Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/01/31 6:0 p.m.65 views

CVE-2016-1940

CVE-2016-1940 affects Mozilla Firefox on Android (pre-44.0). A data: URL mishandling during shortcut opening or BOOKMARK/intent processing allows remote attackers to spoof the address bar. Affected: Firefox on Android before 44.0. Impact: address-bar spoofing. Mitigation: upgrade to Firefox 44.0 ...

5.3CVSS5.8AI score0.00666EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.65 views

CVE-2016-2060

CVE-2016-2060 is a local privilege escalation in Qualcomm/netd tethering controls caused by inadequate validation of the upstream interface parameter. FireEye’s analysis and Qualcomm advisories describe that untrusted interface values can be passed through addUpstreamV6Interface to netd, which ul...

9.3CVSS7.3AI score0.00466EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.65 views

CVE-2016-2427

The CVE-2016-2427 entry concerns AES-GCM-ICVlen = 12 octets in the AES-GCM implementation used by Android 5.x–6.x. The NVD description cites a potential weakness that could defeat cryptographic protection and reveal an authentication key via a crafted app. However, Android’s vendor notes state th...

5.5CVSS6.2AI score0.00417EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.65 views

CVE-2016-2430

CVE-2016-2430 affects Android debuggerd: libbacktrace/Backtrace.cpp in debuggerd on Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01. A crafted symbol name can escalate privileges within the same device (local). Root cause: vulnerable Backtrace handling ...

9.3CVSS7.5AI score0.00411EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.65 views

CVE-2017-0399

CVE-2017-0399 describes an information-disclosure vulnerability in the Qualcomm audio post processor path: libeffects at lvm/wrapper/Bundle/EffectBundle.cpp. It could allow a local malicious Android app to access data outside its permission level. Affected Android versions are 5.0.2, 5.1.1, 6.0, ...

5.5CVSS5.2AI score0.00462EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.65 views

CVE-2017-0443

CVE-2017-0443 describes an elevation of privilege in the Qualcomm Wi‑Fi driver on Android, allowing a local malicious application to execute arbitrary code in the kernel context. The vulnerability requires compromising a privileged process to gain initial access, and affects Android devices using...

7.6CVSS6.6AI score0.00882EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.65 views

CVE-2017-0445

CVE-2017-0445 is a kernel-privilege elevation in the HTC touchscreen driver affecting Google Pixel/Pixel XL devices (Android kernel 3.18). The connected CNVD entry confirms an HTC touchscreen driver flaw allowing a local malicious app to execute code in kernel context, i.e., a local privilege esc...

7.6CVSS6.6AI score0.0098EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.65 views

CVE-2017-0679

CVE-2017-0679 is a remote code execution vulnerability in the Android media framework. Affected products/versions: Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. Description in CVE notes a remote code execution vulnerability within the Media framework, with impact described as requiring user interact...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.65 views

CVE-2017-0761

CVE-2017-0761 affects Android's media framework (libavc). It is a remote code execution vulnerability impacting Android 6.0/6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0. The issue is documented in the Android Security Bulletin with patches released for the 2017-09-01/2017-09-05 patch levels; mitigation is to...

9.3CVSS7.9AI score0.01323EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.65 views

CVE-2017-0778

CVE-2017-0778 is an information disclosure vulnerability in Android’s Media Framework affecting Android 7.0, 7.1.1, and 7.1.2. The description confirms affected product and versions; the root cause and precise vulnerable component/function are not detailed in the provided documents. The NVD entry...

7.8CVSS6.8AI score0.0046EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.65 views

CVE-2017-0870

CVE-2017-0870 is an Elevation of Privilege flaw in Android’s framework component libminikin. Affected Android versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. The connected documents do not provide a detailed root-cause description beyond the libminikin EoP label, nor do they specify a patch/...

7.8CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2017/11/14 4:0 p.m.65 views

CVE-2017-6274

CVE-2017-6274 affects NVIDIA Tegra kernel: CORE DVFS thermal driver missing bounds checks can cause an out-of-bounds write in the kernel. Documents indicate impact as denial of service or privilege escalation. Affected products are Jetson TX1/TX2 with Linux for Tegra; remediation is to update to ...

9.8CVSS8.2AI score0.00451EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.65 views

CVE-2018-5829

The CVE-2018-5829 issue affects the WLAN stack in Android for MSM CAF builds (Linux kernel) and specifically the function wlan_hdd_cfg80211_set_privacy_ibss(). The vulnerability is a buffer over-read reported in Android releases using the affected CAF Linux kernel prior to the 2018-06-05 security...

