Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
•added 2024/11/27 10:34 p.m.•61 views

CVE-2018-9353

CVE-2018-9353 affects the ihevcd_parse_slice_data function in ihevcd_parse_slice.c used by Google Android. The root cause is a missing bounds check that enables a heap buffer out-of-bounds read, allowing remote denial of service with no single execution privilege required. Exploitation requires u...

6.5CVSS8.9AI score0.00296EPSS
CVE
CVE
•added 2024/11/19 8:44 p.m.•61 views

CVE-2018-9365

CVE-2018-9365 describes a potential out-of-bounds read in the SMP L2C data path (smp_data_received in smp_l2c.cc) that could lead to remote code execution. Exploitation requires user interaction. Multiple connected sources (RH, NVD, CVE lists, Android bulletin) confirm the issue and its remote-co...

9.8CVSS7.5AI score0.00246EPSS
CVE
CVE
•added 2024/11/19 7:23 p.m.•61 views

CVE-2018-9372

CVE-2018-9372 : The issue is in the Android bootloader path (cmd_flash_mmc_sparse_img in dl_commands.c) where there is a possible out-of-bounds write caused by a missing bounds check. This could allow a local escalation of privilege in the bootloader without additional execution privileges and wi...

7.8CVSS6.9AI score0.0009EPSS
CVE
CVE
•added 2024/12/04 11:10 p.m.•61 views

CVE-2018-9397

The CVE-2018-9397 entry describes an OOB write in MTK WMT device driver, triggered in WMT_unlocked_ioctl due to a missing bounds check. The consequence is local privilege escalation to SYSTEM with no user interaction required. Documents consistently identify the affected component as the Mediatek...

7.8CVSS6.7AI score0.00084EPSS
CVE
CVE
•added 2024/11/20 5:37 p.m.•61 views

CVE-2018-9479

CVE-2018-9479 concerns an out-of-bounds write in the Bluetooth SDP server logic (sdp_server.cc) within functions process_service_attr_req and process_service_search_attr_req. The issue, observed across sources including Red Hat and NVD descriptions, could enable remote code execution without addi...

9.8CVSS7.6AI score0.00368EPSS
CVE
CVE
•added 2018/10/02 7:0 p.m.•61 views

CVE-2018-9492

CVE-2018-9492 concerns Android’s ActivityManagerService.checkGrantUriPermissionLocked, where a permissions bypass could allow local elevation of privilege without user interaction. Affected Android versions are 8.0, 8.1, and 9.0. The vulnerability’s impact is a local, privilege-escalation risk; t...

7.8CVSS7.6AI score0.00188EPSS
CVE
CVE
•added 2019/02/12 12:0 a.m.•61 views

CVE-2018-9586

The CVE-2018-9586 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1 and 9.0. It stems from a race condition in InstallPackageTask.java that can leave package verification turned off, enabling local elevation of privilege with no extra execution privileges or user interaction required. Affected pr...

7CVSS6AI score0.00131EPSS
CVE
CVE
•added 2019/02/28 5:0 p.m.•61 views

CVE-2019-1992

CVE-2019-1992 affects Android. In the code path bta_hl_sdp_query_results within bta_hl_main.cc a race condition can cause a use-after-free, leading to remote code execution with no extra privileges needed. The issue is tied to Android versions 7.0–7.1.2, 8.0, 8.1, and 9 (Android ID: A-116222069)....

7.6CVSS7.8AI score0.01335EPSS
CVE
CVE
•added 2019/05/08 4:30 p.m.•61 views

CVE-2019-2051

CVE-2019-2051 is a vulnerability described in the Android ecosystem: it is a remote-read out-of-bounds issue in the Android system spaces.h encountered while processing a PAC file, allowing potential information disclosure without user interaction. Affected products are Android versions 7.0, 7.1....

7.8CVSS7AI score0.01023EPSS
CVE
CVE
•added 2020/03/24 7:16 p.m.•61 views

CVE-2019-20605

CVE-2019-20605 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) on Exynos chipsets. The issue is a heap overflow in the Shannon baseband modem, as described in multiple sources (Samsung ID SVE-2019-14071). CVSS metrics from NVD indicate a high/critical risk: Network attack vector...

