Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/12/05 7:0 p.m.63 views

CVE-2017-6211

CVE-2017-6211: In Android for MSM, Firefox OS for MSM, QRD Android (CAF Linux kernel builds), a buffer overflow in the processing of a downlink supplementary services message is reported. The vulnerability is triggered remotely over the network and, according to the CVSS data, could lead to a com...

10CVSS8.5AI score0.00785EPSS
CVE
CVE
added 2024/11/28 12:23 a.m.63 views

CVE-2018-9377

CVE-2018-9377 affects Android’s ActivityManagerService.getIntentForIntentSender, enabling local escalation of privilege via a pending Intent to access user metadata with no user interaction. The issue is tied to the getIntentForIntentSender path and can be exploited locally without extra privileg...

8.4CVSS5.8AI score0.00091EPSS
CVE
CVE
added 2024/12/05 10:20 p.m.63 views

CVE-2018-9386

CVE-2018-9386 concerns the HTC reboot_block driver. The reboot_block_command may trigger a stack buffer overflow due to a missing bounds check, enabling local privilege escalation to SYSTEM with no user interaction required. Connected sources (NVD, Red Hat, CVE lists) confirm the issue descriptio...

6.7CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2024/12/05 10:25 p.m.63 views

CVE-2018-9391

CVE-2018-9391 describes a security issue in the Mediatek GPS HAL: in gpshal_worker.c, update_gps_sv and output_vzw_debug, there is a possible out-of-bounds write due to a missing bounds check. This can lead to local escalation of privilege with System execution privileges required; exploitation i...

6.7CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2024/12/04 5:15 p.m.63 views

CVE-2018-9392

CVE-2018-9392 affects the Mediatek GPS HAL: in get_binary() of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c there is a possible out-of-bounds write due to a missing bounds check. This could enable local elevation of privilege with System execution privileges, and...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2024/12/04 11:11 p.m.63 views

CVE-2018-9398

The CVE-2018-9398 entry concerns the Mediatek FM radio driver (fm_set_stat) with an out-of-bounds write caused by improper input validation. Affected component: Mediatek FM radio driver; vulnerable function: fm_set_stat. Impact: local escalation of privilege with System execution privileges requi...

7.8CVSS6.7AI score0.00084EPSS
CVE
CVE
added 2024/12/04 11:29 p.m.63 views

CVE-2018-9403

CVE-2018-9403 describes a stack buffer overflow in the MTK FLP MSG HAL DIAG REPORT DATA NTF handler within the flp2hal_interface.c component. The underlying issue is a missing bounds check which can allow a local attacker with System privileges to escalate to higher privileges. Exploitation is lo...

7.8CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2024/12/04 11:34 p.m.63 views

CVE-2018-9408

The CVE-2018-9408 issue affects the GPS subsystem, specifically the m3326_gps_write and m3326_gps_read handlers in gps.s. The vulnerability is described as an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with system execution privileges required. Expl...

5.5CVSS6.2AI score0.00084EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.63 views

CVE-2018-9558

CVE-2018-9558 describes an out-of-bounds write in the NFC kernel due to a missing bounds check in rw_t2t_handle_tlv_detect (rw_t2t_ndef.cc). This could enable local elevation of privilege on Android devices without requiring prior privileges, with user interaction not strictly required for exploi...

7.8CVSS7.6AI score0.00172EPSS
CVE
CVE
added 2020/03/24 5:44 p.m.63 views

CVE-2019-20535

The CVE-2019-20535 entry concerns Samsung mobile devices running O(8.x) and P(9.0). The issue allows establishing a connection to a new Bluetooth device from the lock screen, implying a Bluetooth-based modality to trigger access without unlocking. The Samsung ID is SVE-2019-15533. The provided re...

6.2CVSS6.3AI score0.00133EPSS
CVE
CVE
added 2020/03/24 7:29 p.m.63 views

CVE-2019-20614

The CVE-2019-20614 entry concerns Samsung mobile devices running N(7.x), O(8.x), and P(9.0) where the Allshare component can let attackers access sensitive information. The available sources (NVD entry and Red Hat advisory) confirm the affected platform and the vulnerability description but do no...

