8153 matches found
CVE-2022-20290
CVE-2022-20290 affects Android 13 and involves a permissions bypass in the Midi component that can reveal private MIDI devices, enabling local privilege escalation without user interaction. Exploitation details are not provided in the supplied documents. The issue is associated with Android 13 se...
CVE-2021-0769
The CVE-2021-0769 issue affects Google Android 12, specifically the AllowBindAppWidgetActivity.java onCreate path where an unclear UI can bypass user interaction requirements. This leads to local privilege escalation with no additional execution privileges needed, with exploitation requiring user...
CVE-2021-0984
CVE-2021-0984 affects Android 12, related to onNullBinding in ManagedServices.java. The issue is a permission bypass due to an incorrectly unbound service, enabling local elevation of privilege with no additional privileges and no user interaction required. Documents confirm vulnerability details...
CVE-2021-1000
The CVE-2021-1000 entry affects Android 12L and points to the ConnectedDevicesSliceProvider.java createBluetoothDeviceSlice, where an unsafe PendingIntent allows a permission bypass. This enables local privilege escalation with no extra execution privileges required, and no user interaction is ne...
CVE-2021-1011
CVE-2021-1011 affects Android 12 via a missing permission check in PackageManagerService.java during setPackageStoppedState, enabling local information disclosure without additional execution privileges. The issue allows disclosure of information to an attacker with local access and does not requ...
CVE-2021-1018
CVE-2021-1018 describes a local information-disclosure issue in Android 12: in AudioService.adjustStreamVolume, a side-channel could reveal whether an app is installed without query permissions, enabling limited information disclosure without extra privileges. Multiple connected records (NVD, Red...
CVE-2021-1020
CVE-2021-1020 affects Android 12 via snoozeNotification in NotificationListenerService.java, where improper input validation could allow disabling notifications for an arbitrary user, enabling local privilege escalation with user interaction required. In-text impact is described as local escalati...
CVE-2021-1032
CVE-2021-1032 affects Android 12 and is tied to getMimeGroup in PackageManagerService.java. The issue enables a side-channel disclosure that can reveal whether an app is installed without any query permissions, constituting a local information disclosure. Exploitation requires no user interaction...
CVE-2021-1043
CVE-2021-1043 affects Google Pixel devices (Pixel/Titan-M) as documented in the Pixel Update Bulletin. The issue is described as a downgrade attack due to under-utilized anti-rollback protections, enabling local information disclosure without additional execution privileges. Affected component: T...
CVE-2021-39767
CVE-2021-39767 affects Android 12L via the miniadb component, where an insecure default value permits read/write access to recovery system properties, enabling local elevation of privilege without extra execution privileges or user interaction. Impact is described as local elevation of privilege ...
CVE-2022-20272
CVE-2022-20272 affects Android 13 and is tied to the PermissionController component. The issue stems from misleading text about the default SMS app’s permission set, which could lead to local information disclosure. Impact is limited to information exposure with user privileges required and explo...
CVE-2022-20329
The CVE-2022-20329 entry concerns Android 13 where Wifi can be enabled without required permissions due to a missing permission check. Root cause: a permission-check gap in the Wifi pathway. Impact: local escalation of privilege without additional execution privileges, with exploitation described...
CVE-2022-21760
The CVE-2022-21760 entry affects the apusys driver, where an integer overflow can cause a system crash. This leads to local denial of service with SYSTEM privileges required, and no user interaction is needed for exploitation. Root cause: integer overflow in the apusys driver. A patch is availabl...
CVE-2022-21777
CVE-2022-21777 affects MediaTek Autoboot: a permission bypass caused by a missing permission check enables local escalation of privileges without user interaction. Multiple sources (NVD entry and Red Hat/CVE pages) describe the issue as allowing an attacker with local access to elevate privileges...
CVE-2022-21784
CVE-2022-21784 affects the WLAN driver on MediaTek-based platforms, caused by a missing bounds check that allows an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM privileges required, and exploitation reportedly does not require user interaction. References point ...
CVE-2022-26431
CVE-2022-26431 affects the MediaTek mailbox controller and is described as an out-of-bounds write caused by a missing bounds check. The issue could allow local escalation of privilege to System level with no user interaction required. Documented impact is high for confidentiality, integrity, and ...
CVE-2022-27574
CVE-2022-27574 affects the Samsung libsimba library prior to SMR Apr-2022 Release 1, caused by improper input validation in parser_iloc and sheifd_find_itemIndexin functions, enabling an out-of-bounds write by a privileged attacker. Documented impact indicators in NVD and Red Hat/CVE feeds descri...