7.8CVSS7.2AI score0.00872EPSS
CVE
CVE
added 2025/01/28 4:53 p.m.65 views

CVE-2018-9378

CVE-2018-9378 affects Android Pixel/Nexus devices via BnAudioPolicyService::onTransact in IAudioPolicyService.cpp. The issue is information disclosure caused by uninitialized data, enabling local information leakage without extra execution privileges and without user interaction. The documentatio...

6.2CVSS6AI score0.00085EPSS
CVE
CVE
added 2024/12/04 11:32 p.m.65 views

CVE-2018-9404

The CVE-2018-9404 issue affects Google Pixel/Nexus devices and is centered on the oemCallback function in ril.cpp, where an out-of-bounds write can result from an integer overflow. This could enable local elevation of privilege with System execution privileges required, and exploitation does not ...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.65 views

CVE-2019-2066

CVE-2019-2066 is an out-of-bounds write in libxaac on Android 10 that can lead to remote code execution. The vulnerability arises from a missing bounds check in libxaac, with exploitation requiring user interaction. Affected components: libxaac within Android 10. Reported impact includes remote c...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2020/04/17 1:22 p.m.65 views

CVE-2019-20771

CVE-2019-20771 affects LG mobile devices running Android 7.x–9.x. The WapService component is vulnerable to unconfirmed configuration changes via a modified OMACP message, enabling change of device configuration without user confirmation. Root cause: unverified OMACP processing in WapService (LG ...

7.5CVSS7.4AI score0.00346EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.65 views

CVE-2019-9250

CVE-2019-9250 affects Android 10 Bluetooth, describing an out-of-bounds read due to a missing bounds check that can lead to remote information disclosure. Impact is high (per CVSS 3.1: HIGH, confidentiality impact HIGH) with no user interaction required. Exploitation status is not detailed in the...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.65 views

CVE-2019-9287

CVE-2019-9287 is a Bluetooth-related information disclosure in Android 10 caused by a missing bounds check that enables a local out-of-bounds read. The vulnerability allows local disclosure without user interaction and with only local access; no remote code execution is described. The issue is la...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.65 views

CVE-2019-9310

CVE-2019-9310 affects Android 10 in the libFDK component, where an out-of-bounds write caused by an integer overflow could lead to remote code execution with no privileges. Exploitation requires user interaction. See Android 10 security notes; the vulnerability is listed under the Media Framework...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.65 views

CVE-2019-9420

CVE-2019-9420 describes an out-of-bounds read in the Android media stack (libhevc) caused by an integer overflow. This can lead to a remote denial-of-service on Android 10 devices, with exploitation requiring user interaction. The available connected documents confirm the issue location (libhevc)...

6.5CVSS6.8AI score0.00635EPSS
CVE
CVE
added 2020/02/13 2:20 p.m.65 views

CVE-2020-0014

CVE-2020-0014 is an Android elevation-of-privilege vulnerability affecting Android 8.0–10, where a malicious app could manually construct a TYPE_TOAST window to be clickable, enabling local privilege escalation without extra execution privileges. The issue requires user interaction to exploit and...

5.5CVSS5.6AI score0.00964EPSS
CVE
CVE
added 2020/02/13 2:21 p.m.65 views

CVE-2020-0023

CVE-2020-0023 affects Android 10 and is described as a local information disclosure in which a Bluetooth-enabled app could access user contacts due to a missing permission check in AdapterService.java. The vulnerability occurs in setPhonebookAccessPermission and could allow a malicious app to dis...

5.5CVSS5AI score0.00332EPSS
CVE
CVE
added 2020/02/13 2:22 p.m.65 views

CVE-2020-0028

CVE-2020-0028 affects Android 9 and is tied to the NetworkMonitor.java area, where a bypass of private DNS settings could allow remote information disclosure. Root cause: the notifyNetworkTested path and related functions enable DNS setting bypass, with exploitation requiring user interaction (UI...

7.1CVSS6.2AI score0.02683EPSS
CVE
CVE
added 2020/11/08 4:3 a.m.65 views

CVE-2020-28342

Technical details are not publicly available in the provided documents; no information on affected products, components, or fixes beyond the generic description. Monitor for updates.

