileges required. The connected documents corroborate the core issue (missing permission validation) and the local impact, but do...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.71 views

CVE-2022-39886

CVE-2022-39886 concerns an improper access control vulnerability in the IpcRxServiceModeBigDataInfo component of RIL, prior to Samsung SMR Nov-2022 Release 1. A local attacker could access device information due to the access-control weakness in RIL. Affected: Samsung devices running RIL before t...

5.9CVSS4AI score0.00082EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.71 views

CVE-2023-20802

In imgsys, a memory corruption vulnerability arises from improper input validation that could enable local escalation of privilege requiring System execution privileges. User interaction is needed for exploitation. A patch is identified (Patch ID: ALPS07420968; Issue ID: ALPS07420976). Public tec...

6.5CVSS6.8AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21151

CVE-2023-21151 affects the Google BMS kernel module in the Android kernel (Pixel devices). The issue is a heap buffer overflow that can cause an out-of-bounds write, enabling local escalation of privileges to System level. Exploitation requires local access; user interaction is not needed. Public...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21160

CVE-2023-21160 affects the Android kernel via a heap buffer overflow in BuildSetTcsFci (protocolmiscbuilder.cpp) that can cause a local out-of-bounds read and information disclosure without requiring user interaction. Public details across sources confirm the impact as local information disclosur...

5.5CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21167

CVE-2023-21167 affects Android 13, in DevicePolicyManagerService.setProfileName. The issue is an out-of-bounds/ missing bounds check that can crash the SystemUI menu, causing local denial of service without extra privileges and without user interaction. Public documents consistently frame this as...

5.5CVSS5.4AI score0.0009EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21168

CVE-2023-21168 affects Android 13 and specifically the ColorConverter.cpp function convertCbYCrY, where a missing bounds check may cause an out-of-bounds read and local information disclosure without requiring user interaction. Multiple sources (NVD entry, Red Hat advisory, PRION/OSV enrichment, ...

5.5CVSS5AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.71 views

CVE-2023-21181

CVE-2023-21181: In btm_ble_update_inq_result in btm_ble_gap.cc (Android 13) there is a possible out-of-bounds read due to a heap buffer overflow, potentially enabling local information disclosure with system privileges. Exploitation does not require user interaction. Affected product/version: And...

4.4CVSS4.4AI score0.00098EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.71 views

CVE-2023-21367

CVE-2023-21367 concerns the Android Scudo memory allocator. The connected documents confirm a heap OOB read/write due to an insecure implementation/design, enabling local information disclosure without extra execution privileges and with no user interaction required. The Android 14 security relea...

5.5CVSS5.8AI score0.00086EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.71 views

CVE-2023-21419

CVE-2023-21419 describes an issue in Samsung Secure Folder where improper implementation logic can cause the Secure Folder container to remain unlocked under certain conditions. Affected software: Secure Folder on Samsung devices (prior to SMR Jan-2023 Release 1). Root cause: implementation flaw ...

7.5CVSS7.4AI score0.00237EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.71 views

CVE-2023-32830

CVE-2023-32830 concerns a vulnerability in TVAPI where a missing bounds check can cause an out-of-bounds write. The root cause is a bounds-check omission in TVAPI, enabling local escalation of privilege with System execution privileges required; no user interaction is needed. The impact is descri...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.71 views

CVE-2023-32883

CVE-2023-32883 affects MediaTek devices with Engineer Mode where a missing bounds check enables an out-of-bounds write, potentially allowing local escalation of privileges (System) without user interaction. Root cause: improper bounds checking in Engineer Mode. Impact: local privilege escalation ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.71 views

CVE-2025-0074

The CVE-2025-0074 issue affects Google Android’s sdp_discovery.cc (process_service_attr_rsp) where a use-after-free leads to remote code execution with network access and no user interaction. This is categorized as a critical RCE in Android 15 per the 2025-03-01 bulletin, with patch levels 2025-0...

9.8CVSS8AI score0.00396EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.71 views

CVE-2025-0082

CVE-2025-0082 describes an information disclosure in Google Android involving StatusHint.java and TelecomServiceImpl.java. The root cause is a confused deputy that could allow an attacker to reveal images across users, resulting in local information disclosure without extra execution privileges. ...

5.5CVSS6AI score0.00085EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.71 views

CVE-2025-20650

CVE-2025-20650: A possible out-of-bounds write due to a missing bounds check could allow local elevation of privilege on affected MediaTek devices when an attacker has physical access. The vulnerability requires no additional execution privileges but does require user interaction according to the...

6.8CVSS6.9AI score0.00109EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.71 views

CVE-2025-22405

CVE-2025-22405 is an Android elevation-of-privilege vulnerability described as a use-after-free in multiple locations that could enable local code execution with no user interaction. Public sources/connected documents note this CVE as an EoP issue with high severity affecting Android components; ...

8.4CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.71 views

CVE-2025-22407

CVE-2025-22407 is a use-after-free in the Android HID (hidd) component, specifically in hidd_check_config_done of hidd_conn.cc, enabling potential arbitrary code execution and local information disclosure without extra privileges or user interaction. The vulnerability is discussed across multiple...

