Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2019/05/08 4:25 p.m.67 views

CVE-2019-2046

CVE-2019-2046 affects Android System; the vulnerability is in CalculateInstanceSizeForDerivedClass in objects.cc, causing memory corruption via integer overflow and enabling remote code execution in the proxy auto-config via PAC file processing. No user interaction required. Affected Android vers...

10CVSS9.3AI score0.01334EPSS
CVE
CVE
added 2019/07/08 5:39 p.m.67 views

CVE-2019-2113

CVE-2019-2113 affects Android 9 (Pie) in the System component. The issue stems from a bypass in the setup wizard that skips certain checks when Wi-Fi is not connected, enabling a factory reset protection bypass with no additional privileges and no required user interaction. The vulnerability is c...

5.5CVSS5.4AI score0.00134EPSS
CVE
CVE
added 2019/07/08 5:41 p.m.67 views

CVE-2019-2118

CVE-2019-2118 affects Android (8.0–9) due to uninitialized/partially initialized stack variables in Parcel.cpp, enabling local information disclosure without user interaction. Impact and exploitation details are limited to the Android security bulletin references; no explicit exploit code or vect...

5.5CVSS5.1AI score0.00165EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-2160

CVE-2019-2160 affects the Android 10 libxaac library, where a missing bounds check can cause an out-of-bounds read. This leads to potential information disclosure without executing code, with user interaction required for exploitation. The vulnerability is documented across multiple feeds (NVD/Re...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-2170

CVE-2019-2170 is an information-disclosure vulnerability in the libxaac library on Android 10 caused by uninitialized data. Impact: potential information exposure without full execution privileges; CVE description notes user interaction is required for exploitation, with confidentiality impact ra...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9283

CVE-2019-9283 affects the Android 10 AAC Codec, where a vulnerability in input validation can cause resource exhaustion leading to a remote Denial of Service. The impact is DoS with high availability impact, and exploitation requires user interaction. The root cause is improper input validation w...

6.5CVSS6.8AI score0.00875EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9289

CVE-2019-9289 affects Android 10 via a Bluetooth information-disclosure flaw caused by a missing bounds check that enables a local information leak without user interaction. The issue is described as an out-of-bounds read in Bluetooth, potentially exposing sensitive data on affected devices. The ...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9304

CVE-2019-9304 affects the Android 10 Media Framework, specifically the libMpegTPDec component. The issue is a possible out-of-bounds write caused by an integer overflow in a decoding path, which could enable remote code execution. Exploitation requires user interaction, and the risk is tied to th...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9354

CVE-2019-9354 affects Android 10 with the NFC server: an out-of-bounds read caused by a missing bounds check could enable information disclosure without executing code, with user interaction required for exploitation. The issue is categorized as a network-reachable vulnerability under the NFC sub...

6.5CVSS6.4AI score0.00652EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9356

CVE-2019-9356 affects Android 10 NFC server and is caused by a missing bounds check that enables an out-of-bounds read. This can lead to local information disclosure with no additional execution privileges required, and user interaction is needed for exploitation. The issue is documented in Andro...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9372

In CVE-2019-9372, the issue is in libskia on Android 10 where a missing null check can cause a crash, resulting in remote denial of service. The CVSS metrics indicate NETWORK attack vector, low attack complexity, no privileges required, and user interaction required, with an availability impact o...

7.1CVSS6.8AI score0.00685EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.67 views

CVE-2019-9430

CVE-2019-9430 is a Bluetooth vulnerability affecting Android 10 where a null pointer dereference due to a missing null check could enable remote DoS without user interaction. The issue is described as a Bluetooth component failure in Android 10, with the root cause categorized as a null pointer d...

7.5CVSS7.6AI score0.00987EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.67 views

CVE-2020-0084

CVE-2020-0084 affects Android 10, where several functions in NotificationManagerService.java lack permission checks. This enables local escalation of privilege by creating fake system notifications with no extra privileges, and exploitation does not require user interaction. The Pixel Update Bull...

7.8CVSS8.2AI score0.0015EPSS
CVE
CVE
added 2020/10/06 6:36 p.m.67 views

CVE-2020-26602

CVE-2020-26602 affects Samsung mobile devices (EthernetNetwork component) on Android 8.1–11.0. The issue allows an unprivileged process with PendingIntent to access the SD card. This can enable unintended data exposure and potential abuse of card access through networked interaction. Root cause: ...