7.5CVSS7.5AI score0.00397EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.63 views

CVE-2019-2067

CVE-2019-2067 affects libxaac in Android 10, where a missing bounds check allows an out-of-bounds write leading to remote code execution. Exploitation is network-scoped with user interaction required for exploitation (per CVE details). Root cause: bounds-check omission in libxaac. Affected produc...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2020/04/17 1:47 p.m.63 views

CVE-2019-20785

CVE-2019-20785 affects LG mobile devices running Android 8.0/8.1 for the DTAG carrier. The issue is in RILD (radio interface layer) where an uninitialized variable is used, per the Red Hat and NVD entries. LG’s internal ID is LVE-SMP-180013 (January 2019). Public details are limited in the provid...

6.8CVSS6.6AI score0.0014EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.63 views

CVE-2019-2080

CVE-2019-2080 concerns a possible out-of-bounds write in libxaac on Android 10, caused by a missing bounds check. The issue could enable remote code execution with no privileges and requires user interaction to exploit. Connected sources (including NVD and Red Hat) confirm libxaac as the vulnerab...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.63 views

CVE-2019-9359

CVE-2019-9359 involves an information-disclosure issue in Android 10’s libavc component. The vulnerability arises from uninitialized data in the library, enabling remote information disclosure with the Android 10 device at risk. Exploitation details beyond the description are not provided in the ...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.63 views

CVE-2019-9386

CVE-2019-9386 affects Android 10 NFC server: a missing bounds check leads to an out-of-bounds write that could enable local escalation of privilege in the system server. Exploitation requires user interaction. The issue is documented across multiple sources (NVD, Red Hat CVE, PRION) with the Andr...

7.3CVSS7.7AI score0.0019EPSS
CVE
CVE
added 2020/04/08 3:11 p.m.63 views

CVE-2020-11600

Samsung mobile devices with Q(10.0) software are affected by CVE-2020-11600, where an arbitrary code execution in the Fingerprint Trustlet can occur via a memory overwrite (SVE-2019-16587, SVE-2019-16588, SVE-2019-16589). The provided sources confirm the vulnerability vector and impact but do not...

10CVSS9.6AI score0.00831EPSS
CVE
CVE
added 2020/04/17 1:26 p.m.63 views

CVE-2020-11875

CVE-2020-11875 affects LG mobile devices running Android 8.0–10.0 with MTK chipsets. The MTK kernel is reported to mishandle exceptions, enabling local privilege escalation for an attacker (privileges gained via local access). Documents show a high-severity impact (NVD CVSS v3.1: 7.8, HIGH; v2: 7...

7.8CVSS7.6AI score0.00179EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.63 views

CVE-2021-0402

CVE-2021-0402 affects Android 11 in the jpeg component, where an out-of-bounds write arises from improper input validation. This could enable local escalation of privilege with system execution privileges required, and exploitation reportedly does not require user interaction. The issue is corrob...

7.2CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.63 views

CVE-2021-0673

CVE-2021-0673 : In Audio Aurisys HAL, a missing permission check allows local escalation of privilege with no user interaction. Descriptions across sources confirm a permission bypass affecting the Audio HAL layer, with a patch identified as ALPS05977326 (Issue ID ALPS05977326). The vulnerability...

7.8CVSS7.7AI score0.00668EPSS
CVE
CVE
added 2022/08/11 3:6 p.m.63 views

CVE-2021-0735

CVE-2021-0735 affects Android 13, where a missing permission check in PackageManager allows information disclosure about installed packages without extra privileges. Vulnerable component: PackageManager; root cause: failure to enforce Android 11+ limitations, enabling local information disclosure...

5.5CVSS5.5AI score0.00085EPSS
CVE
CVE
added 2021/04/09 5:34 p.m.63 views

CVE-2021-25358

CVE-2021-25358 affects Samsung SMR (system patch package). Before SMR APR-2021 Release 1, IMSI values could be stored in an improper path, enabling local attackers to access IMSI values via untrusted applications. Vulnerability is localized to affected SMR components; root cause is improper stora...

4CVSS4AI score0.00106EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.63 views

CVE-2022-20278

CVE-2022-20278 affects Android 13, in Accounts, due to insufficient log filtering that could write sensitive data to the system log. This enables local information disclosure with system privileges, no user interaction required. The issue is addressed in Android 13 security fixes; devices with pa...

5.5CVSS5.6AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:17 p.m.63 views

CVE-2022-20285

CVE-2022-20285 affects Android 13 and involves a side-channel in PackageManager that can reveal whether an app is installed without query permissions, enabling local information disclosure with no user interaction. Affected component: PackageManager/framework behavior in Android 13; root cause is...