10CVSS9.6AI score0.00561EPSS
CVE
CVE
•added 2020/04/17 1:40 p.m.•61 views

CVE-2019-20777

CVE-2019-20777 affects LG mobile devices running Android 7.0–9.0 (V40 and G7 family). The issue is in WapService during OTA Provisioning, where OTA provisioning handling is mishandled, constituting the root cause. Documents describe the vulnerable component and affected OS versions but do not pro...

9.8CVSS9.2AI score0.00443EPSS
CVE
CVE
•added 2019/07/08 5:37 p.m.•61 views

CVE-2019-2112

CVE-2019-2112 : In Android, memory corruption via a use-after-free in alarm.cc could enable local code execution with no authentication and no user interaction. Affected: Android 8.0, 8.1, and 9.0. Root cause: use-after-free in alarm.cc. Impact: local privilege escalation with high severity per C...

7.8CVSS7.7AI score0.00153EPSS
CVE
CVE
•added 2019/08/20 7:49 p.m.•61 views

CVE-2019-2128

CVE-2019-2128 is an elevation-of-privilege vulnerability in Android’s Media/ACELP code path. The issue is an out-of-bounds write in ACELP_4t64_fx (c4t64fx.c) caused by a missing bounds check, enabling local privilege escalation without extra execution privileges. Affected products include Android...

7.8CVSS7.7AI score0.0019EPSS
CVE
CVE
•added 2020/06/10 5:12 p.m.•61 views

CVE-2020-0116

CVE-2020-0116 is a local information-disclosure issue in Android 10’s System area stemming from a permissions bypass in LocationAccessPolicy.checkSystemLocationAccess, which could bypass user profile isolation and disclose data without extra execution privileges. Affected product: Android (Androi...

5.5CVSS5.1AI score0.00175EPSS
CVE
CVE
•added 2020/12/15 3:54 p.m.•61 views

CVE-2020-0478

CVE-2020-0478 targets Android-11, with a vulnerability in restoration.c (extend_frame_lowbd) causing an out-of-bounds write due to a missing bounds check. This can enable local privilege escalation and requires user interaction for exploitation. Affects Android-11; exploitation details or patch/v...

7.8CVSS7.8AI score0.00461EPSS
CVE
CVE
•added 2020/03/24 5:5 p.m.•61 views

CVE-2020-10831

The provided documents identify CVE-2020-10831 as affecting Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) software, where attackers can trigger an update to arbitrary touch‑screen firmware. The root cause and exact vulnerable component are not elaborated in the supplied sources, and ...

7.5CVSS7.6AI score0.00228EPSS
CVE
CVE
•added 2020/10/06 6:36 p.m.•61 views

CVE-2020-26600

CVE-2020-26600 concerns Samsung mobile devices running Q(10.0). The issue involves the Auto Hotspot feature, which can allow a remote attacker to obtain sensitive information over the network. Key details from connected sources: Affected product area: Samsung Mobile Android distribution with Q(10...

7.5CVSS7.4AI score0.00413EPSS
CVE
CVE
•added 2020/10/06 6:36 p.m.•61 views

CVE-2020-26604

CVE-2020-26604 affects Samsung Android SystemUI across O(8.x) to R(11.0). The issue enables a network-sourced attack via PendingIntent where an unprivileged process can access contact numbers. Affected component: SystemUI on Samsung devices; root cause: incorrect handling of PendingIntent permiss...

7.5CVSS7.5AI score0.00413EPSS
CVE
CVE
•added 2020/10/06 6:35 p.m.•61 views

CVE-2020-26605

Technical details about CVE-2020-26605 are not publicly provided in the supplied documents. Monitor for updates from vendors (Samsung security page, Red Hat, NCSC advisories) for affected products, fixes, and impact.

