Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/08/11 3:27 p.m.64 views

CVE-2022-20326

CVE-2022-20326 affects Android 13 Telephony: a missing permission check allows disclosure of SIM identifiers via local information disclosure with low privileges and no user interaction. The issue is categorized as Information Disclosure/Telephony, with impact limited to confidential data exposur...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:29 p.m.64 views

CVE-2022-20336

CVE-2022-20336 concerns Android 13 where a missing permission check in Settings enables local information disclosure of installed apps allowed to use the network during VPN lockdown mode. The issue is triggered without user interaction and affects the Settings component; exploitation could reveal...

3.3CVSS4.4AI score0.00089EPSS
CVE
CVE
added 2022/08/01 1:56 p.m.64 views

CVE-2022-26426

The CVE-2022-26426 entry concerns MediaTek’s camera ISP (in-camera image signal processor) with an out-of-bounds write caused by a missing bounds check. The vulnerability could allow local privilege escalation with System execution privileges, and does not require user interaction. Connected sour...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2022/07/11 1:33 p.m.64 views

CVE-2022-30758

Technical details about CVE-2022-30758 are not publicly provided in the supplied documents. No affected versions, root cause, or remediation details are present here. Monitor for updates from security advisories and vendor advisories.

5.5CVSS5.3AI score0.00099EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.64 views

CVE-2022-32632

CVE-2022-32632 affects MediaTek Wi‑Fi components (Chip/SoC) with an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with SYSTEM privileges and no user interaction required. Patch ALPS07441630/ALPS07441630 issued; no exploitation details provided in ...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2022/07/11 1:34 p.m.64 views

CVE-2022-33692

CVE-2022-33692 refers to an information-disclosure vulnerability in Samsung’s Message App on Samsung mobile devices. The available connected documents describe that prior to the SMR July 2022 Release 1, a local attacker could access IMSI and ICCID via logs produced by the Messaging application. T...

4CVSS3.9AI score0.00099EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.64 views

CVE-2022-36847

CVE-2022-36847 describes a use-after-free in the MTP driver’s mtp_send_signal function on Samsung Mobile devices, prior to the SMR Sep-2022 Release 1. The vulnerability could enable attackers to perform malicious actions locally; affected component is the MTP driver, with impact described as high...

7.8CVSS7.8AI score0.0009EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.64 views

CVE-2022-36862

CVE-2022-36862 is a heap-based overflow in HWR::EngineCJK::Impl::Construct() within libSDKRecognitionText.spensdk.samsung.so, affecting Samsung mobile/S pen SDK components prior to the SMR Sep-2022 Release 1. The root cause is a heap overflow that can cause a memory access fault. Public exploitat...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2023/11/29 9:29 p.m.64 views

CVE-2022-42537

CVE-2022-42537 is a remote code execution issue impacting Chromecast devices, described in the Chromecast Security Bulletin under the AMLogic Secure Monitor component with High severity (CVSS v3.1: 9.8). The Chromium/Android bulletin confirms it as a RCE in the Secure Monitor path and attributes ...

9.8CVSS9.7AI score0.00474EPSS
CVE
CVE
added 2023/11/29 9:29 p.m.64 views

CVE-2022-42539

CVE-2022-42539 is documented across multiple feeds as an Information disclosure vulnerability affecting Chromecast/AMLogic components per the Chromecast security bulletin. The NVD entry shows CVSSv3.1: Network attack vector, low attack complexity, no privileges required, no user interaction, with...

7.5CVSS7.8AI score0.00262EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.64 views

CVE-2022-42769

CVE-2022-42769 concerns a vulnerability in the WLAN driver where a missing bounds check could enable local denial of service in WLAN services. Multiple connected sources corroborate a local impact through an out‑of‑bounds condition in the WLAN stack, with references to UNISOC chipset/WLAN context...

3.3CVSS4AI score0.00083EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.64 views

CVE-2022-42778

The CVE-2022-42778 entry concerns a missing permission check in the Windows Manager Service, described across multiple sources. The root cause is that the service could be set up without requiring additional execution privileges, enabling potential unauthorized setup. Documents consistently ident...

7.8CVSS7.5AI score0.0009EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.64 views

CVE-2022-42783

CVE-2022-42783 involves a vulnerability in the wlan driver where there is a missing parameter check. The disclosed impact across multiple sources is a local denial of service in wlan services. The description is consistently the same across NVD/Red Hat/CNNVD/CVE records, noting the root cause as ...

