Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/12/15 3:58 p.m.221 views

CVE-2020-0499

The CVE-2020-0499 entry concerns FLAC:bitreader_read_rice_signed_block where a heap buffer overflow can cause an out-of-bounds read, enabling remote information disclosure in Android-11. Exploitation reportedly requires user interaction; impact is information disclosure with low/medium severity d...

4.3CVSS4.6AI score0.03964EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.221 views

CVE-2024-49747

CVE-2024-49747 affects Android via the Bluetooth stack: in function gatts_process_read_by_type_req within gatt_sr.cc, a logic error can cause an out-of-bounds write. This could enable remote code execution with no additional privileges and without user interaction. The available documents consist...

9.8CVSS7.5AI score0.00459EPSS
CVE
CVE
added 2017/04/24 7:0 p.m.219 views

CVE-2017-3544

CVE-2017-3544 is a content spoofing vulnerability in the Networking component of Oracle/OpenJDK’s Java SE/Java SE Embedded/JRockit, specifically an SMTP newline-injection issue in the SMTP client. The connected documents establish that a remote attacker could exploit this via SMTP to manipulate S...

4.3CVSS4.3AI score0.01686EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.219 views

CVE-2022-20024

CVE-2022-20024 is a local elevation-of-privilege vulnerability affecting system services in the Android stack (notably MediaTek–ALPS06219064 reference). The root cause is a missing permission check in a system service, enabling local privilege escalation with no user interaction and low attack co...

7.8CVSS7.7AI score0.00111EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.217 views

CVE-2018-9517

CVE-2018-9517 pertains to the Linux kernel vulnerability described as a use-after-free in pppol2tp_connect, leading to memory corruption and local privilege escalation with SYSTEM privileges required on Android kernels. The connected Nessus entries (Unity Linux UTSA advisories and related plugins...

7.2CVSS7.1AI score0.00424EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.216 views

CVE-2018-9516

CVE-2018-9516 affects the Linux kernel HID subsystem: in hid_debug_events_read() of drivers/hid/hid-debug.c there is a possible out-of-bounds write due to missing bounds checks. This can enable local privilege escalation with system-level rights; no user interaction is required. The vulnerability...

7.8CVSS6.4AI score0.00415EPSS
CVE
CVE
added 2020/10/14 1:2 p.m.216 views

CVE-2020-0419

CVE-2020-0419 involves Android’s PackageInstallerSession.java, where generateInfo can leak cross-profile URI data during app installation due to a missing permission check. The issue affects Android 8.1–11 and is described as local information disclosure with no authentication or user interaction...

5.5CVSS5AI score0.00149EPSS
CVE
CVE
added 2020/12/15 4:17 p.m.216 views

CVE-2020-27068

CVE-2020-27068 is an Android kernel issue that also surfaces in upstream Linux kernel code. The Connected documents confirm concrete exposure in Linux-based environments: Unity Linux advisories UTSA-2026-004302/004038/001442 reference this CVE alongside kernel fixes for Unity Linux 20.1060e/20.10...

9.8CVSS7.6AI score0.0075EPSS
CVE
CVE
added 2022/02/09 10:5 p.m.216 views

CVE-2022-20027

CVE-2022-20027 concerns the Bluetooth stack where a missing bounds check can cause an out-of-bounds write, leading to local elevation of privilege with no additional execution privileges or user interaction required. The vulnerability is associated with MediaTek Bluetooth components (per the Andr...

7.8CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2019/09/06 9:47 p.m.214 views

CVE-2019-9443

CVE-2019-9443 affects the Android kernel VL53L0 driver. The issue is an out-of-bounds write caused by a permissions bypass in the set_fs path, enabling local elevation of privilege without user interaction. Public exploitation details are not provided in the available documents. The vulnerability...

6.7CVSS6.7AI score0.00167EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.214 views

CVE-2022-20053

CVE-2022-20053 concerns MediaTek IMS service with a missing permission check that enables local privilege escalation. The issue is described as a local EoP without requiring user interaction or additional execution privileges. The vulnerability is associated with patch ID ALPS06219097 (Issue ID A...

7.8CVSS8.1AI score0.00113EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.214 views

CVE-2022-20422

CVE-2022-20422 is a race-condition memory corruption issue in armv8_deprecated.c (emulation_proc_handler) of the Linux kernel used by Android. It allows local privilege escalation without extra privileges or user interaction, via memory corruption. Connected documents corroborate the same descrip...

7CVSS7AI score0.00126EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.214 views

CVE-2023-20944

CVE-2023-20944 describes an elevation of privilege in Android due to unsafe deserialization in ChooseTypeAndAccountActivity.java. Affected software includes Android 10–13 (per security bulletin data). The underlying issue is a deserialization flaw in the specified activity that could enable a loc...

