Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/12/06 12:0 a.m.60 views

CVE-2022-42779

CVE-2022-42779 affects the WLAN driver (notably in UNISOC-based chipsets) where a missing bounds check can cause local denial of service in WLAN services. The NVD entry cites a CVSS v3.1 base score of 5.5 (MEDIUM) with LOCAL attack vector, LOW attack complexity, LOW privileges required, no user i...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.60 views

CVE-2022-47348

CVE-2022-47348 describes a missing permission check in engineermode services, enabling local denial of service. The vulnerability affects engineermode components (local privilege context) with local attack vector and low/none privilege requirements per CVSS vectors. Exploitation status is not det...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.60 views

CVE-2022-47361

In CVE-2022-47361, the issue is a missing permission check in the firewall service, enabling local privilege escalation to system execution privileges. The vulnerability is described across multiple sources with a CVSS v3.1 base score of 7.8 (LOCAL attack vector, LOW exploit complexity, LOW privi...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2023/02/06 5:28 a.m.60 views

CVE-2022-47368

CVE-2022-47368 affects the wlan driver and stems from a missing parameters check in the driver code, which could enable a local denial of service in wlan services. The impact is a local DoS; exploitation and vendor/version details are not provided in the supplied documents. No patch/version fix i...

5.7CVSS5.3AI score0.00091EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.60 views

CVE-2022-47453

CVE-2022-47453 affects the wcn service , with the root cause stated as a missing parameter check. The consequence described is a local denial of service in the wcn service. The connected documents confirm the issue but do not provide specific vendor/version details or a confirmed patch/fix. No ex...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.60 views

CVE-2022-47455

CVE-2022-47455 relates to the UNISOC WLAN driver, where a missing parameter check in the WLAN subsystem can cause local denial of service to WLAN services. Affected software is described as the WLAN driver in UNISOC chipsets; the root cause is a lack of validation for input parameters. The CVE no...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/03/07 1:32 a.m.60 views

CVE-2022-47458

CVE-2022-47458 affects the UNISOC chipsets WLAN module (wlan driver) with a vulnerability caused by missing parameter checks. This can lead to local denial of service in the WLAN service. The connected documents confirm the root cause is parameter validation issues and indicate local exploitation...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.60 views

CVE-2023-20731

CVE-2023-20731 affects the MediaTek WLAN component. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure with System execution privileges required. User interaction is not needed. Patch ID ALPS07573495 (Issue ALPS07573495) is listed ...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.60 views

CVE-2023-20736

CVE-2023-20736 affects the vcu component. The vulnerability is an out-of-bounds write caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. A patch is referenced: ALPS07645149 (Issue ALPS07645189). Exploitation detail...

6.4CVSS6.5AI score0.00067EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.60 views

CVE-2023-20800

CVE-2023-20800 affects MediaTek imgsys. The vulnerability is a missing pointer check in the imgsys component that can cause a system crash and enable local escalation of privilege with system execution privileges required. Exploitation requires user interaction. A patch exists (Patch ID: ALPS0742...

6.5CVSS6.6AI score0.00089EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.60 views

CVE-2023-20826

CVE-2023-20826 describes a vulnerability in the CTA component where a missing permission check allows local information disclosure without additional execution privileges. Exploitation is not dependent on user interaction listed in the report, and the issue is classified with a LOCAL attack vecto...

5.5CVSS5.1AI score0.00078EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.60 views

CVE-2023-21312

CVE-2023-21312 affects Android's IntentResolver, enabling cross-user media read via a confused deputy and resulting in local information disclosure without extra privileges. Exploitation is described as non-interactive and local, with no user interaction required and no remote access. There are m...

5.5CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.60 views

CVE-2023-21336

CVE-2023-21336 concerns an information disclosure vulnerability in Android’s Input Method, where side-channel information can reveal whether an app is installed without query permissions. The issue is described as a local information disclosure with no extra execution privileges required, and exp...

5.5CVSS5.6AI score0.00101EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.60 views

CVE-2023-21355

CVE-2023-21355 affects the Android libaudioclient component. The issue is an out-of-bounds write caused by a use-after-free, leading to a possible local escalation of privilege. No extra execution privileges are required, and exploitation does not require user interaction. The description indicat...

