Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/11/14 6:0 p.m.61 views

CVE-2018-9527

The CVE-2018-9527 issue affects Android’s Media framework, specifically in vorbis_book_decodev_set of codebook.c, where a missing bounds check can cause an out-of-bounds write. This could enable remote code execution with no extra privileges, requiring user interaction to exploit. Affected versio...

9.3CVSS8.1AI score0.01203EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.61 views

CVE-2018-9586

The CVE-2018-9586 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1 and 9.0. It stems from a race condition in InstallPackageTask.java that can leave package verification turned off, enabling local elevation of privilege with no extra execution privileges or user interaction required. Affected pr...

7CVSS6AI score0.00131EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.61 views

CVE-2019-1992

CVE-2019-1992 affects Android. In the code path bta_hl_sdp_query_results within bta_hl_main.cc a race condition can cause a use-after-free, leading to remote code execution with no extra privileges needed. The issue is tied to Android versions 7.0–7.1.2, 8.0, 8.1, and 9 (Android ID: A-116222069)....

7.6CVSS7.8AI score0.01335EPSS
CVE
CVE
added 2019/07/08 5:34 p.m.61 views

CVE-2019-2105

CVE-2019-2105 affects Android’s library component: in FileInputStream::Read of file_input_stream.cc, a memory corruption due to uninitialized data could enable remote code execution in an unprivileged process. Exploitation requires user interaction. Affected Android versions include 7.0, 7.1.1, 7...

8.8CVSS8.7AI score0.00712EPSS
CVE
CVE
added 2020/01/08 6:30 p.m.61 views

CVE-2020-0003

CVE-2020-0003 affects Android 8.0 when the framework’s InstallStart.java onCreate contains a time‑of‑check time‑of‑use packaging validation bypass. The issue could allow a local elevation of privilege with user interaction required, via a vulnerability in the Android Framework. Public details ind...

6.7CVSS6.7AI score0.0014EPSS
CVE
CVE
added 2020/03/10 7:56 p.m.61 views

CVE-2020-0039

CVE-2020-0039 affects Android 8.0–10 via an out-of-bounds read in rw_i93_sm_update_ndef (rw_i93.cc) caused by a missing bounds check, enabling potential remote information disclosure with no user interaction. The issue is categorized as Information Disclosure (Android 8–10) with network-based exp...

7.8CVSS7AI score0.01145EPSS
CVE
CVE
added 2020/06/10 5:12 p.m.61 views

CVE-2020-0116

CVE-2020-0116 is a local information-disclosure issue in Android 10’s System area stemming from a permissions bypass in LocationAccessPolicy.checkSystemLocationAccess, which could bypass user profile isolation and disclose data without extra execution privileges. Affected product: Android (Androi...

5.5CVSS5.1AI score0.00175EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.61 views

CVE-2020-0478

CVE-2020-0478 targets Android-11, with a vulnerability in restoration.c (extend_frame_lowbd) causing an out-of-bounds write due to a missing bounds check. This can enable local privilege escalation and requires user interaction for exploitation. Affects Android-11; exploitation details or patch/v...

7.8CVSS7.8AI score0.00461EPSS
CVE
CVE
added 2020/10/06 6:36 p.m.61 views

CVE-2020-26600

CVE-2020-26600 concerns Samsung mobile devices running Q(10.0). The issue involves the Auto Hotspot feature, which can allow a remote attacker to obtain sensitive information over the network. Key details from connected sources: Affected product area: Samsung Mobile Android distribution with Q(10...

7.5CVSS7.4AI score0.00413EPSS
CVE
CVE
added 2020/10/06 6:35 p.m.61 views

CVE-2020-26605

Technical details about CVE-2020-26605 are not publicly provided in the supplied documents. Monitor for updates from vendors (Samsung security page, Red Hat, NCSC advisories) for affected products, fixes, and impact.

7.5CVSS7.3AI score0.00413EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.61 views

CVE-2021-0367

The CVE-2021-0367 entry describes a race-condition induced memory corruption in Android’s vpu component, enabling local escalation of privilege with System permissions required and no user interaction. Affected products are Android 10 and Android 11; the issue is tied to patch ALPS05371580 (Issue...