7.5CVSS7.3AI score0.00413EPSS
CVE
CVE
•added 2020/11/08 4:3 a.m.•61 views

CVE-2020-28340

Samsung CVE-2020-28340 affects mobile devices running O(8.x) to R(11.0) and describes a vulnerability that allows bypassing Factory Reset Protection via Secure Folder (Samsung ID SVE-2020-18546). NVD reports CVSSv3.1 base score 9.8 (CRITICAL) and CVSSv2 base score 7.5 (HIGH); attack vector NETWOR...

9.8CVSS9.3AI score0.00449EPSS
CVE
CVE
•added 2020/12/18 8:44 a.m.•61 views

CVE-2020-35554

CVE-2020-35554 affects LG mobile devices running Android 8.x–10 with a WebView SSL error-handler vulnerability. The issue is described as an SSL handling weakness in WebView, linked to LG’s internal identifier LVE-SMP-200026 (December 2020). Connected sources corroborate the vulnerability across ...

7.8CVSS7.6AI score0.00135EPSS
CVE
CVE
•added 2021/02/26 8:19 p.m.•61 views

CVE-2021-0367

The CVE-2021-0367 entry describes a race-condition induced memory corruption in Android’s vpu component, enabling local escalation of privilege with System permissions required and no user interaction. Affected products are Android 10 and Android 11; the issue is tied to patch ALPS05371580 (Issue...

6.9CVSS6.7AI score0.00096EPSS
CVE
CVE
•added 2021/11/18 2:55 p.m.•61 views

CVE-2021-0623

CVE-2021-0623 affects the asf extractor component. The linked records describe an out-of-bounds read caused by an integer overflow, leading to local information disclosure without requiring user interaction. The vulnerability is documented across multiple sources (including NVD and vendor/Red Hat...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
•added 2021/03/04 8:59 p.m.•61 views

CVE-2021-25338

CVE-2021-25338 describes an improper memory access control weakness in the RKP of Samsung mobile devices prior to the SMR Mar-2021 Release 1. The issue allows a compromised kernel to write portions of the RKP EL2 memory region, implying local attacker capabilities with kernel-level access and pot...

5.2CVSS5.2AI score0.00121EPSS
CVE
CVE
•added 2022/08/11 3:18 p.m.•61 views

CVE-2022-20289

CVE-2022-20289 affects Android 13: a side-channel in PackageInstaller can reveal whether an app is installed without query permissions, causing local information disclosure with no user interaction. Root cause: information disclosure via PackageInstaller side channel. Impact: potential exposure o...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
•added 2022/08/11 3:24 p.m.•61 views

CVE-2022-20311

CVE-2022-20311 affects Android 13 Telecomm: a missing permission check could disclose registered self-managed phone accounts, enabling local information disclosure with low risk of exploitation (attack vector LOCAL, UI:N). Root cause is a permission check omission in Telecomm that exposes sensiti...

3.3CVSS4.4AI score0.00089EPSS
CVE
CVE
•added 2022/08/11 3:30 p.m.•61 views

CVE-2022-20339

CVE-2022-20339 affects Android 13 and is caused by an insecure SEpolicy configuration that allows access to the network neighbor table, leading to local information disclosure of network topography with no additional execution privileges and no user interaction required. The incident is described...

3.3CVSS4.5AI score0.00094EPSS
CVE
CVE
•added 2023/10/30 4:18 p.m.•61 views

CVE-2022-20531

The provided connected documents confirm CVE-2022-20531 affects Android’s Telecom component, describing a side-channel information disclosure that lets an app determine if another app is installed without query permissions. This enables local information disclosure with no extra execution privile...

5.5CVSS5.6AI score0.0013EPSS
CVE
CVE
•added 2022/07/06 1:6 p.m.•61 views

CVE-2022-21765

CVE-2022-21765 affects the CCCI component. The root cause is a missing bounds check that enables an out-of-bounds write, leading to local escalation of privilege with SYSTEM-level execution rights. Exploitation reportedly does not require user interaction. A patch is referenced (Patch ID: ALPS066...