7.8CVSS8.3AI score0.00088EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.60 views

CVE-2023-32827

CVE-2023-32827 concerns the camera middleware in MediaTek devices, where a missing input validation can cause an out-of-bounds write. The vulnerability enables local escalation of privilege with System-level execution privileges; exploitation is reported as not requiring user interaction. Public ...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.60 views

CVE-2023-40649

CVE-2023-40649 concerns a missing permission check in the Messaging component, leading to local information disclosure without requiring additional execution privileges. The Red Hat/NVD entries reiterate the same issue: an information-disclosure risk arising from insufficient access control withi...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.60 views

CVE-2023-42640

Technical details are not publicly provided in the supplied documents. Monitor for updates from vendors and CVEs to confirm affected products, root cause, and remediation.

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2024/04/01 2:35 a.m.60 views

CVE-2024-20048

CVE-2024-20048 (flashc) : An uncaught exception in the flashc module can lead to information disclosure with local execution privileges required. The impact is on confidentiality (high) and exploitation is local with no user interaction required. Affected component: flashc. remediation exists: pa...

6.2CVSS6AI score0.00105EPSS
CVE
CVE
added 2024/07/01 3:18 a.m.60 views

CVE-2024-20079

The CVE-2024-20079 entry concerns the gnss service with an out-of-bounds write caused by improper input validation. The vulnerability could allow local escalation of privilege with system execution privileges, and exploitation does not require user interaction. A patch is referenced (ALPS08044040...

9.8CVSS7.2AI score0.00172EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.60 views

CVE-2025-20651

CVE-2025-20651 describes a potential out-of-bounds read caused by a missing bounds check in the affected component (described only as part of an unspecified implementation) that could lead to local information disclosure. Exploitation requires physical access to the device and user interaction; t...

4.1CVSS6.4AI score0.00089EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.60 views

CVE-2025-48633

CVE-2025-48633 concerns a logic error in Android Framework related to DevicePolicyManagerService.hasAccountsOnAnyUser, enabling a local attacker to add a Device Owner after provisioning and escalate privileges without user interaction. Connected sources (EUVD-2025-201737; Android Security Bulleti...

5.5CVSS6.5AI score0.00249EPSS
In wild
CVE
CVE
added 2011/07/08 5:0 p.m.59 views

CVE-2011-2344

The CVE concerns Android Picasa in Android 3.0 and 2.x through 2.3.4, where authToken is transmitted over cleartext HTTP from ClientLogin. This allowed remote attackers to sniff tokens from connections to picasaweb.google.com, enabling privilege escalation to access private pictures and web album...

10CVSS7.1AI score0.01145EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.59 views

CVE-2014-9885

CVE-2014-9885 is a format-string vulnerability in the Qualcomm qpnp-adc-tm.c driver (drivers/thermal) used on Nexus 5 devices running Android versions before 2016-08-05. A crafted app can supply format specifiers in a name to escalate privileges. The issue is documented in multiple sources (e.g.,...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.59 views

CVE-2014-9927

Technical details about CVE-2014-9927 are not publicly provided in the connected documents. The entries reiterate a buffer copy issue but do not specify affected product versions, root cause specifics, impact, or available fixes. Monitor for updates from vendors.

9.3CVSS7.2AI score0.00402EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.59 views

CVE-2014-9931

CVE-2014-9931 is a buffer overflow in CAF Linux kernel used by Android; triggered when an OEM customizes app region size due to a hard-coded value. Exploitation is local with user interaction; impact is high on confidentiality, integrity, and availability. No remediation details provided in the s...

9.3CVSS7.4AI score0.0063EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.59 views

CVE-2014-9961

CVE-2014-9961 is disclosed for Android builds from CAF that use the Linux kernel, describing a vulnerability in eMMC write protection that can be exploited to bypass power-on write protection. The issue is exploitable locally (attack vector: local) with user interaction potentially required, and ...

9.3CVSS7.3AI score0.00561EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.59 views

CVE-2015-3877

CVE-2015-3877 concerns Skia used in Android before 5.1.1 LMY48T. A vulnerability in libskia/media processing can allow a remote attacker to cause memory corruption, enabling remote code execution or a denial of service via a specially crafted media file. The issue is described as a remote-code-ex...