6.9CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2021/11/18 2:55 p.m.61 views

CVE-2021-0623

CVE-2021-0623 affects the asf extractor component. The linked records describe an out-of-bounds read caused by an integer overflow, leading to local information disclosure without requiring user interaction. The vulnerability is documented across multiple sources (including NVD and vendor/Red Hat...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/03/04 8:59 p.m.61 views

CVE-2021-25338

CVE-2021-25338 describes an improper memory access control weakness in the RKP of Samsung mobile devices prior to the SMR Mar-2021 Release 1. The issue allows a compromised kernel to write portions of the RKP EL2 memory region, implying local attacker capabilities with kernel-level access and pot...

5.2CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2022/08/11 3:18 p.m.61 views

CVE-2022-20289

CVE-2022-20289 affects Android 13: a side-channel in PackageInstaller can reveal whether an app is installed without query permissions, causing local information disclosure with no user interaction. Root cause: information disclosure via PackageInstaller side channel. Impact: potential exposure o...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:24 p.m.61 views

CVE-2022-20311

CVE-2022-20311 affects Android 13 Telecomm: a missing permission check could disclose registered self-managed phone accounts, enabling local information disclosure with low risk of exploitation (attack vector LOCAL, UI:N). Root cause is a permission check omission in Telecomm that exposes sensiti...

3.3CVSS4.4AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:30 p.m.61 views

CVE-2022-20339

CVE-2022-20339 affects Android 13 and is caused by an insecure SEpolicy configuration that allows access to the network neighbor table, leading to local information disclosure of network topography with no additional execution privileges and no user interaction required. The incident is described...

3.3CVSS4.5AI score0.00094EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.61 views

CVE-2022-20531

The provided connected documents confirm CVE-2022-20531 affects Android’s Telecom component, describing a side-channel information disclosure that lets an app determine if another app is installed without query permissions. This enables local information disclosure with no extra execution privile...

5.5CVSS5.6AI score0.0013EPSS
CVE
CVE
added 2022/07/06 1:6 p.m.61 views

CVE-2022-21765

CVE-2022-21765 affects the CCCI component. The root cause is a missing bounds check that enables an out-of-bounds write, leading to local escalation of privilege with SYSTEM-level execution rights. Exploitation reportedly does not require user interaction. A patch is referenced (Patch ID: ALPS066...

6.7CVSS6.7AI score0.00113EPSS
CVE
CVE
added 2022/01/07 10:39 p.m.61 views

CVE-2022-22267

Samsung ActivityMetricsLogger on mobile devices is affected by CVE-2022-22267: an implicit intent hijacking flaw that can disclose information about a running application. The vulnerability is tied to ActivityMetricsLogger before SMR Jan-2022 Release 1. Documented impact is information disclosure...

4CVSS4.1AI score0.00102EPSS
CVE
CVE
added 2022/04/11 7:37 p.m.61 views

CVE-2022-26095

CVE-2022-26095 affects the libsimba library, with a null pointer dereference in the parser_colr function prior to Samsung SMR Apr-2022 Release 1, enabling out-of-bounds writes by a remote attacker. Impacts and mitigations from connected docs indicate vulnerable component is the parser_colr code p...

9.8CVSS9.4AI score0.00503EPSS
CVE
CVE
added 2022/08/01 1:57 p.m.61 views

CVE-2022-26429

CVE-2022-26429 concerns a missing permission check in the cta component, enabling an app to write permission usage records. This constitutes a local privilege escalation vulnerability with a LOCAL attack vector, LOW privileges required, and NO user interaction needed. The NVD entry cites a patch ...

7.8CVSS7.7AI score0.00091EPSS
CVE
CVE
added 2022/08/01 1:58 p.m.61 views

CVE-2022-26436

The vulnerability CVE-2022-26436 affects the emi mpu component and is caused by a missing bounds check, leading to an out-of-bounds read. This can lead to local information disclosure with System execution privileges required, and no user interaction is needed. A patch identified as ALPS07023666 ...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.61 views

CVE-2022-32612

CVE-2022-32612 concerns a possible memory-use-after-free in the MediaTek/vcu stack caused by a race condition. Reported as enabling local escalation of privilege with System execution privileges required and no user interaction needed. Multiple sources confirm the issue, but public details about ...

