Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/09/04 2:27 a.m.69 views

CVE-2023-20827

CVE-2023-20827 affects the ims service, where a race condition can cause memory corruption leading to local privilege escalation with SYSTEM rights. Exploitation does not require user interaction, and a patch is identified (ALPS07937105). The available sources consistently describe the issue as a...

6.7CVSS6.7AI score0.00063EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.69 views

CVE-2023-20839

CVE-2023-20839 affects the imgsys component. The root cause is an out-of-bounds read due to missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. The vulnerability is documented across multiple source...

4.2CVSS4AI score0.00091EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.69 views

CVE-2023-20996

CVE-2023-20996 affects Android 13 (Pixel devices) and is described as a DoS via an input validation flaw that can trigger a persistent reboot loop. The vulnerability enables local denial of service with no user interaction required and requires user privileges. Public details confirm the issue is...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.69 views

CVE-2023-21202

CVE-2023-21202 affects Android 13 Bluetooth stack as described in the Android CVE entry. The issue is located in the function btm_delete_stored_link_key_complete in btm_devctl.cc , where a missing bounds check can cause an out-of-bounds read. This can lead to local information disclosure over Blu...

4.5CVSS4.2AI score0.00138EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.69 views

CVE-2023-21205

CVE-2023-21205 is an Android 13 vulnerability affecting the function startWpsPinDisplayInternal in sta_iface.cpp, where unsafe deserialization can cause an out-of-bounds read. This leads to local information disclosure with no additional execution privileges required and does not require user int...

5.5CVSS5AI score0.00103EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.69 views

CVE-2023-21391

CVE-2023-21391 is documented in Android 14 release notes as a DoS affecting the System area, attributed to improper input validation in the Messaging context. The impact is remote denial of service without user interaction or elevated privileges, with a network-based attack vector (AV:N, PR:N, UI...

7.5CVSS7.8AI score0.0042EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.69 views

CVE-2024-20054

CVE-2024-20054 concerns a missing bounds check in the gnss component, enabling local privilege escalation with System execution privileges required and no user interaction. The vulnerability is associated with MediaTek/gnss implementations, with a patch identified as ALPS08580200 (Issue ID: ALPS0...

6.6CVSS6.9AI score0.00269EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.69 views

CVE-2024-20060

The CVE-2024-20060 entry concerns MediaTek devices with a vulnerability in the da module causing privilege escalation due to an incorrect status check. Impact is local privilege escalation with System execution privileges required, and exploitation does not require user interaction (per multiple ...

5.9CVSS6.9AI score0.00106EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.69 views

CVE-2024-49740

CVE-2024-49740 affects Google Android and is described as a DoS condition caused by a crash loop from resource exhaustion in multiple locations. Exploitation requires no user interaction and does not need additional privileges (local impact). The Android security bulletin notes patch levels 2025-...

5.5CVSS6.4AI score0.00093EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.69 views

CVE-2025-0074

The CVE-2025-0074 issue affects Google Android’s sdp_discovery.cc (process_service_attr_rsp) where a use-after-free leads to remote code execution with network access and no user interaction. This is categorized as a critical RCE in Android 15 per the 2025-03-01 bulletin, with patch levels 2025-0...

9.8CVSS8AI score0.00396EPSS
CVE
CVE
added 2025/08/26 10:48 p.m.69 views

CVE-2025-0082

CVE-2025-0082 describes an information disclosure in Google Android involving StatusHint.java and TelecomServiceImpl.java. The root cause is a confused deputy that could allow an attacker to reveal images across users, resulting in local information disclosure without extra execution privileges. ...

5.5CVSS6AI score0.00085EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.69 views

CVE-2025-20653

CVE-2025-20653 corresponds to a MediaTek chipset issue described as an out-of-bounds read caused by an integer overflow. The vulnerability could enable local information disclosure with a high impact on confidentiality, integrity, and availability, requiring physical access to the device and user...

6.5CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2011/06/09 10:0 a.m.68 views

CVE-2010-4804

CVE-2010-4804 affects Android’s built-in browser prior to 2.3.4, enabling remote attackers to read SD card contents via crafted content:// URIs. Root cause involves BrowserActivity.java and BrowserSettings.java in com/android/browser/. The connected sources confirm affected version range and the ...