10CVSS7.8AI score0.0182EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.59 views

CVE-2015-7717

Technical details (affected products, root cause, CVSS, fixes) are not publicly available in the provided documents. Monitor for updates.

9.3CVSS6.5AI score0.00618EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.59 views

CVE-2015-8593

CVE-2015-8593 describes a buffer overflow in the 1x call processing of Qualcomm components used in Android CAF releases running the Linux kernel. The entry indicates a high-severity issue (CVSSv3: 9.8, CRITICAL) with network access, no user interaction, and no privileges required, potentially imp...

10CVSS9AI score0.01184EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.59 views

CVE-2016-0803

CVE-2016-0803 affects libstagefright in Android mediaserver (Mediaserver) by vulnerable memory allocation in the SoftMPEG4Encoder and SoftVPXEncoder components. A crafted media file can trigger remote code execution or memory corruption. Affected: Android 4.x before 4.4.4; 5.x before 5.1.1 LMY49G...

10CVSS9.4AI score0.02518EPSS
CVE
CVE
added 2020/04/07 1:9 p.m.59 views

CVE-2016-11039

CVE-2016-11039 affects Samsung mobile devices running KK/4.4, L/5.0–5.1, and M/6.0 (AP + CP MDM9x35 or Qualcomm Onechip). The issue is a NULL pointer dereference in the IPC socket code, as described by multiple sources (e.g., Red Hat and NVD records). Impact is indicated as HIGH with potential av...

7.8CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2020/04/07 12:55 p.m.59 views

CVE-2016-11041

The CVE-2016-11041 issue affects Samsung mobile devices on KK (Android 4.4). Affected component: the lockscreen handling; root cause: attackers can bypass the lockscreen by sending an AT command over USB. This vulnerability is documented across multiple sources (Red Hat, NVD, CVE List) with consi...

4.6CVSS5AI score0.00138EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.59 views

CVE-2016-2419

CVE-2016-2419 affects mediaserver (Android 6.x) where media/libmedia/IDrm.cpp does not initialize a key-request data structure, enabling information disclosure from process memory and bypass of an unspecified protection mechanism via unspecified vectors, with the attack demonstrated by obtaining ...

10CVSS7.7AI score0.00801EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.59 views

CVE-2016-2435

CVE-2016-2435 affects the NVIDIA video driver in Android on Nexus 9 devices prior to 2016-05-01. The issue allows a local attacker to escalate privileges via a crafted application (elevation of privilege in the NVIDIA video driver). Root cause: vulnerability in the NVIDIA video driver components ...

9.3CVSS7.5AI score0.00515EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.59 views

CVE-2016-2441

Technical details for CVE-2016-2441 are not publicly provided in the connected documents. The initial description only notes privilege escalation via the Qualcomm buspm driver on Nexus devices. Monitor for updates.

7.6CVSS7AI score0.00425EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.59 views

CVE-2016-2463

CVE-2016-2463 affects Android Mediaserver’s libstagefright h264dec, where multiple integer overflows in the media parsing path can trigger memory corruption. The issue permits remote code execution or denial of service when processing crafted video files. Vulnerable Android versions include 4.x u...

8.4CVSS8.4AI score0.00868EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.59 views

CVE-2016-3815

CVE-2016-3815 concerns the NVIDIA camera driver in Android (notably on Nexus 9). The connected NVIDIA bulletin entry specifies a kernel camera driver issue described as a stack read of a user-controlled length, which can disclose sensitive information to a crafted app. The associated details plac...

5.5CVSS5.4AI score0.00435EPSS
CVE
CVE
added 2017/01/12 11:0 p.m.59 views

CVE-2016-6492

CVE-2016-6492: In MediaTek's Linux driver, MT6573FDVT_SetRegHW (camera_fdvt.c) allows local privilege escalation via MT6573FDVTIOC_T_SET_FDCONF_CMD ioctl. The issue stems from input handling: code copies user data into a local buffer with copy_from_user, testing pREGIO->u4Count length without ...

