Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/12/05 12:0 a.m.63 views

CVE-2022-32631

CVE-2022-32631 concerns MediaTek-based Wi‑Fi stacks with an outwardly stated vulnerability: an out-of-bounds write caused by improper input validation. The consequence is local escalation of privilege with SYSTEM execution privileges required, and exploitation reportedly does not require user int...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.62 views

CVE-2018-5865

CVE-2018-5865 affects Qualcomm fwlog in Android CAF/Linux kernel builds prior to the 2018-07-05 patch level. The issue is described as an integer underflow and/or buffer over-read in processing a debug log event, leading to information disclosure (high impact on confidentiality per CVSS3, local, ...

5.5CVSS5.2AI score0.00178EPSS
CVE
CVE
added 2019/01/31 8:0 p.m.62 views

CVE-2018-6241

The CVE-2018-6241 issue affects the NVIDIA Tegra Gralloc module in the driver, where missing input validation in the registerbuffer API could allow arbitrary code execution, denial of service, or privilege escalation. The NVIDIA SHIELD TV security bulletin lists this CVE as high severity (base sc...

7.8CVSS6.7AI score0.00219EPSS
CVE
CVE
added 2024/11/19 7:10 p.m.62 views

CVE-2018-9364

CVE-2018-9364 corresponds to an Elevation of Privilege in the LG LGLAF bootloader component. The connected sources indicate the issue involves a special command that permitted modification of certain partitions, enabling bypass of secure boot. The Red Hat and Android bulletin entries corroborate ...

7.5CVSS6.6AI score0.00206EPSS
CVE
CVE
added 2024/11/20 4:51 p.m.62 views

CVE-2018-9468

CVE-2018-9468 is a vulnerability in Android’s DownloadManager (DownloadManager.java, Framework) where a permissions bypass could permit reading/writing arbitrary files. This leads to local information disclosure and potential file rewriting without extra execution privileges, with exploitation no...

7.7CVSS7.3AI score0.00206EPSS
CVE
CVE
added 2024/11/20 5:16 p.m.62 views

CVE-2018-9471

The CVE-2018-9471 vulnerability concerns the Android Framework (NanoAppFilter.java) where the deserialization constructor can trigger data loss due to type confusion. This can lead to local escalation of privilege in the system server without additional execution privileges or user interaction. P...

9.8CVSS6.8AI score0.00168EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.62 views

CVE-2018-9539

CVE-2018-9539 is a local elevation-of-privilege in the Android ClearKey CAS descrambler caused by a use-after-free race condition. Affects Android 8.0–9; exploitation requires local access with no user interaction. The Android Security Bulletin indicates patches at the 2018-11-01/2018-11-05 patch...

7CVSS7.5AI score0.00353EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.62 views

CVE-2018-9549

CVE-2018-9549 is a concrete Android vulnerability in the Media Framework (lppTransposer function in lpp_tran.cpp) caused by a missing bounds check that enables a remote code execution via a crafted file. It affects Android versions 7.0 (Nougat) through 9 (Pie). The Android bulletin identifies it ...

9.3CVSS7.9AI score0.01089EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.62 views

CVE-2019-1991

CVE-2019-1991 affects Google Android; vulnerable component is btif_dm_data_copy in btif_core.cc. The issue is an out-of-bounds write caused by a buffer overflow, enabling remote code execution with network access and requiring user interaction for exploitation. Affected Android versions include 7...

9.3CVSS8.9AI score0.02027EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-2070

CVE-2019-2070 describes an out-of-bounds write in libxaac on Android 10 caused by a missing bounds check. This could enable remote code execution with no privileges required, with user interaction needed for exploitation. Connected sources (NVD, Red Hat, CNVD, PRION/CVE-2019-2070 aggregates) cons...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-2139

CVE-2019-2139 affects Android 10’s libxaac, where a missing bounds check allows an out-of-bounds read that can disclose information. Exploitation requires user interaction; no root privileges are indicated. The connected documents confirm the vulnerable component and impact but do not specify a p...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-2150

CVE-2019-2150 affects the libxaac library used in Android 10. The issue is an out-of-bounds read caused by a missing bounds check, leading to information disclosure. Exploitation requires user interaction. Multiple connected sources (Red Hat, CNVD, CVE listings) describe the same root cause in li...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-9277

CVE-2019-9277 involves an information disclosure in the Linux proc filesystem on Android 10. The vulnerability allows local disclosure of app and browser activity without user interaction, with exploitation requiring local access and possible user privileges. Root cause is log information disclos...