CVE-2022-32628
CVE-2022-32628 describes an out-of-bounds write in the isp component caused by a missing bounds check, enabling local escalation of privilege with System-level execution privileges required. User interaction is not required. The vulnerability impact is described with high confidentiality, integri...
CVE-2022-33688
CVE-2022-33688 refers to a local-information-disclosure vulnerability in Samsung SecTelephonyProvider’s EventType, allowing a user with log access to extract IMSI from device logs prior to the SMR July 2022 Release 1. The issue is described across multiple feeds (NVD, Red Hat, CNVD, CVE records) ...
CVE-2022-33714
CVE-2022-33714 affects Samsung devices’ SemWifiApBroadcastReceiver prior to the SMR Aug-2022 Release 1. The issue is described as an improper access control that allows an attacker to reset a setting value related to the mobile hotspot. Publicly stated impact is limited to local access scenarios;...
CVE-2022-33724
The CVE-2022-33724 entry concerns Exposure of Sensitive Information in the Samsung Dialer app, where a local attacker could access the ICCID via logs prior to SMR Aug-2022 Release 1. The Red Hat and other records corroborate the description; no exploit details or affected versions beyond this ris...
CVE-2022-36857
CVE-2022-36857 affects Samsung Photo Editor prior to SMR Sep-2022 Release 1. The root cause is improper authorization that allows physical attackers to read internal application data. Affected component is the Photo Editor within Samsung mobile devices running the referenced Software Maintenance ...
CVE-2022-36863
CVE-2022-36863 is a heap-based overflow in GetCorrectDbLanguageTypeEsPKc of libSDKRecognitionText.spensdk.samsung.so, affecting Samsung mobile SDK prior to the SMR Sep-2022 Release 1. Exploitation could cause a memory access fault; attack path is local and does not require user interaction per th...
CVE-2022-47358
Technical details about CVE-2022-47358 are not publicly provided in the supplied documents; no affected products/versions are specified here. Monitor for updates in connected sources.
CVE-2023-20730
CVE-2023-20730 concerns the MediaTek WLAN module, where a missing bounds check enables a possible out-of-bounds read. The result is local information disclosure, with system execution privileges required for exploitation and no user interaction needed. Publicly documented patch: ALPS07573552 (Iss...
CVE-2023-20740
The CVE-2023-20740 issue affects the vcu component in certain MediaTek-based devices, caused by a logic error that can trigger memory corruption. This can lead to local escalation of privilege with SYSTEM privileges and does not require user interaction. A patch (ALPS07559819) is referenced as a ...
CVE-2023-20743
The CVE-2023-20743 issue affects the vcu module in MediaTek chips. It stems from improper locking that enables an out-of-bounds write, potentially allowing local escalation of privilege to SYSTEM level without user interaction. The vulnerability impact is described as high for confidentiality, in...
CVE-2023-21319
CVE-2023-21319 affects Android (UsageStatsService) and describes a side-channel information disclosure that could allow reading installed 3rd‑party apps. The root cause is local information disclosure without additional privileges or user interaction. The Android 14 Security Release Notes list th...
CVE-2023-21376
CVE-2023-21376 affects Android Telephony and is described as a logic error that allows local information disclosure by retrieving the ICCID without requiring user interaction. The primary impact is information disclosure with a high confidentiality impact and no demonstrated exploitation details ...
CVE-2023-21393
CVE-2023-21393 is a local elevation of privilege in Android Settings caused by a missing permission check that could allow a user to change the SIM without interaction. Exploitation is described as local with no user interaction and the impact is elevated permissions with high confidentiality, in...
CVE-2023-32810
The CVE-2023-32810 entry applies to the Bluetooth driver in MediaTek devices. The vulnerability is an out-of-bounds read caused by improper input validation in the Bluetooth driver, which can lead to local information leakage and potentially System-level execution privileges. Exploitation is desc...
CVE-2023-32877
CVE-2023-32877 affects MediaTek battery module with a missing bounds check causing an out-of-bounds write. This can enable local escalation of privilege with System execution privileges required; exploitation does not require user interaction. The provided documents consistently reference the iss...
CVE-2023-32891
CVE-2023-32891 relates to an out-of-bounds write in the bluetooth service caused by improper input validation. Affected component is described as the Bluetooth service (no specific vendor/version in provided text beyond MediaTek-linked sources). The underlying root cause is input validation weakn...
CVE-2023-52535
The CVE-2023-52535 issue affects the vsp driver (Unisoc/UNISOC-chipset context) and is caused by missing verification for an incorrect input. It is described as potentially enabling local denial of service with no additional privileges required. Publicly cited details come from PT-2024-14607 (Vsp...