4.3CVSS6.7AI score0.26952EPSS
Web
CVE
CVE
added 2015/10/01 12:0 a.m.68 views

CVE-2015-1541

CVE-2015-1541 affects Android before version 5.1.1 (LMY48I). The issue resides in AppWidgetServiceImpl in Settings, where an application can obtain a URI permission by sending an Intent with FLAG_GRANT_READ_URI_PERMISSION or FLAG_GRANT_WRITE_URI_PERMISSION. This bypasses intended restrictions and...

4.3CVSS6.5AI score0.00477EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.68 views

CVE-2015-3826

The CVE-2015-3826 issue affects Android’s media stack in libstagefright (MPEG4Extractor.cpp) where MPEG4Extractor::parse3GPPMetaData does not enforce a minimum size for UTF-16 BOM strings. This can enable a remote attacker to trigger a crash in mediaserver via crafted 3GPP metadata (integer under...

5CVSS6.8AI score0.73566EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.68 views

CVE-2015-3874

CVE-2015-3874 affects the Sonivox components in Android prior to 5.1.1 LMY48T, allowing remote attackers to execute arbitrary code or cause memory corruption via a crafted media file. The issue is listed in the Android 2015-10-01 bulletin as a remote-code-execution vulnerability in mediaserver-re...

10CVSS7.9AI score0.01838EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.68 views

CVE-2015-5573

CVE-2015-5573 is a Type Confusion vulnerability affecting Adobe Flash Player prior to 18.0.0.241 and 19.x prior to 19.0.0.185 on Windows/macOS, and prior to 11.2.202.521 on Linux, plus affected AIR/SDK components. The root cause is a type confusion error that could allow an attacker to execute ar...

10CVSS7.5AI score0.05667EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.68 views

CVE-2016-10275

CVE-2016-10275 is an elevation-of-privilege vulnerability in the Qualcomm bootloader that could allow a local malicious Android app to execute arbitrary code in the kernel context. Public documentation ties this to Qualcomm bootloader flaws and Android patch coverage. The Android May 2017 bulleti...

9.3CVSS7.2AI score0.00579EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.68 views

CVE-2017-0392

CVE-2017-0392 is a denial-of-service flaw in Android’s Mediaserver, specifically VBRISeeker.cpp in libstagefright. A crafted media file can cause a device hang or reboot via Mediaserver. Affected products/versions include Android 4.4.4–7.1.1. Public details describe the vulnerability’s root cause...

7.1CVSS5.7AI score0.00675EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.68 views

CVE-2017-0429

CVE-2017-0429 is an elevation-of-privilege vulnerability in the NVIDIA kernel driver’s i2c-hid component, enabling a local attacker to write arbitrary values to kernel memory and potentially execute code with kernel privileges. Public descriptions tie the issue to the NVIDIA kernel driver on Andr...

9.3CVSS7.2AI score0.00908EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.68 views

CVE-2017-0433

CVE-2017-0433 is an elevation-of-privilege flaw in the Synaptics touchscreen driver for Android, tied to the Kernel-3.10 platform. The vulnerability could allow a local, privileged attacker to execute arbitrary code within the touchscreen chipset context. Several connected sources (including NVD ...

7.6CVSS6.6AI score0.0101EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.68 views

CVE-2017-0467

CVE-2017-0467 describes a remote code execution vulnerability in Android’s Mediaserver. An attacker could exploit memory corruption during media file and data processing by using a specially crafted file, enabling code execution within the Mediaserver process. Affected versions are Android 6.0–7....

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.68 views

CVE-2017-0745

CVE-2017-0745 is a remote code execution vulnerability in the Android media framework, specifically the avc decoder. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected documents consistently describe the issue as a media-framework fault enablin...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2024/11/27 7:18 p.m.68 views

CVE-2017-13316

CVE-2017-13316 affects the Android RecognitionService.java: a missing permission check in checkPermissions could allow a local attacker to bypass permissions and escalate privileges without extra execution privileges or user interaction. The Red Hat and NVD/NVD-derived entries confirm the same de...

8.4CVSS8.5AI score0.00079EPSS
CVE
CVE
added 2017/08/11 3:0 p.m.68 views

CVE-2017-8259

CVE-2017-8259 is a buffer overflow in Qualcomm CAF Android/Linux kernel service locator. Root cause: a buffer size variable is not used to indicate the actual buffer size. Documented impact is high severity with local code execution possibilities, requiring user interaction (CVSS3: HIGH, LOCAL, U...

7.8CVSS7.5AI score0.0046EPSS
CVE
CVE
added 2018/03/30 3:0 p.m.68 views

CVE-2017-9681

In CVE-2017-9681, the issue affects Android devices using the Linux kernel in Qualcomm MSM/CAF builds (including Firefox OS for MSM and QRD Android). The vulnerability arises when a user-supplied kernel memory address is passed from userspace through the iris_vidioc_s_ext_ctrls ioctl, causing the...

