Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid

7767 matches found

CVE
CVEadded 2023/09/04 3:15 a.m.52 views

CVE-2023-20847

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.

4.2CVSS4.4AI score0.00012EPSS
CVE
CVEadded 2023/06/28 6:15 p.m.52 views

CVE-2023-21146

there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239867994References: N/A

6.7CVSS6.6AI score0.0002EPSS
CVE
CVEadded 2023/06/28 6:15 p.m.52 views

CVE-2023-21153

In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndr...

6.7CVSS6.6AI score0.00026EPSS
CVE
CVEadded 2023/10/30 5:15 p.m.52 views

CVE-2023-21319

In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00017EPSS
CVE
CVEadded 2023/10/30 6:15 p.m.52 views

CVE-2023-21375

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00016EPSS
CVE
CVEadded 2023/10/30 6:15 p.m.52 views

CVE-2023-21385

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.0004EPSS
CVE
CVEadded 2023/09/04 3:15 a.m.52 views

CVE-2023-32810

In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212.

4.4CVSS4.4AI score0.00023EPSS
CVE
CVEadded 2024/04/08 3:15 a.m.52 views

CVE-2023-52535

In vsp driver, there is a possible missing verification incorrect input. This could lead to local denial of service with no additional execution privileges needed

4.4CVSS6.6AI score0.0002EPSS
CVE
CVEadded 2024/04/01 3:15 a.m.52 views

CVE-2024-20041

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541746; Issue ID: ALPS08541746.

4.4CVSS5.9AI score0.00049EPSS
CVE
CVEadded 2024/04/01 3:15 a.m.52 views

CVE-2024-20044

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541784; Issue ID: ALPS08541784.

6.6CVSS7AI score0.00041EPSS
CVE
CVEadded 2024/05/06 3:15 a.m.52 views

CVE-2024-20064

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229.

7.8CVSS7.1AI score0.00017EPSS
CVE
CVEadded 2025/09/02 11:15 p.m.52 views

CVE-2024-49730

In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00004EPSS
CVE
CVEadded 2025/08/26 11:15 p.m.52 views

CVE-2025-0084

In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.6AI score0.00022EPSS
CVE
CVEadded 2025/02/03 4:15 a.m.52 views

CVE-2025-20642

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issu...

6.6CVSS6.6AI score0.00013EPSS
CVE
CVEadded 2025/09/02 11:15 p.m.52 views

CVE-2025-22418

In multiple locations, there is a possible confused deputy due to Intent Redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00004EPSS
CVE
CVEadded 2025/09/02 11:15 p.m.52 views

CVE-2025-22421

In contentDescForNotification of NotificationContentDescription.kt, there is a possible notification content leak through the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f...

5.5CVSS5.1AI score0.00005EPSS
CVE
CVEadded 2025/09/02 11:15 p.m.52 views

CVE-2025-22427

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to grant notification access above the lock screen due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for ex...

7.3CVSS6.3AI score0.00006EPSS
CVE
CVEadded 2025/09/04 6:15 p.m.52 views

CVE-2025-26420

In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...

4.4CVSS6.3AI score0.00006EPSS
CVE
CVEadded 2025/09/04 6:15 p.m.52 views

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

4.4CVSS6.4AI score0.00006EPSS
CVE
CVEadded 2025/09/04 6:15 p.m.52 views

CVE-2025-26428

In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

3.2CVSS6.4AI score0.00007EPSS
CVE
CVEadded 2025/09/04 6:15 p.m.52 views

CVE-2025-26458

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.4AI score0.00007EPSS
CVE
CVEadded 2025/09/04 6:15 p.m.52 views

CVE-2025-32312

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...

7.8CVSS6.3AI score0.00024EPSS
CVE
CVEadded 2009/10/14 10:30 a.m.51 views

CVE-2009-2999

The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to C...

4.3CVSS6.6AI score0.01192EPSS
CVE
CVEadded 2015/10/01 12:59 a.m.51 views

CVE-2015-1528

Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.

9.3CVSS6.9AI score0.17098EPSS
CVE
CVEadded 2015/10/06 5:59 p.m.51 views

CVE-2015-3867

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.