3.3CVSS4.3AI score0.00175EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-9290

CVE-2019-9290 affects the tzdata component in Android 10, where a mismatch between allocation and deallocation can cause memory corruption. This could enable local privilege escalation without user interaction. The Android 10 security release notes indicate this issue is addressed by patches in t...

7.8CVSS8.3AI score0.00162EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-9330

CVE-2019-9330 affects Android 10 in Bluetooth, where an out-of-bounds read due to a missing bounds check could enable remote information disclosure without user interaction. The issue is cataloged across multiple sources (NVD, Red Hat, CVE listing) with CVSSv3.1 base score 7.5 (HIGH) and CVSSv2 5...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-9358

CVE-2019-9358 is an Android NFC vulnerability described as an out-of-bounds write caused by a missing bounds check, enabling local elevation of privilege with user interaction required. Affected product: Android 10 devices. The issue is documented in multiple sources (NVD entry and Android 10 Sec...

7.3CVSS7.7AI score0.00204EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-9385

In Android-10, the libxaac library contains an out-of-bounds read due to a missing bounds check, enabling remote information disclosure with no extra execution privileges. User interaction is required to exploit. The issue is documented across multiple sources (NVD, Red Hat CVE entry, CVE lists) ...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.62 views

CVE-2019-9400

CVE-2019-9400 affects Android 10 Bluetooth stack: a null pointer dereference caused by a missing null check can allow remote denial of service without user interaction. Exploitation is described as network‑based with low complexity; impact is DoS with availability affected. Mitigation per Android...

7.5CVSS7.6AI score0.00987EPSS
CVE
CVE
added 2020/09/18 3:4 p.m.62 views

CVE-2020-0299

CVE-2020-0299 affects Android 11 via a Bluetooth component issue: spoofing of Bluetooth device metadata due to a missing permission check. This enables local elevation of privilege with user rights and no user interaction required. The vulnerability is documented across multiple sources (NVD, Red...

7.8CVSS8.1AI score0.00145EPSS
CVE
CVE
added 2020/09/17 8:52 p.m.62 views

CVE-2020-0306

CVE-2020-0306 concerns LLVM: an ineffective stack cookie placement due to stack frame double reservation, enabling local elevation of privilege on Android 11 without extra execution privileges or user interaction. The issue is documented across multiple feeds (NVD, Red Hat, Ubuntu, Debian) with t...

7.8CVSS7.7AI score0.00171EPSS
CVE
CVE
added 2020/09/18 2:52 p.m.62 views

CVE-2020-0354

CVE-2020-0354 concerns Android 11 Bluetooth where a missing bounds check enables an out-of-bounds write, potentially allowing remote code execution without privileges or user interaction. Affected software is the Android 11 Bluetooth stack; root cause is an out-of-bounds write in the Bluetooth im...

9.8CVSS9.3AI score0.0108EPSS
CVE
CVE
added 2020/04/08 3:30 p.m.62 views

CVE-2020-11605

CVE-2020-11605 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is a sensitive information exposure from dumpstate in NFC logs. Root cause details are not explicitly provided in the connected documents beyond the exposure description. What is vulnerable: the NFC-relat...

7.5CVSS7.4AI score0.00431EPSS
CVE
CVE
added 2020/10/06 6:32 p.m.62 views

CVE-2020-26603

CVE-2020-26603 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in Sticker Center, allowing a directory traversal by an unprivileged process to read arbitrary files. Samsung ID SVE-2020-18433 (October 2020) is referenced. Connected documents confirm the vulnerabili...

5.3CVSS5.4AI score0.00488EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.62 views

CVE-2021-1007

CVE-2021-1007 corresponds to an Android 12 vulnerability in the Bluetooth host stack: in btu_hcif_process_event (btu_hcif.cc) there is an out-of-bounds read caused by an incorrect bounds check. The impact is local information disclosure with the potential for system-level privileges, with no user...

4.4CVSS4.2AI score0.00113EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.62 views

CVE-2021-1013

CVE-2021-1013 affects Android 12 (e.g., Pixel devices). In PermissionManagerService.java’s checkExistsAndEnforceCannotModifyImmutablyRestrictedPermission, a side-channel information-disclosure path can determine whether an app is installed without query permissions. This enables local information...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.62 views

CVE-2021-1014

CVE-2021-1014 affects Android 12 via the getNetworkTypeForSubscriber path in PhoneInterfaceManager.java. The vulnerability arises from a side-channel that lets a local attacker determine whether an app is installed without query permissions, enabling local information disclosure without additiona...