6.7CVSS6.7AI score0.00113EPSS
CVE
CVE
•added 2022/01/07 10:39 p.m.•61 views

CVE-2022-22267

Samsung ActivityMetricsLogger on mobile devices is affected by CVE-2022-22267: an implicit intent hijacking flaw that can disclose information about a running application. The vulnerability is tied to ActivityMetricsLogger before SMR Jan-2022 Release 1. Documented impact is information disclosure...

4CVSS4.1AI score0.00102EPSS
CVE
CVE
•added 2022/04/11 7:37 p.m.•61 views

CVE-2022-26095

CVE-2022-26095 affects the libsimba library, with a null pointer dereference in the parser_colr function prior to Samsung SMR Apr-2022 Release 1, enabling out-of-bounds writes by a remote attacker. Impacts and mitigations from connected docs indicate vulnerable component is the parser_colr code p...

9.8CVSS9.4AI score0.00503EPSS
CVE
CVE
•added 2022/08/01 1:57 p.m.•61 views

CVE-2022-26429

CVE-2022-26429 concerns a missing permission check in the cta component, enabling an app to write permission usage records. This constitutes a local privilege escalation vulnerability with a LOCAL attack vector, LOW privileges required, and NO user interaction needed. The NVD entry cites a patch ...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
•added 2022/08/01 1:58 p.m.•61 views

CVE-2022-26436

The vulnerability CVE-2022-26436 affects the emi mpu component and is caused by a missing bounds check, leading to an out-of-bounds read. This can lead to local information disclosure with System execution privileges required, and no user interaction is needed. A patch identified as ALPS07023666 ...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
•added 2022/11/08 12:0 a.m.•61 views

CVE-2022-32612

CVE-2022-32612 concerns a possible memory-use-after-free in the MediaTek/vcu stack caused by a race condition. Reported as enabling local escalation of privilege with System execution privileges required and no user interaction needed. Multiple sources confirm the issue, but public details about ...

6.4CVSS6.6AI score0.00098EPSS
CVE
CVE
•added 2022/07/11 1:33 p.m.•61 views

CVE-2022-33687

Exposure of Sensitive Information in telephony-common.jar prior to the Samsung SMR July‑2022 Release 1 allows a local attacker with log access to obtain IMSI from device logs. The issue stems from information disclosure in telephony-common.jar on Samsung mobile devices. Affected component: teleph...

3.3CVSS3.9AI score0.00099EPSS
CVE
CVE
•added 2022/07/11 1:35 p.m.•61 views

CVE-2022-33694

CVE-2022-33694 is an exposure of sensitive information in the Samsung CSC application on Samsung Mobile devices. The root issue is disclosure of wifi information through unprotected intent broadcasting within the CSC app prior to the SMR July 2022 release 1. The vulnerability permits a local atta...

4CVSS3.7AI score0.00099EPSS
CVE
CVE
•added 2022/07/11 1:35 p.m.•61 views

CVE-2022-33697

CVE-2022-33697 corresponds to a local information-disclosure vulnerability in Samsung ImsCore, specifically ImsServiceSwitchBase, where IMSI can be exposed via device logs. Affected software: ImsCore prior to SMR Jul-2022 Release 1. Root cause: failure to protect sensitive information in logs; re...

3.3CVSS3.7AI score0.00099EPSS
CVE
CVE
•added 2023/02/06 5:27 a.m.•61 views

CVE-2022-38680

In CVE-2022-38680, the vulnerability is in the WLAN driver where a missing parameter check can allow local denial of service against WLAN services. Affected component: WLAN driver (details on exact versions not provided). Root cause: insufficient validation of parameters leading to resource disru...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
•added 2023/01/04 12:0 a.m.•61 views

CVE-2022-38683

CVE-2022-38683 affects the contacts service, where a missing permission check could allow local denial of service without additional execution privileges. Public documents consistently describe a local, privilege-check issue in the contacts service as the root cause. The CVSS vector indicates LOC...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
•added 2023/02/06 5:27 a.m.•61 views

CVE-2022-38686

The documents confirm a vulnerability in the wlan driver caused by a missing parameter check, enabling local denial of service in wlan services. Affected component: wlan driver (no specific vendor or version provided in the sources). Root cause: insufficient input validation leading to a service ...