6.4CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.64 views

CVE-2023-20618

The CVE-2023-20618 vulnerability affects the MediaTek vcu component, where memory corruption can occur due to improper locking. This can enable local privilege escalation to System execution level without user interaction. The security entry lists Patch ID ALPS07519184 (Issue ALPS07519184) as the...

6.7CVSS6.8AI score0.0008EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.64 views

CVE-2023-20796

The CVE-2023-20796 vulnerability affects MediaTek devices in the power module. It is a memory corruption issue caused by an incorrect bounds check, leading to local denial of service with system execution privileges required; no user interaction is needed. A patch is available (ALPS07929790). Exp...

4.4CVSS4.8AI score0.00084EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.64 views

CVE-2023-20847

CVE-2023-20847 affects MediaTek chips, specifically the imgsys_cmdq component, where a missing valid range check can cause an out-of-bounds read. This vulnerability can lead to local denial of service with SYSTEM privileges required, and exploitation requires user interaction. The known remedy in...

4.2CVSS4.4AI score0.00088EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.64 views

CVE-2023-21315

CVE-2023-21315 describes a heap-based out-of-bounds read in Bluetooth that could cause remote information disclosure without require­ing privileges or user interaction. The NVD entry assigns CVSSv3.1: AV=Adjacent, AC=L, PR=NONE, UI=NONE, S=U, C=H, I=N, A=N with a base score of 6.5 (Medium). The A...

6.5CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.64 views

CVE-2023-42651

Technical details about CVE-2023-42651 are not publicly provided in the connected documents. The available sources reiterate a local information disclosure in engineermode without additional execution privileges, but do not specify affected products, versions, exploitability, or fixes. Monitor fo...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.64 views

CVE-2023-42654

CVE-2023-42654 affects Unisoc-based systems where the dm service lacks a required permission check, leading to local information disclosure. The NVD entry notes a Local attack vector with LOW privileges required and no user interaction, but excluding any impact on integrity or availability. Sever...

5.5CVSS5.2AI score0.00079EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.64 views

CVE-2023-52536

CVE-2023-52536 involves a vulnerability in the faceid service where a missing bounds check allows an out-of-bounds read, potentially causing local denial of service with System execution privileges. Affected software is the faceid service in UNISOC chipsets; records cite a CVSS v3.1 base score of...

4.4CVSS6.5AI score0.00081EPSS
CVE
CVE
added 2025/02/03 3:24 a.m.64 views

CVE-2025-20640

CVE-2025-20640 affects MediaTek chipsets’ DA module, where a missing bounds check enables an out-of-bounds read. This could cause local information disclosure when an attacker has physical device access; exploitation requires user interaction but no privileges beyond being present. Impact is desc...

6.2CVSS5.9AI score0.00099EPSS
CVE
CVE
added 2025/05/05 2:49 a.m.64 views

CVE-2025-20671

CVE-2025-20671 concerns MediaTek chipsets. The issue is an out-of-bounds write caused by a race condition in the thermal subsystem, enabling local escalation of privilege for an attacker already with System privileges. Exploitation reportedly does not require user interaction. A patch is listed (...

7CVSS7AI score0.00087EPSS
CVE
CVE
added 2014/05/14 12:0 a.m.63 views

CVE-2010-4832

The CVE-2010-4832 issue affects Android OS prior to 2.2, where an incorrect SSL certificate may be displayed in certain cases, allowing remote attackers to spoof trusted sites. The root cause is that certificate verification could be performed against the certificate of the last loaded resource o...

4.3CVSS6.7AI score0.00787EPSS
CVE
CVE
added 2014/12/15 5:27 p.m.63 views

CVE-2014-7911

CVE-2014-7911 affects Android's deserialization path in ObjectInputStream (Android before 5.0.0). The vulnerability allows an attacker to achieve arbitrary code execution via a crafted serialized object, invoked through an ArrayMap Parcel inside an intent to system_service, demonstrated by the fi...

7.2CVSS7AI score0.2435EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.63 views

CVE-2014-9786

CVE-2014-9786 describes a heap-based buffer overflow in the Qualcomm camera actuator driver (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c) within Android on Nexus 5 and 7 (2013) devices prior to 2016-07-05. The underlying fault allows a crafted application to escalate privi...