5.5CVSS4.9AI score0.00111EPSS
CVE
CVE
added 2021/04/09 5:35 p.m.62 views

CVE-2021-25360

CVE-2021-25360 affects the libswmfextractor library prior to Samsung SMR APR-2021 Release 1. The root cause is improper input validation, which allows attackers to execute arbitrary code on the mediaextractor process. Remediation: update to SMR APR-2021 Release 1 or later. Exploitation details ar...

9.8CVSS9.6AI score0.00725EPSS
CVE
CVE
added 2021/08/05 7:43 p.m.62 views

CVE-2021-25444

CVE-2021-25444 is a vulnerability in Samsung’s Keymaster Trusted Application (TA) running in the ARM TrustZone Secure World. The issue is an IV reuse flaw in the Keymaster TA that decrypts custom key blobs, enabling a privileged process to access hardware-backed keys. Affected devices include Sam...

5.5CVSS5.9AI score0.00757EPSS
CVE
CVE
added 2022/08/11 3:10 p.m.62 views

CVE-2022-20255

The CVE-2022-20255 issue affects Android 13 (SettingsProvider). A missing permission check could allow a local attacker to read or modify the default ringtone, enabling local elevation of privilege without extra execution privileges and without requiring user interaction. The vulnerability is doc...

4.4CVSS5.7AI score0.00087EPSS
CVE
CVE
added 2022/08/11 3:10 p.m.62 views

CVE-2022-20256

The CVE-2022-20256 issue affects Android 13’s Audio HAL, where a race condition can cause an out-of-bounds write. This could enable local escalation of privileges to System level without user interaction. The description is consistent across Android/Open Source and Red Hat/NVD entries, and it is ...

6.4CVSS7AI score0.00073EPSS
CVE
CVE
added 2022/08/11 3:11 p.m.62 views

CVE-2022-20259

CVE-2022-20259 affects Android 13 Telephony: a missing permission check enables local disclosure of ICCID and EID without user interaction. Impact is information disclosure with no privilege escalation; exploitability is local. Remediation is applying the Android 13 security patches (patch level ...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:15 p.m.62 views

CVE-2022-20275

CVE-2022-20275 affects Android 13 devices due to a side-channel disclosure in the DevicePolicyManager that can reveal whether an app is installed without query permissions. The root cause is a information-disclosure path that enables local access to installation state without user interaction or ...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:28 p.m.62 views

CVE-2022-20328

CVE-2022-20328 affects Android 13 and relates to the PackageManager. The vulnerability arises from a missing permission check that can allow an attacker to determine whether an app is installed, enabling local information disclosure without requiring additional execution privileges. Exploitation ...

3.3CVSS4.4AI score0.00091EPSS
CVE
CVE
added 2022/08/11 3:28 p.m.62 views

CVE-2022-20330

CVE-2022-20330 : In Android 13, a missing Bluetooth permission check allows connecting or disconnecting Bluetooth devices without user awareness, enabling local elevation of privilege. Exploitation requires low privileges and does not require user interaction (UI: NONE). Impact is limited to elev...

3.5CVSS4.5AI score0.00121EPSS
CVE
CVE
added 2022/08/11 3:29 p.m.62 views

CVE-2022-20335

CVE-2022-20335 (Android 13) affects the Wifi Slice component where a missing permission check allows an attacker to adjust Wi‑Fi settings, enabling local escalation of privilege with no user interaction required. Root cause: insufficient permission validation in the Wifi Slice flow. Impact: local...

3.3CVSS5.1AI score0.00086EPSS
CVE
CVE
added 2022/08/01 1:55 p.m.62 views

CVE-2022-21789

MediaTek audio ipi contains a race condition that can cause memory corruption and local privilege escalation without user interaction. Root cause: race in the audio ipi path leading to memory corruption; impact described as local escalation of privilege with System execution privileges. Exploitat...

6.4CVSS6.6AI score0.00146EPSS
CVE
CVE
added 2022/08/01 1:55 p.m.62 views

CVE-2022-21790

The CVE-2022-21790 issue concerns MediaTek camera ISP hardware where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure with system-level privileges required; exploitation does not require user interaction. A fix is identified as patch ALPS06479306 ...

4.4CVSS4.2AI score0.00095EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.62 views

CVE-2022-22269

CVE-2022-22269 – concrete details found. The vulnerability concerns an unprotected BluetoothSettingsProvider on Samsung Android devices prior to the SMR Jan-2022 Release 1. This leakage enables untrusted applications with local access to read the device’s Bluetooth MAC address. Root cause: Blueto...