5.5CVSS7AI score0.00079EPSS
CVE
CVE
added 2012/11/30 11:0 a.m.70 views

CVE-2012-4220

CVE-2012-4220 / CVE-2012-4221 affect the Qualcomm DIAG kernel-mode driver for Android 2.3–4.2. diagchar_core.c (CVE-2012-4220) and diagchar_core.c with an untrusted pointer dereference (CVE-2012-4221) allow a local application to exploit crafted arguments via diagchar_ioctl to execute arbitrary c...

6.8CVSS7.5AI score0.03032EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.70 views

CVE-2015-3860

CVE-2015-3860 is a Lockscreen elevation-of-privilege flaw in Android 5.0/5.1 (build LMY48M) where the passwordEntry field in Keyguard does not cap input length, enabling a physical attacker to crash SystemUI and bypass the lock screen. Affected versions include Android 5.0 and 5.1 up to 5.1.0; Go...

7.2CVSS6.8AI score0.00338EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.70 views

CVE-2015-6616

CVE-2015-6616 is a memory-corruption vulnerability in Android’s mediaserver. It affects Android versions prior to 5.1.1 LMY48Z and 6.0 prior to 2015-12-01, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted media file (internal bugs 24630158 and 2388280...

9.3CVSS7.6AI score0.01858EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.70 views

CVE-2016-0802

CVE-2016-0802 affects the Broadcom Wi‑Fi kernel driver, vulnerable in Android 4.x up to 4.4.3/4.4.4, 5.x up to 5.1.x, and 6.x up to 2016-02-01. An unauthenticated, adjacent attacker can send crafted wireless control message packets to trigger memory corruption, leading to remote code execution or...

8.8CVSS7.5AI score0.01701EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.70 views

CVE-2016-1503

CVE-2016-1503 affects dhcpcd prior to version 6.10.0 (used in Android 4.x/5.x/6.x and other products). The issue is a mismanagement of DHCP option lengths in the print_option path, leading to a heap-based buffer overflow that can enable remote code execution or cause a denial of service via malfo...

10CVSS8.8AI score0.06344EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.70 views

CVE-2016-1948

Mozilla Firefox for Android before 44.0 is vulnerable to MITM during lightweight-theme installation because it may not require HTTPS for the client-server data stream, allowing an attacker to replace theme images/colors. Connected advisories indicate this is a real vulnerability affecting Firefox...

5.3CVSS5.9AI score0.00452EPSS
CVE
CVE
added 2017/04/12 10:0 p.m.70 views

CVE-2016-5856

Technical details for CVE-2016-5856 are not publicly available in the provided documents. Monitor for updates.

7.6CVSS6.8AI score0.00588EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.70 views

CVE-2017-0392

CVE-2017-0392 is a denial-of-service flaw in Android’s Mediaserver, specifically VBRISeeker.cpp in libstagefright. A crafted media file can cause a device hang or reboot via Mediaserver. Affected products/versions include Android 4.4.4–7.1.1. Public details describe the vulnerability’s root cause...

7.1CVSS5.7AI score0.00675EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.70 views

CVE-2017-0421

CVE-2017-0421 is an information-disclosure vulnerability in the Android Framework APIs that could allow a local malicious app to bypass OS protections and access data it should not. Affected products/versions per the CVE entry include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. In the conne...

5.5CVSS5.2AI score0.00564EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.70 views

CVE-2017-0678

CVE-2017-0678 is a remote code execution vulnerability in Android's media framework affecting Android 7.0, 7.1.1 and 7.1.2. The issue appears in the 2017 July Android Security Bulletin under Media framework, with patches released via the July 2017 patch levels (2017-07-01 and 2017-07-05). No expl...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.70 views

CVE-2017-0718

CVE-2017-0718 is a remote code execution flaw in Android’s media framework MPEG-2 decoder impacting Android 6.0, 6.0.1, 7.0, 7.1.1 and 7.1.2. Public detail confirms it as a Media framework RCE issue; root cause is in the MPEG-2 decoder path. The Android Bulletin (Aug 2017) documents this and note...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.70 views

CVE-2017-0745

CVE-2017-0745 is a remote code execution vulnerability in the Android media framework, specifically the avc decoder. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected documents consistently describe the issue as a media-framework fault enablin...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.70 views

CVE-2017-0809

The CVE-2017-0809 entry describes a remote code execution vulnerability in the Android media framework (libstagefright). Affected product: Android. Vulnerable component/file: Android’s media framework library libstagefright. Root cause: remote attacker could craft a file to trigger code execution...

9.3CVSS7.7AI score0.01514EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.70 views

CVE-2017-13280

CVE-2017-13280 affects the Android/libframesequence library, specifically the FrameSequence_gif function. The issue is an out-of-bounds read due to a missing bounds check, leading to a remote DoS without user interaction. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The vul...