5.5CVSS5.4AI score0.00097EPSS
CVE
CVE
added 2022/08/11 3:19 p.m.63 views

CVE-2022-20292

In Android 13 Settings, CVE-2022-20292 is described as a logic error that could bypass factory reset protections, enabling local escalation of privileges without additional privileges and with no user interaction required. Affected product: Android 13; vulnerable area: Settings. The issue is repo...

7.8CVSS7.9AI score0.00105EPSS
CVE
CVE
added 2022/08/11 3:20 p.m.63 views

CVE-2022-20297

In Android 13, CVE-2022-20297 affects the Settings component, where a logic error could bypass factory reset protections. This enables local escalation of privilege without additional execution privileges and requires no user interaction. The vulnerability is described across multiple sources as ...

7.8CVSS7.9AI score0.00105EPSS
CVE
CVE
added 2022/08/11 3:22 p.m.63 views

CVE-2022-20305

CVE-2022-20305 affects Android 13 ContentService. The issue is a missing permission check that allows a local attacker to disclose information about available account types. Exploitation requires user execution privileges but does not require user interaction. The CVSSv3.1 vector indicates a Loca...

3.3CVSS4.4AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:23 p.m.63 views

CVE-2022-20309

CVE-2022-20309 affects Android 13, specifically the PackageInstaller component. The issue is a side-channel information disclosure that can determine whether an app is installed without query permissions, leading to local information disclosure with no additional execution privileges required. Ex...

3.3CVSS4.2AI score0.00094EPSS
CVE
CVE
added 2022/08/11 3:27 p.m.63 views

CVE-2022-20327

The CVE-2022-20327 entry concerns Android 13 where there is a vulnerability allowing retrieval of the WiFi SSID without location permissions due to a missing permission check. This enables local information disclosure with user execution privileges, and exploitation requires user interaction. The...

2.8CVSS3.7AI score0.00096EPSS
CVE
CVE
added 2022/08/11 3:28 p.m.63 views

CVE-2022-20331

CVE-2022-20331 affects the Android 13 Framework. A tapjacking/overlay flaw can enable a work profile without user consent, causing local escalation of privilege. Exploitation requires user interaction but does not need extra execution privileges. CVSS v3.1 base score is High (7.8) with LOCAL atta...

7.8CVSS7.8AI score0.00108EPSS
CVE
CVE
added 2022/08/11 3:30 p.m.63 views

CVE-2022-20341

CVE-2022-20341 affects Android 13’s ConnectivityService, where a missing permission check enables a local bypass of network permissions. This could allow an information disclosure of tethering interfaces with no additional execution privileges required, and does not require user interaction. Expl...

5.5CVSS5.3AI score0.0009EPSS
CVE
CVE
added 2022/08/01 1:57 p.m.63 views

CVE-2022-21788

CVE-2022-21788 affects the scp component and is caused by undefined behavior stemming from incorrect error handling. The issue can enable local privilege escalation with system execution privileges; exploitation does not require user interaction. A patch is identified (ALPS06988728/ALPS06988728) ...

6.7CVSS6.6AI score0.00095EPSS
CVE
CVE
added 2022/08/01 1:56 p.m.63 views

CVE-2022-21792

CVE-2022-21792 affects the camera ISP in MediaTek devices, with an out-of-bounds write caused by a missing bounds check. The vulnerability can allow local escalation of privilege with System execution privileges, and requires no user interaction to exploit. A patch is available under patch ID ALP...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.63 views

CVE-2022-32618

Summary of CVE-2022-32618 : A miscalculation of buffer size in the Type-C functionality can cause an out-of-bounds write. This vulnerability could enable local privilege escalation on devices with physical access and does not require user interaction. The issue is described across multiple source...

6.8CVSS6.7AI score0.00202EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.63 views

CVE-2022-32630

CVE-2022-32630 involves a vulnerability in the throttling path that can cause an out-of-bounds write due to an incorrect calculation of buffer size. The available connected sources indicate this affects MediaTek chips (throttling component) and can lead to local escalation of privilege with Syste...

6.7CVSS6.8AI score0.00128EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.63 views

CVE-2022-32633

CVE-2022-32633 affects MediaTek Wi‑Fi components with a logic error that can cause a memory access violation, enabling local privilege escalation without user interaction. Root cause: memory access violation in Wi‑Fi code; impact据 indicate Local, Privileges required HIGH, with System execution pr...