4CVSS3.9AI score0.00102EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.62 views

CVE-2022-26468

CVE-2022-26468: Out-of-bounds write in the preloader (usb) on MediaTek devices due to a missing bounds check. This can lead to local privilege escalation with physical access and requires user interaction for exploitation. Patch ID ALPS07168125/Issue ALPS07168125 appears in the record; no specifi...

6.6CVSS6.5AI score0.00147EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.62 views

CVE-2022-32593

The CVE-2022-32593 entry concerns MediaTek’s vowe component, where a missing bounds check can cause an out-of-bounds write. This vulnerability enables local escalation of privileges with System execution privileges required, and does not require user interaction. The issue is tied to the vowe cod...

6.7CVSS6.7AI score0.00128EPSS
CVE
CVE
added 2022/08/05 3:19 p.m.62 views

CVE-2022-33722

Affected product: Samsung Smart View (prior to SMR Aug-2022 Release 1). Vulnerability: Implicit Intent hijacking that allows an attacker to access the MAC address of a connected device. Root cause / nature: Vulnerability in Smart View’s handling of implicit intents (modeled as an intent hijack). ...

4CVSS4.1AI score0.00088EPSS
CVE
CVE
added 2022/08/05 3:13 p.m.62 views

CVE-2022-33727

CVE-2022-33727 describes a vulnerability in the SecDevicePickerDialog onCreate prior to Samsung SMR Aug-2022 Release 1, where flawed UI handling enables a tapjacking/overlay attack to trick users into selecting an unwanted Bluetooth device. The issue is documented across multiple sources (NVD, Re...

6.1CVSS6.3AI score0.0013EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.62 views

CVE-2022-39087

CVE-2022-39087 involves a missing permission check in a network service that could allow local escalation of privilege to System execution level. The CVE is linked across multiple feeds to a UNISOC chipset context, suggesting the issue affects a network-service component on UNISOC-based devices, ...

6.7CVSS6.7AI score0.00147EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.62 views

CVE-2022-44448

CVE-2022-44448 affects the WLAN driver, where a missing parameter check in the wlan driver can lead to local denial of service in WLAN services. Multiple documents confirm the issue description across NVD, Red Hat, CVE listings, and related feeds. Root cause: insufficient parameter validation in ...

6.4CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.62 views

CVE-2022-47471

CVE-2022-47471: A missing permission check in the telephony service can lead to local information disclosure without extra privileges. The core issue is in the telephony module; evidence across sources (NVD/Red Hat/ CVE listings) describes a LOCAL attack with high confidentiality impact (C:H, I:N...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.62 views

CVE-2023-20614

CVE-2023-20614 affects MediaTek devices in the ril component, where a missing bounds check allows an out-of-bounds write that can escalate to SYSTEM level privileges locally without user interaction. The root cause is a bounds-check omission in ril, enabling a write beyond intended memory. The vu...

6.7CVSS6.7AI score0.001EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.62 views

CVE-2023-20616

CVE-2023-20616 describes a type-confusion related out-of-bounds read in ion that could enable local privilege escalation with SYSTEM privileges; exploitation requires no user interaction. A patch is identified (ALPS07560720/ALPS07560720). The connected documents do not specify exact vendor/produc...

6.7CVSS6.6AI score0.001EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.62 views

CVE-2023-20728

CVE-2023-20728 affects the MediaTek wlan module. Root cause: a missing bounds check leads to an out-of-bounds read. Impact: local information disclosure with system execution privileges required; exploitation does not require user interaction. A patch is available (Patch ID: ALPS07573603; Issue I...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.62 views

CVE-2023-20732

CVE-2023-20732 concerns a vulnerability in the MediaTek wlan module where a missing bounds check can cause an out-of-bounds read. The issue could enable local information disclosure with system-execution privileges required; user interaction is not needed. Affected component is the wlan implement...

6.7CVSS5.9AI score0.00095EPSS
CVE
CVE
added 2023/06/28 12:0 a.m.62 views

CVE-2023-21172

CVE-2023-21172 affects Android 13 where the WifiCallingSettings.java functions allow changing calling preferences for the admin user due to a permissions bypass. This enables local elevation of privilege with no extra execution privileges needed and requires no user interaction to exploit. No spe...

7.8CVSS7.7AI score0.00097EPSS
Total number of security vulnerabilities8153