7.5CVSS7.2AI score0.00811EPSS
CVE
CVE
added 2024/11/27 9:35 p.m.70 views

CVE-2017-13323

CVE-2017-13323 is a Google/Android elevation-of-privilege flaw caused by an out-of-bounds write in String16.cpp due to an integer overflow. The Red Hat and CNVD entries restate the issue; Android/Pixel bulletin notes this CVE as EoP (Moderate) and indicates patches are included in the 2018-05-05 ...

8.4CVSS8.3AI score0.00091EPSS
CVE
CVE
added 2024/12/04 5:20 p.m.70 views

CVE-2018-9395

The CVE-2018-9395 issue affects the Mediatek WLAN driver (mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config) in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. It describes a possible out-of-bounds write due to a missing bounds check, enabling local...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2024/12/02 9:39 p.m.70 views

CVE-2018-9431

CVE-2018-9431 : The connected documents confirm a local elevation of privilege due to improper input validation in OSUInfo.java (OSUInfo component). The impact is described as local Privilege Escalation without user interaction. No exploit pathways, affected product versions, or fix/patch details...

7.8CVSS7.1AI score0.00082EPSS
CVE
CVE
added 2024/11/19 10:21 p.m.70 views

CVE-2018-9466

CVE-2018-9466 : A vulnerability in libxml2’s valid.c xmlSnprintfElementContent can cause an out-of-bounds write, enabling remote escalation of privilege in an unprivileged process with user interaction required. Public details across sources confirm the issue’s presence in libxml2 and describe th...

8.8CVSS9.3AI score0.003EPSS
CVE
CVE
added 2019/05/08 4:27 p.m.70 views

CVE-2019-2047

CVE-2019-2047 is an Android vulnerability in the UpdateLoadElement path of the ic.cc file, caused by a type confusion that can trigger an out-of-bounds write. This could allow remote code execution in the proxy auto-config (PAC) context, with no required privileges and no user interaction. The we...

10CVSS9.2AI score0.01362EPSS
CVE
CVE
added 2019/11/13 5:37 p.m.70 views

CVE-2019-2205

CVE-2019-2205 affects Android 8.0–10 and is caused by a use-after-free in ProxyResolverV8::SetPacScript (proxy_resolver_v8.cc), leading to memory corruption and remote code execution without user interaction. Exploitation is network-based (no privileges required) with high impact on confidentiali...

10CVSS9.3AI score0.02864EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.70 views

CVE-2019-9298

CVE-2019-9298 affects Android 10 in the Media Framework (libAACdec). A vulnerability in the library allows an out-of-bounds write caused by an integer overflow, potentially enabling remote code execution. Exploitation requires user interaction. The issue is categorized as RCE with impact to confi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.70 views

CVE-2019-9363

CVE-2019-9363 affects Android 10 Bluetooth and describes an out-of-bounds write caused by a missing bounds check. This could allow remote code execution with no privileges, requiring user interaction to exploit. Affected product/area: Android 10 Bluetooth stack. Root cause: improper bounds checki...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2021/06/22 10:57 a.m.70 views

CVE-2021-0554

CVE-2021-0554 affects Android 11, where isBackupServiceActive in BackupManagerService.java lacks a required permission check, enabling local information disclosure without user interaction. Documented risk: local disclosure with no privileges beyond local access; attack complexity LOW. Remediatio...

5.5CVSS5.1AI score0.00108EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0976

CVE-2021-0976 concerns an out-of-bounds read in Android’s toBARK implementation (floor0.c). The root cause is a missing bounds check, enabling possible remote information disclosure with no execution privileges; exploitation requires user interaction. Affected software is Android 12 (Android ID A...

6.5CVSS6.1AI score0.00649EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0985

CVE-2021-0985 affects Android 12 via AlertReceiver.java (onReceive). A missing permission check could allow dismissing a system dialog, enabling local privilege escalation without extra execution privileges or user interaction. The Pixel bulletin lists this under Framework with updated AOSP patch...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0991

CVE-2021-0991 affects Android 12 via the OnMetadataChangedListener in AdvancedBluetoothDetailsHeaderController.java, causing a log information disclosure that could leak Bluetooth MAC addresses. The root cause is information disclosure through verbose/loggable data, enabling local information dis...

2.7CVSS3.2AI score0.00155EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-0995

The CVE-2021-0995 entry affects Android 12 and is tied to the WifiServiceImpl.registerSuggestionConnectionStatusListener function, enabling a side-channel information disclosure to infer whether an app is installed without query permissions. This results in local information disclosure with no ex...

3.3CVSS3.5AI score0.0011EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.70 views

CVE-2021-1001

CVE-2021-1001 describes a vulnerability in the Android Media/Video encoding path: In PVInitVideoEncoder of mp4enc_api.cpp, an out-of-bounds read caused by a heap buffer overflow can lead to local information disclosure without additional privileges or user interaction. Affected is Android 12; exp...

5.5CVSS5.2AI score0.00117EPSS
Total number of security vulnerabilities8153