7.8CVSS7.7AI score0.00189EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.213 views

CVE-2021-39704

CVE-2021-39704 affects Android platforms (Android 10, 11, 12) and is tied to the NotificationManagerService.deleteNotificationChannelGroup. The issue enables a local elevation of privilege by bypassing a permission, allowing a foreground service to run without a user notification and without user...

7.8CVSS7.6AI score0.00189EPSS
CVE
CVE
added 2022/08/11 12:0 a.m.213 views

CVE-2022-20369

CVE-2022-20369 : In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out-of-bounds write due to improper input validation, leading to local escalation of privileges with System execution privileges needed. User interaction is not required. Connected Astra Linux bulletin reiterates this de...

6.7CVSS7AI score0.00155EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.213 views

CVE-2023-20906

CVE-2023-20906 affects Android’s Framework component (PermissionManagerService.java). The vulnerability enables a silent privilege grant after a Target SDK update, constituting a local Elevation of Privilege (EoP) due to a permissions bypass. Exploitation requires local access with low privileges...

7.8CVSS7.7AI score0.00098EPSS
CVE
CVE
added 2025/01/21 11:4 p.m.213 views

CVE-2024-49749

CVE-2024-49749 is a vulnerability in the DGifSlurp function of the GIF decoder in dgif_lib.c. It stems from an integer overflow that can trigger an out-of-bounds write, enabling remote code execution. Exploitation is described as possible without additional user interaction. Connected sources (Re...

8.8CVSS7.9AI score0.00242EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.212 views

CVE-2022-20048

CVE-2022-20048 affects MediaTek video decoder with a missing bounds check causing an out-of-bounds write and local privilege escalation without user interaction. MTK’s advisory (ALPS05917502) notes the patch, and other sources (NVD, Red Hat, CNVD, CVE listings) corroborate the description. The av...

7.8CVSS8.2AI score0.00115EPSS
CVE
CVE
added 2021/06/22 11:0 a.m.210 views

CVE-2021-0561

CVE-2021-0561 is an out-of-bounds write in append_to_verify_fifo_interleaved_() of stream_encoder.c, enabling local information disclosure without extra privileges. The vulnerability is observed in FLAC libraries across multiple distros; no exploit details are provided in the documents. Remediati...

5.5CVSS5.2AI score0.00465EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.210 views

CVE-2023-21106

CVE-2023-21106 affects the Android kernel (Adreno GPU DRM driver). The issue is in the function adreno_set_param in adreno_gpu.c, where a double free can cause memory corruption, enabling local privilege escalation with no user interaction required.

7.8CVSS7.6AI score0.00112EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.209 views

CVE-2015-8956

CVE-2015-8956 detailed in connected sources: The Linux kernel’s rfcomm_sock_bind in net/bluetooth/rfcomm/sock.c, vulnerable before 4.2, may allow a local attacker to obtain sensitive information or cause a denial of service (NULL pointer dereference) via a bind system call on a Bluetooth RFCOMM s...

6.1CVSS6.6AI score0.00225EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.209 views

CVE-2019-9371

CVE-2019-9371 affects libvpx and is characterized by a resource-exhaustion denial of service due to improper input validation. The issue is linked to multiple package advisories and security bulletins across distributions (e.g., Debian DSA-4578-1, AlmaLinux libvpx security update, Fedora package ...

7.1CVSS6.9AI score0.03071EPSS
CVE
CVE
added 2020/05/08 7:50 p.m.209 views

CVE-2020-6616

CVE-2020-6616 involves Broadcom BCM4361 Bluetooth RNG: a low-entropy PRNG is used where a Hardware RNG should be, enabling spoofing risks. Publicly documented impact references include Apple’s iOS 13.5/iPadOS 13.5 notes, which list CVE-2020-6616 under Bluetooth with a low-entropy PRNG issue, affe...

6.5CVSS7.5AI score0.0073EPSS
CVE
CVE
added 2021/01/11 9:46 p.m.209 views

CVE-2021-0308

CVE-2021-0308: In ReadLogicalParts of basicmbr.cc there is a missing bounds check causing an out-of-bounds write. This could enable local escalation of privilege with no additional execution privileges and no user interaction. Affected products listed include Android versions 8.1–11 (Android-8.1,...

7.2CVSS6.6AI score0.00436EPSS
CVE
CVE
added 2022/08/09 8:23 p.m.207 views

CVE-2022-20353

CVE-2022-20353 is an Android Media Framework issue affecting Android 10–12/12L, described as an information disclosure vulnerability in the onSaveRingtone path of DefaultRingtonePreference.java . The root cause is improper input validation leading to an inappropriate file read, enabling local inf...