6.4CVSS6.6AI score0.00098EPSS
CVE
CVE
added 2022/07/11 1:33 p.m.61 views

CVE-2022-33687

Exposure of Sensitive Information in telephony-common.jar prior to the Samsung SMR July‑2022 Release 1 allows a local attacker with log access to obtain IMSI from device logs. The issue stems from information disclosure in telephony-common.jar on Samsung mobile devices. Affected component: teleph...

3.3CVSS3.9AI score0.00099EPSS
CVE
CVE
added 2022/07/11 1:35 p.m.61 views

CVE-2022-33694

CVE-2022-33694 is an exposure of sensitive information in the Samsung CSC application on Samsung Mobile devices. The root issue is disclosure of wifi information through unprotected intent broadcasting within the CSC app prior to the SMR July 2022 release 1. The vulnerability permits a local atta...

4CVSS3.7AI score0.00099EPSS
CVE
CVE
added 2022/07/11 1:35 p.m.61 views

CVE-2022-33697

CVE-2022-33697 corresponds to a local information-disclosure vulnerability in Samsung ImsCore, specifically ImsServiceSwitchBase, where IMSI can be exposed via device logs. Affected software: ImsCore prior to SMR Jul-2022 Release 1. Root cause: failure to protect sensitive information in logs; re...

3.3CVSS3.7AI score0.00099EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.61 views

CVE-2022-38680

In CVE-2022-38680, the vulnerability is in the WLAN driver where a missing parameter check can allow local denial of service against WLAN services. Affected component: WLAN driver (details on exact versions not provided). Root cause: insufficient validation of parameters leading to resource disru...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.61 views

CVE-2022-38683

CVE-2022-38683 affects the contacts service, where a missing permission check could allow local denial of service without additional execution privileges. Public documents consistently describe a local, privilege-check issue in the contacts service as the root cause. The CVSS vector indicates LOC...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.61 views

CVE-2022-38686

The documents confirm a vulnerability in the wlan driver caused by a missing parameter check, enabling local denial of service in wlan services. Affected component: wlan driver (no specific vendor or version provided in the sources). Root cause: insufficient input validation leading to a service ...

6.4CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.61 views

CVE-2022-39114

CVE-2022-39114 describes a missing permission check in the Music service that can lead to a local denial of service without requiring additional execution privileges. The NVD entry assigns a CVSS v3.1 base score of 5.5 (Local, Low attack complexity, Low privileges required, Availability impact), ...

5.5CVSS5.4AI score0.00097EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.61 views

CVE-2022-39126

CVE-2022-39126 affects the sensor driver with an out-of-bounds write caused by a missing bounds check, leading to local kernel denial of service. Multiple sources (NVD, Red Hat, CNNVD, PRION, etc.) reproduce the description and tie it to Unisoc chipsets (sensor driver). The documents do not provi...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/11/29 9:29 p.m.61 views

CVE-2022-42541

CVE-2022-42541 is a Remote Code Execution vulnerability associated with Google Chromecast/Android Secure Monitor (AMLogic). Public sources in the connected documents describe a critical impact (CVSS v3.1: 9.8, Network attack vector, no authentication, no user interaction) affecting confidentialit...

9.8CVSS9.7AI score0.00512EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.61 views

CVE-2022-42765

CVE-2022-42765 concerns a missing bounds check in the wlan driver, leading to local denial of service in wlan services. The Red Hat/NVD descriptions and related feeds consistently cite a bound-check omission in the wlan driver as the root cause, with local attacker context and impact on availabil...

6.6CVSS5.3AI score0.00082EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.61 views

CVE-2022-44444

The CVE-2022-44444 entry concerns a vulnerability in the WLAN driver caused by a missing bounds check. Affects the WLAN driver component and could lead to local denial of service in WLAN services. Exploitation details, affected versions, and a confirmed patch/remediation are not disclosed in the ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.61 views

CVE-2022-47327

CVE-2022-47327 affects WLAN driver components with a missing permission check that can lead to local information disclosure. Multiple connected sources (including Red Hat, NVD, CNNVD) corroborate the core flaw: unauthorized local access to sensitive information due to insufficient privilege valid...

5.5CVSS5.1AI score0.00089EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.61 views

CVE-2022-47364

The CVE-2022-47364 entry concerns a vulnerability in the wlan driver caused by a missing bounds check, enabling an out-of-bounds write that could lead to local denial of service in wlan services. Documents consistently identify the affected component as the wlan driver and describe the impact as ...