CVE-2024-20037
CVE-2024-20037 affects the pq component/module, where an incorrect bounds check enables a potential write-what-where condition leading to local escalation of privilege with System-level execution privileges required. Exploitation is reported as local (no user interaction). Affected versions are n...
CVE-2024-20043
CVE-2024-20043 concerns a potential out-of-bounds write in the MediaTek component/module labeled as “da,” caused by a missing bounds check. The issue could allow local escalation of privilege to SYSTEM privileges without user interaction. Public exploitation details are not provided in the docume...
CVE-2025-20980
The CVE-2025-20980 entry concerns Samsung/libsavscmn with an out-of-bounds write that leads to memory corruption on devices running Android prior to 15. Affected component: libsavscmn (memory corruption vulnerability). Root cause: out-of-bounds write. Impact: local attackers could trigger memory ...
CVE-2015-6637
The CVE-2015-6637 issue is an elevation of privilege in the MediaTek misc-sd kernel driver used by Android prior to 5.1.1 LMY49F and 6.0 prior to 2016-01-01. A crafted application could exploit the driver to execute code with kernel privileges. Public sources describe it as a local privilege esca...
CVE-2016-0824
The CVE-2016-0824 issue affects Android 6.x via the libmpeg2 component in libstagefright. The vulnerability arises in libmpeg2’s handling of crafted Bitstream data, enabling an information disclosure that could bypass a protection mechanism and grant Signature or SignatureOrSystem access. Affecte...
CVE-2017-0396
CVE-2017-0396 is an information-disclosure vulnerability in Android’s Mediaserver. It affects Mediaserver’s libeffects component (visualizer/EffectVisualizer.cpp) and could allow a local malicious app to access data beyond its permission level. Affected versions span Android 4.4.4 through 7.1.1. ...
CVE-2017-0439
CVE-2017-0439 describes a local privilege-escalation vulnerability in the Qualcomm Wi‑Fi driver for Android, affecting Kernel-3.10 and Kernel-3.18. The issue could allow a local malicious app to execute arbitrary code in the kernel context after compromising a privileged process. The Android Prod...
CVE-2017-0547
CVE-2017-0547 is an information-disclosure vulnerability in Android’s Mediaserver (libmedia). The issue allows a local malicious application to access data outside its permission levels due to a bypass in Mediaserver protections. Affected Android versions include 4.4.4–7.1.1 (as listed in the ini...
CVE-2017-0625
The CVE-2017-0625 entry corresponds to an information disclosure vulnerability in the MediaTek command queue driver affecting Android. Connected CNVD records describe impact as local information disclosure enabling a malicious local app to access data outside its permissions, with Android version...
CVE-2017-0807
CVE-2017-0807 is an Elevation of Privilege in the Android framework’s UI subsystem. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID: A-35056974). The reference materials indicate this issue resides in the Framework UI component and was addresse...
CVE-2017-0834
CVE-2017-0834 is a remote code execution vulnerability in Android’s media framework (libmpeg2) affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID: A-63125953). The connected documents corroborate RCE in the Media Framework and list the affected versions; no explicit exp...
CVE-2017-11043
CVE-2017-11043 affects Qualcomm WLAN in Android (Android for MSM/CAF Linux kernel) with a WiFi driver function where an integer overflow may cause a heap buffer overflow. This is documented as a WLAN-related issue potentially enabling remote code execution. The provided sources describe the vulne...
CVE-2017-13252
The CVE (CVE-2017-13252) affects Android 8.0 and 8.1 via CryptoHal::decrypt in CryptoHal.cpp, where improper input validation causes an out-of-bounds write and a read from uninitialized memory. This yields local elevation of privilege with no extra execution privileges required, and exploitation ...
CVE-2018-9414
CVE-2018-9414 affects Google Pixel/Android Bluetooth stack. The issue is in the native function gattServerSendResponseNative (com_android_bluetooth_gatt.cpp), where a missing bounds check allows an out-of-bounds stack write. This can lead to local elevation of privilege with user execution privil...
CVE-2018-9429
CVE-2018-9429 involves an out-of-bounds read due to uninitialized data in the function buildImageItemsIfPossible of ItemTable.cpp, leading to possible information disclosure without extra privileges. The vulnerability is linked to Google Pixel/Nexus security context (Pixel bulletin) with a public...
CVE-2019-2046
CVE-2019-2046 affects Android System; the vulnerability is in CalculateInstanceSizeForDerivedClass in objects.cc, causing memory corruption via integer overflow and enabling remote code execution in the proxy auto-config via PAC file processing. No user interaction required. Affected Android vers...