10CVSS7.8AI score0.01467EPSS
CVE
CVEadded 2015/10/06 5:59 p.m.51 views

CVE-2015-6604

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.

10CVSS7.8AI score0.04944EPSS
CVE
CVEadded 2015/12/08 11:59 p.m.51 views

CVE-2015-6620

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.

9.3CVSS7AI score0.12567EPSS
CVE
CVEadded 2015/12/08 11:59 p.m.51 views

CVE-2015-6634

The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.

9.3CVSS7.8AI score0.00933EPSS
CVE
CVEadded 2016/03/12 9:59 p.m.51 views

CVE-2016-0820

The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358.

9.3CVSS7.2AI score0.00021EPSS
CVE
CVEadded 2017/03/08 1:59 a.m.51 views

CVE-2017-0474

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.02868EPSS
CVE
CVEadded 2017/06/14 1:29 p.m.51 views

CVE-2017-0644

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. An...

7.1CVSS5.5AI score0.00203EPSS
CVE
CVEadded 2017/07/06 8:29 p.m.51 views

CVE-2017-0665

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

9.3CVSS7.4AI score0.00035EPSS
CVE
CVEadded 2017/07/06 8:29 p.m.51 views

CVE-2017-0668

A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.

5.5CVSS5.5AI score0.00063EPSS
CVE
CVEadded 2017/07/06 8:29 p.m.51 views

CVE-2017-0695

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVEadded 2017/07/06 8:29 p.m.51 views

CVE-2017-0699

A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.

5.5CVSS5.5AI score0.00063EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.51 views

CVE-2017-0729

A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.

7.8CVSS7.4AI score0.00053EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.51 views

CVE-2017-0733

A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVEadded 2017/09/08 8:29 p.m.51 views

CVE-2017-0768

A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.

9.3CVSS7.9AI score0.00035EPSS
CVE
CVEadded 2017/11/16 11:29 p.m.51 views

CVE-2017-0839

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.

7.5CVSS6.8AI score0.00145EPSS
CVE
CVEadded 2017/11/16 11:29 p.m.51 views

CVE-2017-0841

A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.

9.3CVSS7.7AI score0.00886EPSS
CVE
CVEadded 2017/12/05 5:29 p.m.51 views

CVE-2017-11042

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

7.8CVSS7.1AI score0.00015EPSS
CVE
CVEadded 2017/10/10 8:29 p.m.51 views

CVE-2017-11061

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing cfg80211 vendor sub command QCA_NL80211_VENDOR_SUBCMD_ROAM, a buffer over-read can occur.

7.5CVSS7.1AI score0.00111EPSS
CVE
CVEadded 2018/04/04 4:29 p.m.51 views

CVE-2017-13287

In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.6AI score0.00034EPSS
CVE
CVEadded 2024/11/27 8:15 p.m.51 views

CVE-2017-13319

In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.8AI score0.00142EPSS
CVE
CVEadded 2017/05/12 8:29 p.m.51 views

CVE-2017-8246

In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the sam...

7.8CVSS7.2AI score0.00032EPSS
CVE
CVEadded 2017/08/18 6:29 p.m.51 views

CVE-2017-8255

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.

9.3CVSS7.4AI score0.00088EPSS
CVE
CVEadded 2017/11/16 10:29 p.m.51 views

CVE-2017-9702

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a user-space pointer is directly accessed in a camera driver.

7.8CVSS7.1AI score0.00016EPSS
CVE
CVEadded 2024/12/05 12:15 a.m.51 views

CVE-2018-9397

In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOBwrite due to a missing bounds check. This could lead to local escalation ofprivilege with System execution privileges needed. User interaction is notneeded for exploitation.

7.8CVSS6.7AI score0.00019EPSS
CVE
CVEadded 2024/12/05 12:15 a.m.51 views

CVE-2018-9398

In fm_set_stat of mediatek FM radio driver, there is a possible OOB writedue to improper input validation. This could lead to local escalation ofprivilege with System execution privileges needed. User interaction is notneeded for exploitation.

7.8CVSS6.7AI score0.00019EPSS
CVE
CVEadded 2019/05/08 5:29 p.m.51 views

CVE-2019-2051

In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android V...

7.8CVSS7AI score0.00396EPSS
Total number of security vulnerabilities7767