5.5CVSS5AI score0.00095EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.207 views

CVE-2023-40129

CVE-2023-40129 describes a heap-based out-of-bounds write in the Bluetooth stack (build_read_multi_rsp in gatt_sr.cc) that enables remote code execution with no user interaction. The NVD entry and Android security documentation indicate an adjacent attack vector with high impact and a base CVSS v...

8.8CVSS8.8AI score0.00223EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.206 views

CVE-2021-39803

CVE-2021-39803 affects Android Media Framework (Media Codecs) with the vulnerable component C2AllocatorIon.cpp. The root cause is an out-of-bounds read caused by a use-after-free, leading to remote information disclosure without executing code, with user interaction required for exploitation. Imp...

6.5CVSS6.1AI score0.0061EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.205 views

CVE-2021-39708

CVE-2021-39708 affects Android 12 and is caused by an out-of-bounds write in gatt_process_notification (gatt_cl.cc) due to an incorrect bounds check, enabling remote elevation of privilege without user interaction. Multiple connected sources corroborate the issue and classify it as a critical EoP...

10CVSS9.1AI score0.01156EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.205 views

CVE-2021-39801

CVE-2021-39801 affects the Android kernel ion subsystem (ion-ioctl.c). The vulnerability is a use-after-free caused by improper locking in ion_ioctl, enabling local escalation of privilege with no additional privileges or user interaction required. Exploitation details are not provided beyond tho...

7.8CVSS7.7AI score0.00114EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.205 views

CVE-2021-39807

CVE-2021-39807 describes a local elevation-of-privilege flaw in Android’s SecureNfcEnabler.java (handleNfcStateChanged) that allows enabling NFC from a Guest account due to a missing permission check. Affected products/versions include Android 10, 11, 12, and 12L. The impact is local privilege es...

7.8CVSS7.6AI score0.00104EPSS
CVE
CVE
added 2016/01/06 12:0 a.m.204 views

CVE-2015-6639

CVE-2015-6639 details: A privilege-escalation in the Widevine QSEE TrustZone app on Android 5.x (before 5.1.1 LMY49F) and 6.0 (before 2016‑01‑01) allows a crafted app with QSEECOM access to gain privileges. Root cause involves trustlet/TrustZone interaction enabling local escalation via the QSEE ...

9.3CVSS7.5AI score0.06906EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.204 views

CVE-2016-0801

CVE-2016-0801 affects Broadcom BCM43xx Wi‑Fi firmware used by Broadcom devices. The Debian/Mageia advisories describe memory corruption in Broadcom Wi‑Fi firmware/packets processing that could enable remote code execution, potentially leading to privilege escalation or data disclosure. Debian not...

9.8CVSS7.6AI score0.33367EPSS
CVE
CVE
added 2019/09/06 9:48 p.m.204 views

CVE-2019-9451

CVE-2019-9451 affects the Android kernel touchscreen driver. The flaw is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges. Exploitation is not dependent on user interaction. The available documents do not specify a pa...

6.7CVSS6.7AI score0.00179EPSS
CVE
CVE
added 2018/02/19 7:0 p.m.203 views

CVE-2017-7376

CVE-2017-7376 is described in the connected IBM bulletin as a buffer overflow in libxml2 that allows remote code execution by exploiting an incorrect limit for port values when handling redirects. The provided documents confirm the existence of this vulnerability and its impact on libxml2, but do...

10CVSS8.1AI score0.23694EPSS
CVE
CVE
added 2019/09/06 9:43 p.m.202 views

CVE-2019-9461

CVE-2019-9461 affects the Android kernel VPN routing component. The issue enables a potential information disclosure by an adjacent-network attacker, with no additional execution privileges and no user interaction required. The vulnerability is listed under the Pixel/Android 2019-09-01 bulletin w...

6.5CVSS5.9AI score0.015EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.201 views

CVE-2017-13194

CVE-2017-13194 affects libvpx used by the Android media framework. The root cause is incorrect validation of odd frame widths in libvpx, enabling denial of service and, in some advisories, potential arbitrary code execution. Affected environments include Android 7.x–8.x and various Linux distribu...

7.8CVSS7.1AI score0.01805EPSS
CVE
CVE
added 2019/11/13 5:35 p.m.201 views

CVE-2019-2201

CVE-2019-2201: Out-of-bounds write in generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S can enable remote code execution in unprivileged Android processes (Android 8.0–10). Root cause is a missing bounds check in the NEON path; exploitation requires user interaction. Remediation: Android ...

9.3CVSS7.9AI score0.02461EPSS
CVE
CVE
added 2022/05/10 7:58 p.m.201 views

CVE-2022-20114

CVE-2022-20114 affects Android (10–12, 12L) and is tied to a flaw in TelecomManager.java: the placeCall path can let an app keep itself running with foreground service importance, bypassing a permission and enabling local privilege escalation without extra execution privileges. The issue is class...