7.5CVSS7.5AI score0.00431EPSS
CVE
CVE
added 2021/06/22 11:2 a.m.67 views

CVE-2021-0537

CVE-2021-0537 refers to an elevation-of-privilege in Android’s WiFiInstaller.java. The issue arises on Android 11 where an attacker could exploit a tapjacking/overlay attack during onCreate to install a malicious Hotspot 2.0 configuration, enabling local privilege escalation with user-interaction...

7.3CVSS7.2AI score0.00115EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.67 views

CVE-2021-1017

Consolidated findings for CVE-2021-1017 (Android 12): The issue arises from a missing permission check in AdapterService and GattService definitions in AndroidManifest.xml, enabling local privilege escalation by disabling Bluetooth connectivity. Affected component(s): Android’s Bluetooth framewor...

7.8CVSS7.7AI score0.0012EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.67 views

CVE-2021-1029

CVE-2021-1029 affects the Android graphics SurfaceFlinger component. In setClientStateLocked, a use-after-free leads to an out-of-bounds write, enabling local privilege escalation with no extra execution privileges required. This vulnerability is reported across multiple sources (NVD, Red Hat, CN...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.67 views

CVE-2021-1046

CVE-2021-1046 affects the Android kernel, specifically the lwis_dpm_update_clock function in lwis_device_dpm.c. The issue is an out-of-bounds read caused by an incorrect bounds check, which could enable local information disclosure with System-level privileges required. Exploitation does not requ...

4.4CVSS4.3AI score0.00119EPSS
CVE
CVE
added 2021/03/04 9:5 p.m.67 views

CVE-2021-25345

CVE-2021-25345 concerns Samsung hwcomposer. Descriptions across sources identify a graphics format mismatch when hwcomposer converts video formats, occurring prior to SMR Mar-2021 Release 1, which results in a kernel panic due to an unsupported format. The vulnerability is tied to the hwcomposer ...

5.5CVSS5.3AI score0.00119EPSS
CVE
CVE
added 2022/08/11 3:12 p.m.67 views

CVE-2022-20263

CVE-2022-20263 affects Android 13 in the ActivityManager component. The root cause is a missing permission check that allows reading the process state of other users, enabling local information disclosure of app usage. Exploitation is local, with no user interaction required, and requires User pr...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/06/06 5:41 p.m.67 views

CVE-2022-21761

CVE-2022-21761 affects the apusys driver, where an integer overflow can trigger a system crash. This could lead to local denial of service with SYSTEM privileges required and no user interaction. The reported remediation is patch ALPS06479532 (Issue ALPS06479532). The connected sources confirm th...

4.9CVSS4.6AI score0.00103EPSS
CVE
CVE
added 2022/07/06 1:6 p.m.67 views

CVE-2022-21770

CVE-2022-21770 concerns a vulnerability in the sound driver where a symlink following flaw can lead to local information disclosure, with System execution privileges needed. The NVD entry states an impact on confidentiality, integrity, and availability (C/I/A: Partial/Partial/Partial) and a local...

6.7CVSS5.9AI score0.00129EPSS
CVE
CVE
added 2022/07/06 1:6 p.m.67 views

CVE-2022-21772

The CVE-2022-21772 entry concerns the TEEI driver, where a race condition can cause type confusion and lead to local escalation of privileges with System rights, requiring no user interaction. The vulnerability context and impact are documented across multiple sources (NVD, Red Hat, PRION, CVE li...

6.7CVSS6.6AI score0.00086EPSS
CVE
CVE
added 2022/08/01 1:56 p.m.67 views

CVE-2022-21791

CVE-2022-21791 affects MediaTek camera ISP components, causing an out-of-bounds read due to a missing bounds check. This could enable local information disclosure with SYSTEM execution privileges needed and requires no user interaction. Patch ALPS06478059 (Issue ALPS06478059) has been issued; aff...

4.4CVSS4.2AI score0.00095EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.67 views

CVE-2022-22271

CVE-2022-22271 concerns Samsung TIMA Trustlet where a missing input validation before memory copy allows copying data from arbitrary memory. Connected sources (e.g., PT-2022-15317) specify that TIMA Trustlet versions prior to SMR Jan-2022 Release 1 are affected; remediation is to update to SMR Ja...

