Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/06/14 1:0 p.m.66 views

CVE-2017-0642

CVE-2017-0642 describes a remote denial-of-service in libhevc within Mediaserver on Android. The vulnerability can be triggered by processing a specially crafted media file, potentially causing the device to hang or reboot. Affected Android versions are 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7...

7.1CVSS5.5AI score0.00715EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.66 views

CVE-2017-0644

CVE-2017-0644 is an Android Mediaserver/Media framework DoS vulnerability. A specially crafted file could cause a device hang or reboot, enabling remote denial of service. Affected products/versions include Android 4.4.4–6.0.1. The issue is listed under the Android 2017-06-01 and 2017-06-05 patch...

7.1CVSS5.5AI score0.00648EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.66 views

CVE-2017-0647

CVE-2017-0647 describes a local information-disclosure vulnerability in libziparchive used by Android. The issue allows a local malicious application to access data outside its permission levels. Affected are Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The core cause is info...

5.5CVSS4.7AI score0.00458EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.66 views

CVE-2017-0665

CVE-2017-0665 is an Android framework elevation of privilege (EoP) vulnerability affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The issue is listed as high severity with local attack vector but user interaction required, per CVSS. Public details in the Android July...

9.3CVSS7.4AI score0.00447EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.66 views

CVE-2017-0719

CVE-2017-0719 is a remote code execution vulnerability in the Android media framework (mpeg2 decoder) affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The available descriptions consistently cite RCE via the media framework’s MPEG-2 decoding path; the exact root cause is not detailed in the p...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.66 views

CVE-2017-0795

CVE-2017-0795 is a privilege-escalation vulnerability in the MediaTek accessory detector driver within the Android kernel. The issue is categorized as an EoP with high impact locally (no user interaction required in some contexts, per CVSS data). Affected component: MediaTek accessory detector dr...

9.3CVSS8AI score0.00414EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.66 views

CVE-2017-0842

CVE-2017-0842 is an Elevation of Privilege vulnerability in Android Bluetooth affecting Android 6.0–8.0. The issue allows a local attacker to gain privileges within the system Bluetooth stack. Public sources classify it as EoP with HIGH severity (CVSS v3 base 7.8). The vulnerability is documented...

7.8CVSS7.4AI score0.00165EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.66 views

CVE-2017-11067

CVE-2017-11067 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The vulnerability stems from an improper address sanity check in the Athdiag procfs entry, which may allow an out-of-range pointer offset. This is a local issue with a low attacker profile ...

7.8CVSS7.1AI score0.00151EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.66 views

CVE-2017-13236

CVE-2017-13236 affects the Android KeyStore service (Android 8.0/8.1). The issue is a permissions bypass in KeyStore that can grant access to protected resources, enabling local elevation of privilege with system execution privileges required. Exploitation is local and does not require user inter...

7.8CVSS7.6AI score0.00559EPSS
Web
CVE
CVE
added 2018/04/04 5:0 p.m.66 views

CVE-2017-13253

CVE-2017-13253 affects Android 8.0–8.1 via the Media framework CryptoPlugin::decrypt, where a missing bounds check in CryptoPlugin.cpp allows an out-of-bounds write. This can lead to local elevation of privilege, with user interaction required for exploitation. There is a patch listed in the Andr...

9.3CVSS7.7AI score0.02924EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.66 views

CVE-2017-13266

CVE-2017-13266 affects Android and is caused by a missing bounds check in the function avrc_pars_vendor_cmd of avrc_pars_tg.cc , leading to possible stack corruption. The consequence is remote code execution with no additional privileges and no user interaction required. Affected versions include...

10CVSS8.9AI score0.0188EPSS
CVE
CVE
added 2024/11/15 9:54 p.m.66 views

CVE-2017-13312

CVE-2017-13312 affects Android’s Media framework (MediaCas.java) where a parcel read/write mismatch in createFromParcel, due to improper input validation, can enable local elevation of privilege on Android 8.0 (Oreo). An app could start an activity with system privileges without extra execution p...

7.8CVSS6.9AI score0.00073EPSS
CVE
CVE
added 2018/03/06 4:0 p.m.66 views

CVE-2017-6284

CVE-2017-6284 describes a vulnerability in NVIDIA Security Engine’s DRBG where initialization/storage of sensitive data is flawed and encryption is weakened, potentially leading to information disclosure. NVIDIA’s NVIDIA Jetson TX1/TX2 Linux for Tegra updates (R28.3) address multiple issues inclu...