7.8CVSS7.7AI score0.00115EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.201 views

CVE-2022-20409

CVE-2022-20409 : The vulnerability exists in the Linux kernel’s io_uring.c, specifically in io_identity_cow, where a use-after-free can corrupt memory and enable local privilege escalation. The Android/Linux kernel context is affected (Android kernel and EulerOS advisories reference this CVE). Ex...

6.7CVSS7.1AI score0.00563EPSS
CVE
CVE
added 2019/09/06 9:45 p.m.200 views

CVE-2019-9271

The CVE-2019-9271 issue is a race condition in the Android kernel MNH driver caused by insufficient locking, leading to a use-after-free and potential privilege escalation to System level. Affected component: MNH driver in Android kernel. Impact: elevation of privilege with partial/hardening impl...

6.4CVSS6.6AI score0.00131EPSS
CVE
CVE
added 2024/09/13 8:28 p.m.200 views

CVE-2024-44092

CVE-2024-44092 describes a missing LCS signing enforcement caused by test/debugging code left in a production build, potentially enabling local privilege escalation without user interaction. Public materials in this set confirm impact on Google Pixel/Android components, with references in the Pix...

7.8CVSS7.8AI score0.0008EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.199 views

CVE-2021-39697

CVE-2021-39697 affects Android 11/12 via the DownloadProvider.java checkFileUriDestination path, where a missing permission check may bypass external storage private directories protection. This could allow local elevation of privilege with User-level privileges and no user interaction required. ...

7.8CVSS7.7AI score0.0012EPSS
CVE
CVE
added 2022/05/10 7:55 p.m.197 views

CVE-2022-20004

CVE-2022-20004 is a local-elevation vulnerability in Android where checkSlicePermission in SliceManagerService.java can access any slice URI due to improper input validation. Affected: Android 10–12L (including 12L) per multiple sources. Impact: local privilege escalation with high severity (CVSS...

7.8CVSS7.7AI score0.00204EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.196 views

CVE-2021-39794

CVE-2021-39794 affects Android 11–12/12L, in the AdbService.java method broadcastPortInfo . The issue is a missing permission check that can allow apps to execute code as the shell user when wireless debugging is enabled, causing local elevation of privilege. Exploitation requires user interactio...

7.8CVSS7.7AI score0.00332EPSS
CVE
CVE
added 2020/01/08 3:31 p.m.195 views

CVE-2020-0009

CVE-2020-0009 affects the Android kernel ashmem.c (calc_vm_may_flags): an insecure permissions bypass can allow an arbitrary write to shared memory, enabling local privilege escalation by corrupting inter-process memory. Exploitation is possible without user interaction, and no additional executi...

5.5CVSS6.2AI score0.00687EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.195 views

CVE-2022-20145

Android CVE-2022-20145 exposes VPN credentials via a downgrade in Vpn.java: startLegacyVpnPrivileged in Android 11, enabling remote privilege escalation when connected to a malicious Wi‑Fi AP and requiring no user interaction. Affected product: Android (Android-11) framework component; vulnerabil...

10CVSS9.1AI score0.06453EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.195 views

CVE-2022-20456

CVE-2022-20456 : In AutomaticZenRule.java, there is a vulnerability due to a failure to persist permissions settings caused by resource exhaustion, which could lead to local elevation of privilege with no additional execution privileges needed. Affected: Android 10–13 (Android-10, Android-11, And...

7.8CVSS7.6AI score0.00238EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.195 views

CVE-2022-20481

CVE-2022-20481 affects Android 10–13. The issue involves preserving WiFi settings due to residual data after a reset, enabling local information disclosure without extra execution privileges. Root cause: residual WiFi data in multiple files. Impact: confidentiality loss (high); no integrity/avail...

5.5CVSS5AI score0.00121EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.195 views

CVE-2023-21096

CVE-2023-21096: A use-after-free in OnWakelockReleased within attribution_processor.cc in Android can lead to remote code execution with no privileges and no user interaction. Public documentation identifies this as a critical RCE in the System component affecting Android 12, 12L, and 13, with pa...

9.8CVSS9.3AI score0.00467EPSS
CVE
CVE
added 2020/08/11 7:31 p.m.194 views

CVE-2020-0256

CVE-2020-0256 is a vulnerability in the gdisk GPT disk utility. The issue is an out-of-bounds write in LoadPartitionTable of gpt.cc, caused by a missing bounds check, which could enable local escalation of privilege when inserting a malicious USB device. Affected software across multiple distribu...

7.2CVSS6.6AI score0.00214EPSS
Total number of security vulnerabilities8153