9.3CVSS7.7AI score0.00605EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.63 views

CVE-2014-9880

CVE-2014-9880 affects Android on Nexus 7 (2013) via Qualcomm drivers: the venc.c video engine fails to validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl, enabling privilege escalation with a crafted app. Root cause: lack of validation in drivers/video/msm/vidc/common/enc/venc.c. Android bug 28769352 and ...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.63 views

CVE-2015-1528

CVE-2015-1528 is an Android local vulnerability: integer overflow in libcutils/native_handle.c:native_handle_create can allow a crafted app to escalate privileges or trigger Binder heap memory corruption (DoS) on Android versions prior to 5.1.1 LMY48M. The issue is tied to internal bug 19334482. ...

9.3CVSS6.9AI score0.02742EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.63 views

CVE-2015-3824

The entry CVE-2015-3824 concerns MPEG4Extractor::parseChunk in Android’s libstagefright (mediaserver). The flaw arises when processing MP4 tx3g atoms, where size calculations are not properly bounded, enabling remote attackers to cause memory corruption and potentially remote code execution or a ...

10CVSS8AI score0.90483EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.63 views

CVE-2015-6575

Technical details for CVE-2015-6575 are not publicly available in the provided documents; monitor for updates from official advisories.

10CVSS9AI score0.0279EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.63 views

CVE-2015-6598

CVE-2015-6598 affects Android’s libstagefright (before 5.1.1 LMY48T). The issue is memory corruption in media processing, which could enable remote code execution or a denial of service when handling a crafted media file, potentially via mediaserver. Root cause centers on memory corruption within...

10CVSS7.8AI score0.01858EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.63 views

CVE-2016-0807

CVE-2016-0807 affects Android 6.x Debuggerd (get_build_id in elf_utils.cpp) where a crafted ELF Note Desc Size element mishandling enables privilege escalation. Root cause: improper handling in Debuggerd’s ELF note parsing. Impact: high (local attacker). Affected component: Android 6.x Debuggerd....

8.4CVSS8.1AI score0.00215EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.63 views

CVE-2016-0819

CVE-2016-0819 affects the Qualcomm performance component in Android, with exploitation possible by a crafted application to gain privileges in the kernel. Affected versions are Android 4.x up to 4.4.3, 5.x up to 5.1.0 LMY49H, and 6.x before 2016-03-01. The issue is described as an elevation-of-pr...

9.3CVSS7.4AI score0.00492EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.63 views

CVE-2016-10281

CVE-2016-10281 is an elevation-of-privilege vulnerability in the MediaTek thermal driver on Android that could allow a local malicious application to execute code in the kernel context. The issue is exploitable locally and requires a privileged process to be compromised first; no exploit details ...

7.6CVSS6.6AI score0.00489EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.63 views

CVE-2016-1621

CVE-2016-1621 affects libvpx in mediaserver on Android (4.x before 4.4.4; 5.x before 5.1.1; 6.0 before 2016-03-01). Root cause: memory corruption in mediaserver triggered by processing crafted media files, linked to libwebm/mkvparser.cpp. Impact: remote code execution or denial of service within ...

10CVSS8.6AI score0.05901EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.63 views

CVE-2016-2504

CVE-2016-2504 concerns the Qualcomm KGSL GPU driver in Android prior to 2016-08-05 on Nexus devices (5, 5X, 6, 6P, 7 (2013)). The issue is a local privilege-escalation vulnerability due to a use-after-free flaw in the KGSL driver (kgsl_mem_entry) that can be triggered by a crafted app, allowing a...

7.8CVSS7.4AI score0.00226EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.63 views

CVE-2016-6735

CVE-2016-6735 describes an elevation-of-privilege in the NVIDIA GPU driver on Android devices prior to 2016-11-05 that could allow a local malicious app to execute arbitrary code in the kernel context. The initial entry and multiple connected sources confirm the issue as a local privilege escalat...

9.3CVSS7.4AI score0.00686EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.63 views

CVE-2017-0448

CVE-2017-0448 is an information-disclosure vulnerability in the NVIDIA Tegra NVHOST kernel driver. The root cause is a memory handling flaw (use-after-free/memory after free) that can allow a local attacker to access data outside the process permissions. Affected stack: Android devices using Kern...