5.7CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.61 views

CVE-2022-48234

CVE-2022-48234 affects UNISOC chipsets’ FM service module. The entry notes a missing parameter check in FM service, enabling local denial of service. Documents list NVD/Red Hat/CVE records with CVSS v3.1 metrics (AV:L, AC:L, PR:L/H, UI:N, S:U, C:N/I:N/A:H) and a base score around 5.5 (NVD) or 4.4...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.61 views

CVE-2023-20611

CVE-2023-20611 concerns a race-condition related use-after-free in the GPU component, leading to local escalation of privilege with SYSTEM privileges required and no user interaction. Patch ALPS07588678/ALPS07588678 is referenced. Multiple sources (NVD, Red Hat, CVE listings) corroborate the same...

6.4CVSS6.6AI score0.00092EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.61 views

CVE-2023-20613

The CVE-2023-20613 entry refers to a vulnerability in the MediaTek ril component where a missing bounds check allows an out-of-bounds write, potentially enabling local escalation of privileges to SYSTEM with no user interaction required. Exploitation status is not detailed in the documents, but t...

6.7CVSS6.7AI score0.001EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.61 views

CVE-2023-20716

CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.61 views

CVE-2023-20742

CVE-2023-20742 affects the ril module in MediaTek devices, with an out-of-bounds read caused by a missing bounds check. This could lead to local information disclosure and, potentially, system execution privileges, with no user interaction required. The vulnerability is documented across multiple...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.61 views

CVE-2023-20790

The CVE-2023-20790 entry maps to MediaTek devices with an nvram module vulnerability caused by a missing bounds check, leading to an out-of-bounds write. This can result in local information disclosure and, per the description, requires system execution privileges with no user interaction. Public...

4.4CVSS4.4AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21309

CVE-2023-21309 affects libcore (Android). The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure without extra privileges or user interaction. Exploitation details beyond this are not provided in the supplied documents. No sp...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21313

CVE-2023-21313 affects Android Core with a missing permission check that allows forwarding calls without user knowledge, enabling local elevation of privilege. Exploitation requires Local access; UI interaction is not needed. The CVSSv3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates hig...

7.8CVSS7.8AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21343

CVE-2023-21343 affects Android’s ActivityStarter where an unsafe PendingIntent can trigger a background activity launch, enabling local elevation of privilege without user interaction. Affected component: ActivityStarter (framework). Root cause: unsafe PendingIntent that can be exploited locally....

7.8CVSS7.8AI score0.00103EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21353

CVE-2023-21353 affects a component labeled NFA in Android, where a missing bounds check can cause an out-of-bounds read. The resulting vulnerability leads to remote information disclosure without requiring privileges or user interaction. Documents consistently describe the impact as information d...

7.5CVSS7.4AI score0.00372EPSS
CVE
CVE
added 2023/07/12 11:53 p.m.61 views

CVE-2023-35691

Technical details about CVE-2023-35691 are not publicly provided in the supplied documents. No concrete affected products, versions, or remediation are present. Monitor for updates.

7.2CVSS6.8AI score0.00491EPSS
CVE
CVE
added 2023/10/08 3:35 a.m.61 views

CVE-2023-40637

CVE-2023-40637 involves UNISOC chipsets’ telecom service where a missing permission check could allow local information disclosure without executing code or elevating privileges. The NVD entry notes a local attack vector with low adversarial effort and low privileges required, exposing high-confi...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.61 views

CVE-2023-52352

Summary: CVE-2023-52352 concerns the Network Adapter Service where a missing permission check could allow local denial of service without extra execution privileges. The connected documents link this vulnerability to UNISOC chipsets and multiple trackers (Red Hat, NVD, CVE list, PT Security, CNNV...

6.2CVSS6.6AI score0.00076EPSS
CVE
CVE
added 2024/05/06 2:52 a.m.61 views

CVE-2024-20021

The CVE-2024-20021 issue affects the ARM Trusted Firmware (ATF) SPM component and stems from a logic error that allows remapping of physical memory to virtual memory. This could enable local privilege escalation with System execution privileges (S-mode) required, and exploitable without user inte...

6.7CVSS6.7AI score0.00111EPSS
Total number of security vulnerabilities8153