6.7CVSS6.6AI score0.00098EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.63 views

CVE-2022-32649

CVE-2022-32649 describes a local use-after-free in the jpeg component caused by a logic error, enabling local privilege escalation to SYSTEM with no user interaction. Affected software is described only as jpeg (no vendor/product version details provided in the documents). The vulnerability’s imp...

6.7CVSS6.7AI score0.001EPSS
CVE
CVE
added 2022/08/05 3:14 p.m.63 views

CVE-2022-33728

CVE-2022-33728 concerns Samsung Mobile devices where Bluetooth before SMR Aug-2022 Release 1 exposes the connected Bluetooth MAC address via Settings.Global. The issue is local: an attacker on the device can access the MAC address without user interaction. Root cause is a leakage in Bluetooth set...

4CVSS3.8AI score0.00089EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.63 views

CVE-2022-39847

The CVE-2022-39847 entry concerns a use-after-free vulnerability in the NFC driver’s set_nft_pid and signal_handler functions on Samsung devices prior to the SMR Oct‑2022 Release 1. Affected component: NFC driver (Samsung Mobile). Root cause: use-after-free in specific NFC driver handlers, enabli...

5.3CVSS5.6AI score0.00077EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.63 views

CVE-2022-42767

In WLAN driver, CVE-2022-42767 is described as a missing bounds check in the driver leading to local denial of service against WLAN services. Connected sources consistently identify the affected component as the WLAN driver and the root cause as an out-of-bounds access. Reported impact is local D...

6.6CVSS4AI score0.0008EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.63 views

CVE-2022-44439

CVE-2022-44439: Connected sources describe a missing permission check in the messaging service that could permit a local denial of service affecting the contacts service without requiring additional execution privileges. The vulnerability is evaluated with CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.63 views

CVE-2022-47322

CVE-2022-47322 describes a local DoS in the WLAN driver caused by missing parameter validation in the WLAN subsystem. The vulnerability is reported across multiple sources (NVD entry and Red Hat advisory; CNNVD references Qualcomm chip WLAN driver) without public exploit details in the provided d...

6.4CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.63 views

CVE-2022-47356

CVE-2022-47356 concerns a missing permission check in the log service, which can lead to local denial of service. The vulnerability is described consistently across multiple sources as enabling a local attacker to exhaust the log service’s availability due to inadequate authorization. The NVD ent...

5.5CVSS5.3AI score0.00081EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.63 views

CVE-2022-47366

CVE-2022-47366 concerns the wlan driver, where a missing bounds check enables an out-of-bounds write. The vulnerability could cause a local denial of service in wlan services. Documents consistently describe the issue, but do not provide concrete product versions, patches, or mitigations within t...

6.4CVSS5.4AI score0.00089EPSS
CVE
CVE
added 2023/02/06 5:28 a.m.63 views

CVE-2022-47452

CVE-2022-47452 affects the gnss driver, caused by a missing bounds check that enables an out-of-bounds write. This can lead to a local denial of service in WLAN services. Exploit details, affected versions, and a concrete fix are not provided in the supplied documents; some sources (e.g., PT-2023...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.63 views

CVE-2022-48247

CVE-2022-48247 targets UNISOC audio service with a missing permission check, enabling local escalation of privilege. Root cause: insufficient permission validation in the audio service leading to unauthorized access. Affected: audio service on UNISOC chipsets; attack vector LOCAL, complexity LOW,...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.63 views

CVE-2023-20604

The CVE-2023-20604 issue affects the MediaTek ged component. It describes an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with SYSTEM privileges required; exploitation is not dependent on user interaction. The patch ID provided is ALPS07494067 (Issu...

6.7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.63 views

CVE-2023-20607

CVE-2023-20607 affects the ccu component in MediaTek devices. The vulnerability is a memory corruption caused by a race condition, enabling local escalation of privilege with System execution privileges required. It does not require user interaction for exploitation. The issue is mitigated by Pat...

6.4CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.63 views

CVE-2023-20746

The CVE-2023-20746 entry details a vulnerability in the vcu component of MediaTek chips. Root cause: an out-of-bounds write caused by improper locking. Impact: local escalation of privilege to SYSTEM level with no user interaction required. Affected scope is limited to the vcu module; exploitatio...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.63 views

CVE-2023-20845

CVE-2023-20845 affects imgsys. The vulnerability is an out-of-bounds read caused by missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. Patch ID ALPS07197795 / Issue ID ALPS07340357 is associated wi...

4.2CVSS4AI score0.00091EPSS
Total number of security vulnerabilities8153