6.4CVSS5.3AI score0.00089EPSS
CVE
CVE
•added 2022/10/14 12:0 a.m.•61 views

CVE-2022-39114

CVE-2022-39114 describes a missing permission check in the Music service that can lead to a local denial of service without requiring additional execution privileges. The NVD entry assigns a CVSS v3.1 base score of 5.5 (Local, Low attack complexity, Low privileges required, Availability impact), ...

5.5CVSS5.4AI score0.00097EPSS
CVE
CVE
•added 2022/10/14 12:0 a.m.•61 views

CVE-2022-39126

CVE-2022-39126 affects the sensor driver with an out-of-bounds write caused by a missing bounds check, leading to local kernel denial of service. Multiple sources (NVD, Red Hat, CNNVD, PRION, etc.) reproduce the description and tie it to Unisoc chipsets (sensor driver). The documents do not provi...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
•added 2023/11/29 9:29 p.m.•61 views

CVE-2022-42541

CVE-2022-42541 is a Remote Code Execution vulnerability associated with Google Chromecast/Android Secure Monitor (AMLogic). Public sources in the connected documents describe a critical impact (CVSS v3.1: 9.8, Network attack vector, no authentication, no user interaction) affecting confidentialit...

9.8CVSS9.7AI score0.00512EPSS
CVE
CVE
•added 2023/01/04 12:0 a.m.•61 views

CVE-2022-44444

The CVE-2022-44444 entry concerns a vulnerability in the WLAN driver caused by a missing bounds check. Affects the WLAN driver component and could lead to local denial of service in WLAN services. Exploitation details, affected versions, and a confirmed patch/remediation are not disclosed in the ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
•added 2023/02/06 5:27 a.m.•61 views

CVE-2022-47327

CVE-2022-47327 affects WLAN driver components with a missing permission check that can lead to local information disclosure. Multiple connected sources (including Red Hat, NVD, CNNVD) corroborate the core flaw: unauthorized local access to sensitive information due to insufficient privilege valid...

5.5CVSS5.1AI score0.00089EPSS
CVE
CVE
•added 2023/02/06 5:27 a.m.•61 views

CVE-2022-47364

The CVE-2022-47364 entry concerns a vulnerability in the wlan driver caused by a missing bounds check, enabling an out-of-bounds write that could lead to local denial of service in wlan services. Documents consistently identify the affected component as the wlan driver and describe the impact as ...

5.7CVSS5.4AI score0.00091EPSS
CVE
CVE
•added 2023/05/09 1:20 a.m.•61 views

CVE-2022-48234

CVE-2022-48234 affects UNISOC chipsets’ FM service module. The entry notes a missing parameter check in FM service, enabling local denial of service. Documents list NVD/Red Hat/CVE records with CVSS v3.1 metrics (AV:L, AC:L, PR:L/H, UI:N, S:U, C:N/I:N/A:H) and a base score around 5.5 (NVD) or 4.4...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
•added 2023/02/06 12:0 a.m.•61 views

CVE-2023-20611

CVE-2023-20611 concerns a race-condition related use-after-free in the GPU component, leading to local escalation of privilege with SYSTEM privileges required and no user interaction. Patch ALPS07588678/ALPS07588678 is referenced. Multiple sources (NVD, Red Hat, CVE listings) corroborate the same...

6.4CVSS6.6AI score0.00092EPSS
CVE
CVE
•added 2023/02/06 12:0 a.m.•61 views

CVE-2023-20613

The CVE-2023-20613 entry refers to a vulnerability in the MediaTek ril component where a missing bounds check allows an out-of-bounds write, potentially enabling local escalation of privileges to SYSTEM with no user interaction required. Exploitation status is not detailed in the documents, but t...

6.7CVSS6.7AI score0.001EPSS
CVE
CVE
•added 2023/06/06 12:11 p.m.•61 views

CVE-2023-20716

CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...

6.7CVSS6.7AI score0.00093EPSS
Total number of security vulnerabilities8153