7.8CVSS7.7AI score0.00305EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.65 views

CVE-2021-0977

CVE-2021-0977 affects Android 12 via phNxpNHal_DtaUpdate in phNxpNciHal_dta.cc, where an out-of-bounds write results from an incorrect bounds check. This can enable local escalation of privilege with System execution privileges required and does not require user interaction. Multiple connected so...

6.7CVSS6.7AI score0.00113EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.65 views

CVE-2021-0996

CVE-2021-0996 affects Android 12 where the out-of-bounds read occurs in nfaHciCallback within HciEventManager.cpp due to a missing bounds check. This leads to local information disclosure over NFC with System privileges required for exploitation, and does not require user interaction. Connected s...

4.5CVSS4.2AI score0.00161EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.65 views

CVE-2021-1012

CVE-2021-1012 affects Android 12 and is described in multiple sources as a side-channel information-disclosure vulnerability within NotificationAccessDetails.java (onResume), enabling an app to infer whether another app is installed without query permissions. The core issue is a local information...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.65 views

CVE-2021-1019

CVE-2021-1019 affects Android 12 where in snoozeNotification() of NotificationListenerService.java a permission confusion arises from a misleading user consent dialog. This enables local elevation of privilege with user interaction required for exploitation. The NVD notes a base CVSSv3.1 score of...

7.3CVSS7.2AI score0.00121EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.65 views

CVE-2022-20264

CVE-2022-20264 affects Android’s Usage Stats Service . The vulnerability describes a side-channel disclosure that can reveal whether an app is installed without requiring query permissions. The resulting exposure is a local information disclosure with no additional execution privileges, and explo...

5.5CVSS5.6AI score0.00105EPSS
CVE
CVE
added 2022/08/11 3:13 p.m.65 views

CVE-2022-20268

The CVE-2022-20268 entry concerns Android 13’s RestrictionsManager. A vulnerability allows sending a broadcast that should be restricted to system apps, bypassing permissions and enabling local privilege escalation on enterprise-managed devices without extra execution privileges. Exploitation req...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2022/08/11 3:16 p.m.65 views

CVE-2022-20281

In Android 13, CVE-2022-20281 affects the Core/Framework area, where a missing permission check could allow starting an activity from the background. This could lead to local elevation of privilege with user privileges and requires no user interaction for exploitation. The Android 13 security rel...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2022/08/11 3:16 p.m.65 views

CVE-2022-20282

CVE-2022-20282 affects Android 13: AppWidget can start an activity from the background due to a missing permission check, enabling local privilege escalation without extra execution privileges. Impact: local compromise with high confidentiality, integrity, and availability implications per CVSSv3...

7.8CVSS7.8AI score0.00105EPSS
CVE
CVE
added 2022/08/11 3:20 p.m.65 views

CVE-2022-20296

This CVE affects Android 13 ContentService. The issue is a missing permission check that allows an attacker with local access to determine whether an account exists on the device, enabling local information disclosure. Exploitation is rated as LOCAL with LOW exploit complexity and requires LOW pr...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/01 1:56 p.m.65 views

CVE-2022-26427

CVE-2022-26427: In camera isp, there is an out-of-bounds write due to a missing bounds check that can lead to local privilege escalation with System execution privileges required. No user interaction is needed. Patch ALPS07085540 / Issue ALPS07085540. Public references point to MediaTek/ALPS advi...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.65 views

CVE-2022-27823

CVE-2022-27823 affects Samsung SMR libsapeextractor: the sapefd_parse_meta_HEADER_old function may read out of bounds when processing a crafted media file. The issue is rooted in an improper size check, enabling out-of-bounds reads. Impact is described as partial confidentiality and partial avail...

7.1CVSS6.6AI score0.0028EPSS
CVE
CVE
added 2022/05/03 7:39 p.m.65 views

CVE-2022-28780

CVE-2022-28780 concerns an improper access control in the Weather feature prior to Samsung SMR May-2022 Release 1, enabling unauthorized access to location information set in Weather. The issue is mitigated by a patch that adds proper protection to prevent access to location data. Connected docum...

5.5CVSS5.3AI score0.00091EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.65 views

CVE-2022-32591

CVE-2022-32591 describes an out-of-bounds/incorrect bounds check in ril that can cause a remote denial of service without user interaction, due to a system crash. The NVD entry notes a patch (ALPS07257259; Issue ID ALPS07257259). Connected sources (Red Hat RH/CVE, CNVD, CVE lists, PT-2022-21393) ...