5.5CVSS5.5AI score0.00076EPSS
CVE
CVE
added 2024/12/04 9:59 p.m.66 views

CVE-2018-9396

CVE-2018-9396 affects the Mediatek port_rpc.c code path (drivers/misc/mediatek/eccci/port_rpc.c) where an incorrect bounds check enables an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM execution privileges needed, and exploitation does not require user interacti...

7.8CVSS6.9AI score0.00084EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.66 views

CVE-2018-9583

CVE-2018-9583 describes a remote code execution risk in the Android Bluetooth server due to an out-of-bounds write in bta_ag_parse_cmer (bta_ag_cmd.cc) across Android 7.0–9.0. Exploitation requires no user interaction and can occur over the network. The issue is listed in the Android Security Bul...

10CVSS7.6AI score0.02262EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.66 views

CVE-2019-2063

CVE-2019-2063 affects Android 10 via libxaac where an out-of-bounds write is caused by a missing bounds check. The issue can lead to remote code execution in the media server, requiring user interaction to exploit. The CVE is documented by NVD with a high-severity vector (CVSS 3.1: AV:N/AC:L/PR:N...

8.8CVSS8.9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.66 views

CVE-2019-2144

CVE-2019-2144 affects libxaac in Android 10, where a missing bounds check can cause an out-of-bounds read leading to information disclosure. The vulnerability does not grant privileges and requires user interaction to exploit. Exploitation details are not provided in the supplied documents. The i...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.66 views

CVE-2019-9261

CVE-2019-9261 affects Android 10 via the libxaac library. The issue is an out-of-bounds read caused by a missing bounds check within libxaac, leading to information disclosure. Exploitation requires user interaction, with network exposure possible per CVSS data. The vulnerability is documented ac...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2020/03/10 8:3 p.m.66 views

CVE-2020-0049

CVE-2020-0049 affects Android 10 Media Framework (StreamingSource.cpp: onReadBuffer()) with an information disclosure due to uninitialized data. Impact: potential remote information disclosure; exploitation requires user interaction. The issue is listed under Pixel security bulletins for CVE-2020...

6.5CVSS6.6AI score0.00732EPSS
CVE
CVE
added 2020/09/17 8:56 p.m.66 views

CVE-2020-0373

CVE-2020-0373 affects Android 11, specifically the SoundTriggerHwService component. The issue is a race-condition causing an out-of-bounds read, leading to local information disclosure without extra privileges or user interaction. Exploitation details are not provided in the documents. Mitigation...

4.7CVSS5AI score0.00106EPSS
CVE
CVE
added 2020/05/11 3:45 p.m.66 views

CVE-2020-12753

Summary (CVE-2020-12753): LG mobile devices running Android 7.2–10 are affected by an EL1/EL3 coldboot vulnerability in the bootloader affecting the raw_resources partition, enabling arbitrary code execution. The issue is identified as LG internal tag LVE-SMP-200006 (May 2020). Public sources in ...

9.8CVSS9.5AI score0.02472EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.66 views

CVE-2021-0994

CVE-2021-0994 corresponds to an Android information-disclosure flaw described across multiple sources (NVD, Red Hat RH-CVE, CNVD, OSV) where an attacker can infer if a target app is installed by exploiting a missing permission check in ConnectivityService.java (requestRouteToHostAddress). This ca...

3.3CVSS3.6AI score0.00104EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.66 views

CVE-2021-1023

CVE-2021-1023 relates to an Android information-disclosure issue in the RequestIgnoreBatteryOptimizations.java onCreate path. The vulnerability allows a local attacker to determine whether an app is installed without query permissions via side-channel information disclosure, requiring user intera...

5CVSS4.5AI score0.00117EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.66 views

CVE-2021-1047

CVE-2021-1047 affects Android kernel code (cm_access_control.c: valid_ipc_dram_addr). The issue arises from an integer overflow that enables an out-of-bounds read, leading to potential local information disclosure with system-level privileges. Exploitation is described as local and does not requi...

4.4CVSS4.3AI score0.00122EPSS
CVE
CVE
added 2021/04/06 7:18 a.m.66 views

CVE-2021-30162

CVE-2021-30162 affects LG mobile devices running Android 4.4–11. The issue involves ISMS services allowing attackers to bypass access control for specific content providers, identified by LG as LVE-SMP-210003 (April 2021). Public details across sources describe the vulnerability and its impact bu...