6.5CVSS5.9AI score0.00456EPSS
CVE
CVE
added 2019/09/06 2:18 p.m.68 views

CVE-2018-6240

CVE-2018-6240 affects NVIDIA Tegra BootRom. A local attacker with kernel privileges can write an arbitrary value to an arbitrary physical address, enabling escalation of privileges. Connected NVIDIA advisories confirm this vulnerability and map fixes to specific Jetson/Linux-for-Tegra releases: T...

7.8CVSS7.3AI score0.0018EPSS
CVE
CVE
added 2019/02/13 10:0 p.m.68 views

CVE-2018-6267

CVE-2018-6267 affects NVIDIA’s Tegra OpenMax driver (libnvomx): a missing/incorrect validation of input can affect control or data flow, potentially enabling DoS or elevation of privilege. Public NVIDIA bulletins confirm this CVE is addressed as part of Jetson TX1/TX2 L4T updates; remediation inv...

9.3CVSS7.5AI score0.00816EPSS
CVE
CVE
added 2024/12/04 11:33 p.m.68 views

CVE-2018-9407

CVE-2018-9407 : In emmc_rpmb_ioctl of emmc_rpmb.c there is a Missing Bounds Check, leading to potential information disclosure of kernel data. Connected sources confirm this issue on Google Pixel devices and reference the Android Pixel/Nexus security bulletin, which states that patch levels of 20...

6.5CVSS6.2AI score0.00087EPSS
CVE
CVE
added 2024/12/02 9:23 p.m.68 views

CVE-2018-9418

CVE-2018-9418 involves a possible stack buffer overflow in the Android kernel/user-space component described as dtif_rc.cc:handle_app_cur_val_response, caused by a missing bounds check. The Red Hat/NVD/CVE records align with the Android Pixel/Nexus security bulletin noting this issue as a Remote ...

9.8CVSS7.1AI score0.00255EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.68 views

CVE-2018-9488

CVE-2018-9488 is an Android local‑privilege-escalation vulnerability rooted in SELinux permissions for crash_dump.te, allowing an unprivileged user to escalate to System via a multi-stage chain (zygote → crash_dump → vold → init/kernel). Publicly linked PoCs and analyses describe how an attacker ...

7.8CVSS7.5AI score0.00426EPSS
CVE
CVE
added 2019/04/19 7:44 p.m.68 views

CVE-2019-2029

CVE-2019-2029 is a real Android vulnerability affecting Bluetooth handling in tm_ble.c (btm_proc_smp_cback), described as memory corruption via use-after-free that could enable remote code execution with no extra privileges and requires user interaction to exploit. The issue impacts Android versi...

8.8CVSS8.8AI score0.00712EPSS
CVE
CVE
added 2019/05/08 4:22 p.m.68 views

CVE-2019-2043

CVE-2019-2043 describes a local elevation-of-privilege in Android’s SmsDefaultDialog.onStart due to an overlay attack. The vulnerability could allow a malicious local app to gain privileges without extra user consent, with user interaction required for exploitation and impact on Android 7.0–9. Th...

7.3CVSS7.2AI score0.00178EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-2059

CVE-2019-2059 affects Android 10 in the libxaac library, where a missing bounds check can cause an out-of-bounds write. This vulnerability could enable remote code execution with user interaction required. The issue is documented across multiple sources (e.g., NVD and Red Hat advisories) with And...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/07/08 5:41 p.m.68 views

CVE-2019-2119

CVE-2019-2119 affects Android: multiple functions in key_store_service.cpp allow local information disclosure due to improper locking. Impact is disclosure of protected data with no extra privileges and no user interaction required. Affected versions (from discussed entries): Android 8.0, 8.1, an...

5.5CVSS5AI score0.00115EPSS
CVE
CVE
added 2019/11/13 5:44 p.m.68 views

CVE-2019-2213

CVE-2019-2213 : A race in binder_free_transaction in binder.c can cause a use-after-free, enabling local privilege escalation without extra privileges. Exploitation is described as LOCAL with no user interaction and relies on the Android kernel’s binder subsystem; it references upstream kernel fi...