5.5CVSS5.5AI score0.0011EPSS
CVE
CVE
added 2022/08/01 1:58 p.m.67 views

CVE-2022-26435

CVE-2022-26435: A type confusion in the mailbox component can cause an out-of-bounds write, enabling local privilege escalation to System level without user interaction. Documents (NVD/Red Hat/NVD list) cite Patch ALPS07138435/Issue ALPS07138435 as the remediation. Exploitation status is not prov...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2022/06/07 5:54 p.m.67 views

CVE-2022-30712

CVE-2022-30712 relates to an elevation-of-privilege issue in Samsung KfaOptions on Samsung mobile devices. The root cause is a lack of proper authentication logic in KfaOptions, permitting an attacker to launch certain activities. Multiple sources corroborate this vulnerability description and ti...

9.1CVSS9.1AI score0.00239EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.67 views

CVE-2022-32589

The CVE-2022-32589 entry concerns a denial-of-service issue in the Wi‑Fi driver related to improper resource release in MediaTek-based implementations. Affected component is the Wi‑Fi driver; root cause is improper resource handling leading to a remote DoS without requiring privileges or user int...

7.5CVSS7.3AI score0.00616EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.67 views

CVE-2022-32592

The CVE-2022-32592 entry concerns MediaTek chipsets with a flaw in the cpu dvfs subsystem, where a missing bounds check enables an out-of-bounds write. This can allow local privilege escalation to SYSTEM with no user interaction required. The only remediation information present is Patch ID ALPS0...

6.7CVSS6.7AI score0.00125EPSS
CVE
CVE
added 2022/08/05 3:19 p.m.67 views

CVE-2022-33721

CVE-2022-33721 affects Samsung DeX for PC prior to SMR Aug-2022 Release 1, due to improper handling of PendingIntent that enables a local attacker to access files with system privileges. The Red Hat/NVD entries reiterate the same description; Red Hat lists it under CVE-2022-33721, and other sourc...

5.5CVSS5.5AI score0.00103EPSS
CVE
CVE
added 2022/08/05 3:20 p.m.67 views

CVE-2022-33726

CVE-2022-33726 involves Samsung Galaxy Friends prior to the SMR Aug-2022 Release 1, where an unprotected dynamic receiver enables an attacker to launch an activity. The vulnerability arises from an unprotected component that can be invoked by local attackers, leading to unintended activity initia...

3.3CVSS4.1AI score0.00087EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.67 views

CVE-2022-38698

CVE-2022-38698 involves a missing permission check in the messaging service that enables elevation of privilege in the contacts service. The vulnerability is exploitable locally with low privileges and does not require user interaction. The CVSSv3.1 metrics indicate a high impact on confidentiali...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.67 views

CVE-2022-39887

CVE-2022-39887 refers to an improper access‑control vulnerability in the Samsung MiscPolicy function clearAllGlobalProxy (before SMR Nov-2022 Release 1) that allows a local attacker to configure EDM settings. The NVD entry shows a low to medium overall risk depending on vector/impact metrics, wit...

4.3CVSS4AI score0.00082EPSS
CVE
CVE
added 2023/11/29 9:29 p.m.67 views

CVE-2022-42538

CVE-2022-42538 is listed in the Chromecast Security Bulletin as an Elevation of Privilege affecting Chromecast devices, under the AMLogic Secure Monitor component. The NVD entry assigns a CVSS v3.1 base score of 9.8 (CRITICAL), with network attack vector, low attack complexity, and no user intera...

9.8CVSS9.5AI score0.0031EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.67 views

CVE-2022-47343

In CVE-2022-47343 , the issue is a missing permission check in engineermode services , enabling local denial of service. The provided documents confirm the affected area but do not specify product versions, exploit details, or concrete remediation steps. Exploitation status and patches are not de...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.67 views

CVE-2023-20715

CVE-2023-20715 affects the wlan component in MediaTek-based devices. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with SYSTEM execution rights required. Exploitation reportedly does not require user interaction. The vulnerability’s ...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.67 views

CVE-2023-20729

CVE-2023-20729 reflects a WLAN module issue in MediaTek chips where a missing bounds check enables an out-of-bounds read. The vulnerability could lead to local information disclosure, with execution privileges required and no user interaction needed. Documented impact is limited to information di...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.67 views

CVE-2023-20805

The CVE-2023-20805 entry concerns the imgsys component. A missing bounds check leads to an out-of-bounds write, enabling local escalation of privileges with System execution privileges required. Exploitation reportedly does not require user interaction. A patch is available (Patch ID: ALPS0719977...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.67 views

CVE-2023-21146

CVE-2023-21146 affects the Android kernel. The described flaw is a use-after-free memory corruption that could enable local privilege escalation to SYSTEM with System execution privileges needed, and requires no user interaction. Exploitation details and concrete fixes are not provided in the sup...