7.5CVSS7.4AI score0.00616EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.65 views

CVE-2022-32603

CVE-2022-32603 concerns MediaTek GPU DRM with an out-of-bounds write caused by improper input validation, enabling local privilege escalation with System execution privileges required. User interaction is not needed. A patch (ALPS07310704, Issue ID ALPS07310704) exists; details on affected versio...

6.7CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.65 views

CVE-2022-32610

CVE-2022-32610 concerns the vcu component, where a race condition can cause a use-after-free, enabling local escalation to SYSTEM without user interaction. The underlying issue is a memory management flaw leading to a potential privilege compromise. A patch is available under Patch ID ALPS0720347...

6.4CVSS6.6AI score0.00123EPSS
CVE
CVE
added 2022/07/11 1:36 p.m.65 views

CVE-2022-33702

CVE-2022-33702 affects Samsung Knoxguard; an improper authorization flaw allows a local attacker to disable the keyguard and bypass the Knoxguard lock via a factory reset on Knoxguard versions prior to SMR Jul-2022 Release 1. The issue is documented across multiple sources (NVD, Red Hat, CNVD, PR...

6.2CVSS5.3AI score0.0009EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.65 views

CVE-2023-20840

CVE-2023-20840 affects imgsys with a possible out-of-bounds read/write caused by missing valid-range checks. Exploitation requires user interaction and can grant local escalation of privilege with system execution privileges. A patch is referenced: ALPS07326430 (Issue ALPS07326430). No additional...

6.5CVSS6.5AI score0.00094EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.65 views

CVE-2023-32829

CVE-2023-32829 affects the apusys component: a possible out-of-bounds write caused by an integer overflow. This can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed for exploitation. A patch is available: ALPS07713478 (Issue ALPS07...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.65 views

CVE-2024-20030

CVE-2024-20030 affects the MediaTek-related component “da” module. The root cause is improper input validation leading to local information disclosure; exploitation requires no user interaction, but local privileges are needed. The entry notes a patch/mitigation identified as Patch ID ALPS0854163...

4.4CVSS6AI score0.00101EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.65 views

CVE-2024-20044

The CVE 2024-20044 affects the da module in MediaTek chips, where a missing bounds check enables an out-of-bounds write. This could allow local escalation of privilege to SYSTEM-level execution with no user interaction required. Patch ALPS08541784/ALPS08541784 is referenced as the mitigation. Con...

6.6CVSS7AI score0.00273EPSS
CVE
CVE
added 2024/05/06 2:51 a.m.65 views

CVE-2024-20064

CVE-2024-20064 : MediaTek wlan service contains an out-of-bounds write caused by improper input validation, enabling local privilege escalation with no user interaction. Impact is described as high (C/H/I/A). Exploitation is local with low privileges required; UI interaction is not needed. Patch ...

7.8CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.65 views

CVE-2024-20085

CVE-2024-20085 concerns MediaTek Power component vulnerability: a missing bounds check in the power handling can trigger an out-of-bounds read, enabling local information disclosure and potentially system-level execution privileges. Affected: MediaTek chips (power domain); root cause: out-of-boun...

4.4CVSS6.2AI score0.00096EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.65 views

CVE-2024-20138

CVE-2024-20138 concerns the WLAN driver in affected MediaTek MediaTek-based chipsets, where improper input validation can cause an out-of-bounds read. This leads to remote information disclosure without additional privileges and without user interaction. The issue is documented across multiple so...

7.5CVSS6.7AI score0.00282EPSS
CVE
CVE
added 2025/02/03 3:24 a.m.65 views

CVE-2025-20641

CVE-2025-20641 affects the DA module in MediaTek chipsets, where a missing bounds check can cause an out-of-bounds write. This could enable local privilege escalation if an attacker has physical access, with user interaction required for exploitation. The public description consistently notes the...

7.3CVSS6.6AI score0.00085EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.65 views

CVE-2025-20648

CVE-2025-20648 affects MediaTek chipsets' apu component, with a possible out-of-bounds read caused by a missing bounds check. This could lead to local information disclosure without user interaction. Exploitation details are not provided in the connected documents. A patch is referenced (ALPS0945...

5.5CVSS6.2AI score0.00077EPSS
Total number of security vulnerabilities8153