5.5CVSS5.2AI score0.00545EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.63 views

CVE-2017-0466

CVE-2017-0466 is a remote code execution vulnerability in Android’s Mediaserver. A specially crafted file could trigger memory corruption during media file and data processing, allowing an attacker to execute code within the Mediaserver process. Affected products/versions are Android 6.0, 6.0.1, ...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.63 views

CVE-2017-0486

CVE-2017-0486 describes a denial-of-service vulnerability in Android’s Mediaserver. A specially crafted file could cause a device Hang or Reboot on affected Android versions (6.0, 6.0.1, 7.0, 7.1.1). The issue is described as High severity; attack vector is listed as Local (per CVSS3) with user i...

7.1CVSS5.4AI score0.00616EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.63 views

CVE-2017-0759

CVE-2017-0759 is a Remote Code Execution vulnerability in Android’s media framework (libstagefright) affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is associated with the Media Framework component and is reported in multiple sources (NVD entry for CVE-2017-0759; Android Security B...

9.3CVSS7.9AI score0.01053EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.63 views

CVE-2017-0878

CVE-2017-0878 is a remote code execution vulnerability in Android's Media Framework (libhevc) affecting Android 8.0. The issue enables code execution in the context of a privileged process when a device processes a specially crafted media file. Public sources in the connected documents confirm th...

9.3CVSS8.4AI score0.01437EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.63 views

CVE-2017-13160

CVE-2017-13160 is a remote code execution in Android’s Bluetooth subsystem affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-37160362). The vulnerability is classified as RCE and received a Critical/High-severity rating in the Android bulletin, with impact described as arbitrary code exec...

10CVSS8.9AI score0.01778EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.63 views

CVE-2017-13195

CVE-2017-13195 affects Android Media Framework (ihevcd_parse_headers.c: ihevcd_parse_sps). The issue arises when several parameter values could be negative, causing negative indexes and an infinite loop, enabling remote denial of service of a privileged system process with no privileges and no us...

7.8CVSS7.3AI score0.0173EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.63 views

CVE-2017-13211

CVE-2017-13211 affects Android 8.0. The issue is in btif_ble_scanner.cc (function bta_scan_results_cb_impl) where a flood of repeated BLE scan results can exhaust resources, enabling remote DoS of a critical system process with no privileges and no user interaction. The Android bulletin notes tha...

7.8CVSS7.3AI score0.02173EPSS
CVE
CVE
added 2024/11/14 10:10 p.m.63 views

CVE-2017-13227

The CVE-2017-13227 issue affects the Android Autofill framework specifically stating that the package name provided by the app process is trusted inappropriately, leading to potential information disclosure with no additional privileges required. The description indicates a local attack vector wi...

5.5CVSS6.4AI score0.00085EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.63 views

CVE-2017-13255

CVE-2017-13255 affects the Android System component; an out-of-bounds write in process_service_attr_req within sdp_server.c can lead to remote code execution with no privileges and no user interaction. Affected Android versions range from 5.1.1 through 8.1 (per Android bulletin listing under Syst...

8.8CVSS8.5AI score0.00688EPSS
CVE
CVE
added 2024/11/27 7:55 p.m.63 views

CVE-2017-13319

CVE-2017-13319 is a buffer overread in the Android Media framework (pvmp3_get_main_data_size) that can lead to remote information disclosure without user interaction. The Android Pixel/Nexus bulletin lists CVE-2017-13319 under Media framework with updated AOSP versions 7.0, 7.1.1, 7.1.2, 8.0, 8.1...

7.5CVSS7.8AI score0.00334EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.63 views

CVE-2017-6211

CVE-2017-6211: In Android for MSM, Firefox OS for MSM, QRD Android (CAF Linux kernel builds), a buffer overflow in the processing of a downlink supplementary services message is reported. The vulnerability is triggered remotely over the network and, according to the CVSS data, could lead to a com...

10CVSS8.5AI score0.00785EPSS
CVE
CVE
added 2024/11/28 12:23 a.m.63 views

CVE-2018-9377

CVE-2018-9377 affects Android’s ActivityManagerService.getIntentForIntentSender, enabling local escalation of privilege via a pending Intent to access user metadata with no user interaction. The issue is tied to the getIntentForIntentSender path and can be exploited locally without extra privileg...

8.4CVSS5.8AI score0.00091EPSS
CVE
CVE
added 2024/12/05 10:20 p.m.63 views

CVE-2018-9386

CVE-2018-9386 concerns the HTC reboot_block driver. The reboot_block_command may trigger a stack buffer overflow due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction required. Connected sources (NVD, Red Hat, CVE lists) confirm the issue descriptio...

6.7CVSS7.2AI score0.00085EPSS
Total number of security vulnerabilities8153