7.1CVSS6.9AI score0.00114EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.66 views

CVE-2021-39644

CVE-2021-39644 affects Google Pixel bootloader (Pixel component) with Elevation of Privilege (EoP) vulnerability. The Pixel security bulletin lists it under Pixel with High severity and a Bootloader impact. No exploitation details are provided in the provided connected documents. The remediation ...

9.8CVSS9AI score0.00453EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.66 views

CVE-2021-39652

CVE-2021-39652 affects the Android kernel component, specifically the sec_ts_parsing_cmds code. The root cause is an incorrect bounds check that can trigger an out-of-bounds write, enabling local escalation of privilege with SYSTEM-level execution rights. Exploitation requires no user interaction...

6.7CVSS6.7AI score0.00123EPSS
CVE
CVE
added 2022/07/13 6:27 p.m.66 views

CVE-2022-20234

CVE-2022-20234 affects Android 12L in the Car/AAOS context where the NotificationAccessConfirmationActivity is exported. An unprivileged app can supply a malicious component name while presenting a benign package title (e.g., Settings) to persuade users to grant notification access to the malicio...

7.5CVSS7.3AI score0.00343EPSS
CVE
CVE
added 2022/08/11 3:16 p.m.66 views

CVE-2022-20280

CVE-2022-20280 affects Android 13, specifically the MMSProvider component. The issue is described as an SQL injection vulnerability caused by improper input validation that permits reading protected data, potentially exposing short message service (SMS) and multimedia message service (MMS) data. ...

3.3CVSS4.5AI score0.00148EPSS
CVE
CVE
added 2022/08/11 3:25 p.m.66 views

CVE-2022-20316

This CVE-2022-20316 affects Android 13 ContentResolver. The vulnerability involves a side-channel information disclosure that can reveal whether an app is installed without query permissions, enabling local information disclosure with no additional execution privileges required. The issue is docu...

3.3CVSS4.2AI score0.00094EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.66 views

CVE-2022-26458

CVE-2022-26458 affects MediaTek vow. Root cause: a missing bounds check causing an out-of-bounds write, enabling local privilege escalation to SYSTEM with no user interaction. The patch reference ALPS07032678 is noted, but no affected versions or exploitation details are provided in the supplied ...

6.7CVSS6.7AI score0.00105EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.66 views

CVE-2022-32634

CVE-2022-32634 concerns the MediaTek ccci component, with an out-of-bounds write caused by improper input validation. The vulnerability could enable local escalation of privilege with SYSTEM execution privileges, and exploitation does not require user interaction. A patch is identified as ALPS071...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2022/07/11 1:33 p.m.66 views

CVE-2022-33686

CVE-2022-33686 affects Samsung GsmAlarmManager where sensitive information (ICCID) can be disclosed via logs due to insufficient protection. The issue is local in scope and is tied to GsmAlarmManager behavior prior to the SMR July 2022 Release 1. Public descriptions in NVD/Red Hat/CNVD and relate...

2.3CVSS3.7AI score0.00101EPSS
CVE
CVE
added 2022/08/05 3:15 p.m.66 views

CVE-2022-33717

The CVE-2022-33717 issue affects Samsung SEM TA Module before SMR Aug-2022 Release 1, where missing input validation before memory reads allows a local attacker to read out-of-bounds memory. Affected component: SEM TA memory-read path within the ROM/TA environment (Sem Ta). Impact is confidential...

4.4CVSS4.5AI score0.00092EPSS
CVE
CVE
added 2022/08/05 3:17 p.m.66 views

CVE-2022-33718

CVE-2022-33718 concerns Samsung devices with the Wi‑Fi Service before SMR AUG-2022 Release 1. The issue is an improper access control that lets untrusted applications manipulate the list of apps allowed to use mobile data. Impacted component is the Wi‑Fi Service; risk is that untrusted apps could...

6.2CVSS4.1AI score0.00086EPSS
CVE
CVE
added 2023/02/06 5:28 a.m.66 views

CVE-2022-47367

The CVE-2022-47367 entry concerns a missing permission check in the Bluetooth driver, enabling local information disclosure without additional execution privileges. Affected component: Bluetooth driver (no vendor/product/version details provided). Root cause: insufficient permission verification ...