9.3CVSS7.6AI score0.01131EPSS
Web
CVE
CVE
added 2016/11/25 4:0 p.m.59 views

CVE-2016-6701

CVE-2016-6701 refers to a remote code execution vulnerability in libskia used by Android 7.0 that can be triggered by processing specially crafted media/data files, causing memory corruption within the Gallery context. The issue is described as high severity with a CVSS v3 base score of 7.8 (LOCA...

7.8CVSS8.1AI score0.00927EPSS
CVE
CVE
added 2016/12/13 7:0 p.m.59 views

CVE-2016-6712

The CVE-2016-6712 entry describes a remote denial-of-service flaw in libvpx used by Mediaserver on Android. A specially crafted file can cause a device to hang or reboot. Affected Android platforms include 4.x (pre-4.4.4), 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-11-01). The availa...

7.1CVSS5.2AI score0.00722EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.59 views

CVE-2016-6784

CVE-2016-6784 is an elevation of privilege vulnerability in the MediaTek driver affecting Android. The MediaTek driver could allow a local malicious application to execute arbitrary code in the kernel context. The issue is classified as High because exploitation requires compromising a privileged...

9.3CVSS6.8AI score0.00502EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2016-8481

CVE-2016-8481 describes an elevation of privilege vulnerability in the Qualcomm sound driver on Android. A local malicious application could potentially execute arbitrary code in the kernel context if it first compromises a privileged process. The issue affects Android devices with affected kerne...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.59 views

CVE-2016-8487

CVE-2016-8487 describes an elevation of privilege vulnerability in Qualcomm closed source components used by the Android kernel. Affected software: Android kernel on devices with Qualcomm components. Root cause: privilege escalation within Qualcomm’s closed-source code. Impact: as per CVSS, allow...

10CVSS8.4AI score0.01116EPSS
CVE
CVE
added 2017/07/07 2:0 p.m.59 views

CVE-2017-0340

CVE-2017-0340 is an elevation of privilege in the NVIDIA Libnvparser component for Android, caused by a memcpy into a fixed-size buffer with user-controlled size that can lead to memory corruption and possible remote code execution. The entry is rated HIGH (CVSSv3 7.8, CVSSv2 9.3) and has no expl...

9.3CVSS7.8AI score0.01228EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.59 views

CVE-2017-0385

CVE-2017-0385 is an elevation-of-privilege vulnerability in Android’s Audioserver that could allow a local attacker to execute arbitrary code in the context of a privileged process. The issue affects Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected documents confirm...

9.3CVSS7.7AI score0.00689EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2017-0405

CVE-2017-0405 is a remote code execution vulnerability in Android’s SurfaceFlinger. The issue allows an attacker to trigger memory corruption by processing a specially crafted media file, within the SurfaceFlinger context. Affected products/versions stated in the documents are Android 7.0 and 7.1...

9.3CVSS7.6AI score0.01818EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2017-0419

The CVE-2017-0419 entry concerns Android Audioserver. A local elevation-of-privilege flaw could allow a malicious local app to execute arbitrary code within the context of a privileged process. Affected products include Android versions 4.4.4 through 7.1.1. The issue’s root cause is described as ...

9.3CVSS7.2AI score0.00911EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2017-0437

CVE-2017-0437 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android. The issue could allow a local malicious app to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver, with the Android kernel versions cited as Kernel-3.10 and Kernel-3...

7.6CVSS6.6AI score0.0087EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2017-0441

CVE-2017-0441 is a Qualcomm Wi‑Fi driver elevation-of-privilege vulnerability affecting Android kernels (Kernel-3.10, Kernel-3.18). The connected documents describe a local attacker could run a malicious application to execute arbitrary code in the kernel context, after compromising a privileged ...

7.6CVSS6.6AI score0.00882EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.59 views

CVE-2017-0470

CVE-2017-0470 describes a remote code execution vulnerability in Android’s Mediaserver. A crafted media file could trigger memory corruption during media file/data processing, allowing code execution within the Mediaserver process. Affected Android versions include 6.0, 6.0.1, 7.0, and 7.1.1. The...

9.3CVSS7.6AI score0.01422EPSS
Total number of security vulnerabilities8153