7.4CVSS7.4AI score0.00146EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9237

CVE-2019-9237 describes a Bluetooth out-of-bounds read in Android 10 due to a missing bounds check, enabling potential remote information disclosure. Exploitation requires user interaction, and the issue does not require elevated privileges beyond what the user already has. Affected product is An...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9257

CVE-2019-9257 affects Android 10 Bluetooth stack. The flaw is an out-of-bounds write caused by an integer overflow in Bluetooth, enabling local escalation of privilege with no user interaction required. Affected component: Bluetooth handling in Android 10; impact is local attacker privilege escal...

7.8CVSS8.2AI score0.00156EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9306

CVE-2019-9306 affects Android 10 Media Framework, specifically the libMpegTPDec component, where an out-of-bounds write caused by an integer overflow could enable remote code execution with user interaction. The issue is documented across multiple sources (NVD/Red Hat/PRION) with the Android bull...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9337

CVE-2019-9337 affects Android 10 via the libavc component, causing information disclosure from uninitialized data. Impact: remote information disclosure without additional execution privileges, with user interaction required for exploitation. Root cause: uninitialized data in libavc. Affected pro...

6.5CVSS6.1AI score0.00769EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9370

Summary: CVE-2019-9370 affects the Android 10 platform’s sonivox component, where an out-of-bounds read occurs due to an incorrect bounds check. This can lead to remote information disclosure, with no additional execution privileges required, and requires user interaction to exploit. The issue is...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9380

CVE-2019-9380 affects Android 10, specifically a spoofing vulnerability in the Settings UI due to a missing permission check in the Framework. The underlying issue could allow a user to inadvertently change permission settings without additional execution privileges. Exploitation requires user in...

6.5CVSS6.8AI score0.00474EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9408

CVE-2019-9408 affects Android 10 via the libavc component in the Media Framework. Root cause: uninitialized data in libavc can lead to information disclosure. Impact: remote information disclosure without full execution privileges; CVSS notes show confidentiality impact (PARTIAL to HIGH) dependin...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9413

Summary (CVE-2019-9413) : A Bluetooth component in Android 10 contains an out-of-bounds read due to a missing bounds check, enabling remote information disclosure without extra privileges or user interaction. It is documented with CVSS vectors: CVSS v2 base score 5.0 (Medium) and CVSS v3.1 base s...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.68 views

CVE-2019-9422

CVE-2019-9422 affects the Android 10 Bluetooth stack, where an out-of-bounds read due to a missing bounds check could lead to remote information disclosure without user interaction. The entry can be exploited over the network (per CVSS). The vulnerability is addressed in the Android 10 security r...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2020/03/10 8:4 p.m.68 views

CVE-2020-0056

CVE-2020-0056 is an Android 10 vulnerability affecting the btu_hcif_connection_comp_evt function in btu_hcif.cc, where a missing bounds check can trigger an out-of-bounds read. This may lead to local information disclosure without requiring privileges or user interaction. The issue is documented ...

5.5CVSS5.7AI score0.00156EPSS
CVE
CVE
added 2020/03/10 8:4 p.m.68 views

CVE-2020-0057

CVE-2020-0057 affects Android 10, in btm_process_inq_results (btm_inq.cc) where a missing bounds check enables an out-of-bounds read that can disclose information locally without user interaction or additional privileges. Public documentation indicates mitigation via the March 2020 Android securi...

5.5CVSS5.7AI score0.00156EPSS
CVE
CVE
added 2020/09/18 3:22 p.m.68 views

CVE-2020-0295

CVE-2020-0295 affects Android 11’s Telecom stack, where an unsafe PendingIntent allows a permission bypass leading to local information disclosure with user-execution privileges required. Exploitation is listed as local and does not require user interaction, with the impact stated as partial conf...

5.5CVSS5.8AI score0.00141EPSS
CVE
CVE
added 2020/06/04 5:5 p.m.68 views

CVE-2020-13833

CVE-2020-13833 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue enables arbitrary file overwrites in the system area via a symlink attack. The root cause is a symlink-based overwrite vulnerability in the system area, leading to potential integrity impact (unauthorized...

9.1CVSS9.1AI score0.00461EPSS
CVE
CVE
added 2020/11/08 4:3 a.m.68 views

CVE-2020-28341

The CVE-2020-28341 entry concerns Samsung mobile devices running Q(10.0) on Exynos990 chips, where the S3K250AF Secure Element CC EAL 5+ chip is affected. The underlying issue is a buffer overflow in the Secure Element component, leading to arbitrary code execution and leakage of sensitive inform...

7.8CVSS7.9AI score0.00185EPSS
Total number of security vulnerabilities8153