5.5CVSS5.2AI score0.00088EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.66 views

CVE-2022-47492

CVE-2022-47492 affects the UNISOC soter service module. The root cause described across connected sources is a missing permission check in the soter service, which could allow a local attacker to cause a denial of service without gaining execution privileges. Documented impact is local availabili...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.66 views

CVE-2022-48369

CVE-2022-48369 affects UNISOC chipsets’ audio service, where a missing permission check in the audio service acts as the root cause. The vulnerability enables local privilege escalation (privileges required: low; attack vector: local; user interaction: none) with impact on confidentiality, integr...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.66 views

CVE-2023-20712

CVE-2023-20712 affects MediaTek WLAN code (wlan module) and is due to a missing bounds check, enabling an out-of-bounds write that can yield local privilege escalation to System level. Exploit requires LOCAL access with HIGH privileges and no user interaction. Patch: ALPS07796914 (Issue ALPS07796...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.66 views

CVE-2023-20801

In imgsys, a race condition leads to a use-after-free vulnerability that could allow local escalation of privileges with System execution privileges required. Exploitation does not require user interaction, per the CVE descriptions. Patch ALPS07420968 addresses this issue. There are no public exp...

6.4CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.66 views

CVE-2023-20837

CVE-2023-20837 affects the seninf component. The root cause is a missing bounds check that enables an out-of-bounds write, resulting in a local escalation of privilege with SYSTEM execution privileges required. The vulnerability does not require user interaction for exploitation. A patch is ident...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.66 views

CVE-2023-21159

CVE-2023-21159 affects the Android kernel component, specifically a missing bounds check in the Parse function of simdata.cpp, causing an out-of-bounds write that could enable local escalation of privilege with System-level execution rights and no user interaction required. In available connected...

6.7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.66 views

CVE-2023-21369

CVE-2023-21369 concerns Android: a permissions bypass in Usage Access that can cause a local denial of service by displaying a Settings usage access restriction toggle screen. Exploitation requires user interaction but not remote code execution; impact is limited to DoS on the device. Affected co...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.66 views

CVE-2023-21385

CVE-2023-21385 describes a memory corruption–related out-of-bounds read in Whitechapel that could enable local information disclosure without user interaction. The vulnerability is classified as a local issue with a high potential impact on confidentiality, per the NVD entry (CVSS v3.1: 5.5, MEDI...

5.5CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.66 views

CVE-2023-32806

CVE-2023-32806 affects the MediaTek WLAN driver and involves an out-of-bounds write caused by improper input validation. The issue can lead to local escalation of privileges with SYSTEM-level execution, requiring no user interaction. The vulnerability is described with a patch reference (ALPS0744...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2024/04/01 2:34 a.m.66 views

CVE-2024-20041

The CVE-2024-20041 entry affects MediaTek devices (da module) and is due to a missing bounds check causing an out-of-bounds read. This can lead to local information disclosure with System execution privileges needed; no user interaction is required. The public records cite Patch ID ALPS08541746 (...

4.4CVSS5.9AI score0.0022EPSS
CVE
CVE
added 2009/07/17 4:0 p.m.65 views

CVE-2009-2348

Android 1.5 CRBxx allows local users to bypass CAMERA and AUDIO_RECORD permission checks by installing an app that does not request permissions before using the camera or microphone. Affected: all 1.5 CRBxx variants. Root cause: improper permission verification in Android’s runtime/device policy ...

6.9CVSS6.3AI score0.0036EPSS
CVE
CVE
added 2012/11/30 11:0 a.m.65 views

CVE-2012-4222

CVE-2012-4222 refers to the Qualcomm KGSL kernel-mode driver in Android 2.3–4.2, where a crafted kgsl_ioctl input can trigger a NULL pointer dereference, causing DoS. Connected docs also cover CVE-2012-4220 (diagchar_core.c) and CVE-2012-4221 (diagchar_core.c/integer overflow) with local DIAG/DIA...

4.3CVSS6.2AI score0.00693EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.65 views

CVE-2015-6641

CVE-2015-6641: Bluetooth in Android 6.0 before 2016-01-01 allows a remote attacker who can pair with the device to obtain sensitive Contacts information. The vulnerability is discussed across multiple sources (NVD entry and Android Security Bulletin). The issue is tied to the Bluetooth implementa...

3.1CVSS4.9AI score0.00369EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.65 views

CVE-2016-0820

CVE-2016-0820 concerns the MediaTek Wi‑Fi kernel driver in Android 6.0.1 prior to 2016-03-01. The root cause is a linear data‑section overflow due to insufficient bounds checking, enabling a local attacker to gain privileges in the kernel via a crafted app. The Android Nexus bulletin confirms thi...

9.3CVSS7.2AI score0.00522EPSS
Total number of security vulnerabilities8153