6.7CVSS6.6AI score0.00096EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.67 views

CVE-2023-21375

CVE-2023-21375 affects Sysproxy with an out-of-bounds write caused by an integer underflow. The vulnerability enables local privilege escalation without extra execution privileges and does not require user interaction. Public documentation reports this issue but provides no concrete exploit detai...

7.8CVSS7.9AI score0.00095EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.67 views

CVE-2023-32825

The CVE-2023-32825 entry documents an out-of-bounds read in the bluethooth service due to improper input validation, enabling local information disclosure without user interaction. The vulnerability affects the bluethooth component described in the MediaTek context and is associated with patch AL...

5.5CVSS5.1AI score0.00082EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.67 views

CVE-2023-32875

CVE-2023-32875 affects MediaTek platforms via the keyInstall function. The root cause is a missing bounds check in keyInstall, enabling local information disclosure and requiring System privileges for exploitation; no user interaction is needed. The CVE entry cites Patch ID ALPS08308607 and Issue...

4.4CVSS4.3AI score0.00091EPSS
CVE
CVE
added 2023/10/11 7:20 p.m.67 views

CVE-2023-35648

CVE-2023-35648 affects Google Pixel baseband firmware through a missing bounds check in ProtocolMiscLceIndAdapter::GetConfLevel() within protocolmiscadapter.cpp. This causes an out-of-bounds read that could enable remote information disclosure and requires baseband firmware compromise, with no us...

9.8CVSS8.2AI score0.00337EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.67 views

CVE-2023-40652

CVE-2023-40652 concerns the jpg driver failing due to an out-of-bounds write caused by improper input validation. The vulnerability allows local denial of service with System execution privileges required, as stated in the NVD entry. Connected records corroborate the issue location but do not pro...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.67 views

CVE-2024-20047

CVE-2024-20047 is a MediaTek-related vulnerability in the battery component. The issue is described as an out-of-bounds read caused by an integer overflow, potentially enabling local information disclosure with System privileges required. User interaction is not needed for exploitation. A patch i...

5.4CVSS5.9AI score0.00218EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.67 views

CVE-2024-20052

In flashc (MediaTek chip/software context), an uncaught exception can cause information disclosure, potentially enabling local information exposure with System privileges. Exploitation requires local access; no user interaction is needed. A patch is referenced (ALPS08541757 / ALPS08541761). No ot...

4.4CVSS6AI score0.00101EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.66 views

CVE-2015-8942

Summary of CVE-2015-8942 (CVE entry) : In Android on Nexus 6, the Qualcomm component driver at drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c fails to validate the stream state, enabling a local attacker with a crafted application to gain privileges. The issue is tied to the Qualcomm in...

9.3CVSS7.5AI score0.00532EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.66 views

CVE-2016-6749

CVE-2016-6749 is an information-disclosure vulnerability in Qualcomm components used by Android (GPU driver, power driver, SMSM Point-to-Point driver, and sound driver) that could let a local malicious app access data outside its permissions if a privileged process is compromised. Android ID A-30...

5.5CVSS5.1AI score0.00367EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.66 views

CVE-2017-0411

CVE-2017-0411 is an elevation-of-privilege vulnerability in the Android Framework APIs that could let a local malicious application execute arbitrary code within a privileged process. Affected product: Android (Framework APIs). Vulnerable versions (per initial entry): Android 7.0 and 7.1.1 (Andro...

9.3CVSS7.2AI score0.02866EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.66 views

CVE-2017-0474

CVE-2017-0474 is a remote code execution vulnerability in Android’s Mediaserver. The issue allows memory corruption when processing specially crafted media files, enabling a remote attacker to execute code within the Mediaserver process on affected devices. Affected products/versions identified i...

9.3CVSS7.6AI score0.02139EPSS
Total number of security vulnerabilities8153