Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/01/21 11:4 p.m.194 views

CVE-2024-49732

CVE-2024-49732 affects Android’s CompanionDeviceManagerService.java. The issue is a missing permission check in multiple functions, enabling a local elevation of privilege by granting permissions without user consent and without requiring user interaction. Exploitation is described as local (AV:L...

7.8CVSS7.2AI score0.00073EPSS
CVE
CVE
added 2017/05/02 9:0 p.m.193 views

CVE-2014-9940

CVE-2014-9940 affects the Linux kernel regulator_ena_gpio_free function in drivers/regulator/core.c, with exploitation possible through local access to gain privileges or cause a denial of service via a use-after-free. Affected condition is kernel versions before 3.19. Impact per sources is high ...

7.6CVSS6.6AI score0.01613EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.193 views

CVE-2019-2227

CVE-2019-2227 affects Android devices via a DeepCopy bug in btif_av.cc that can trigger an out-of-bounds read, enabling remote information disclosure over Bluetooth without user interaction. The entry covers Android 9 and 10, with impact described as information disclosure (confidentiality) and a...

6.5CVSS6.1AI score0.00308EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.193 views

CVE-2021-39624

CVE-2021-39624 affects Android PackageManager and can trigger a permanent DoS via resource exhaustion. The issue enables local DoS with user privileges, no user interaction required. Public details confirm impact on Android 10–12/12L (including Android-11, Android-12, Android-12L) with the strong...

5.5CVSS5.3AI score0.00103EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.193 views

CVE-2021-39706

CVE-2021-39706 affects Android (versions 10–12). In CredentialStorage.java, onResume allows cleanup of credentials storage due to a missing permission check, enabling local elevation of privilege. Exploitation requires user interaction. The issue is categorized as EoP withHigh impact (local acces...

9.3CVSS7.6AI score0.00615EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.192 views

CVE-2019-2232

CVE-2019-2232 affects Android Framework TextLine.java (handleRun) and can cause remote denial of service via improper input validation when processing Unicode. Impact: DoS with high severity (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Affected: Android 8.0–10; exploit requires no user interaction and ...

7.8CVSS7.4AI score0.01073EPSS
CVE
CVE
added 2017/03/07 9:0 p.m.191 views

CVE-2016-10200

CVE-2016-10200 describes a race condition in the Linux kernel’s L2TPv3 IP Encapsulation feature that can allow a local user to escalate privileges or cause a denial of service via repeated bind() calls without correctly checking SOCK_ZAPPED status. The issue affects Linux kernels prior to 4.8.14,...

7CVSS6.8AI score0.00295EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.191 views

CVE-2017-0393

CVE-2017-0393: DoS in libvpx Mediaserver. A remote attacker can trigger device hang/reboot with a specially crafted file. Documented impact on Android versions (4.4.4–7.1); root cause is a flaw in libvpx’s Mediaserver. Connected documents confirm the vulnerability exists in libvpx and describe th...

7.1CVSS5.3AI score0.00892EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.191 views

CVE-2017-0637

Android Mediaserver exposes a remote code execution in the libhevc component when processing specially crafted media files, leading to memory corruption. Affected Android versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 (Android ID A-34064500). CVSSv3 base score 7.8 (HIGH); attack vector LOC...

9.3CVSS7.8AI score0.01486EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.191 views

CVE-2021-39707

CVE-2021-39707 affects Android 10–12, with the issue occurring in AppRestrictionsFragment.java onReceive. The underlying problem is a confused deputy that could allow starting a phone call without the caller having permissions, enabling local escalation of privilege with no additional execution p...

7.8CVSS7.6AI score0.00118EPSS
CVE
CVE
added 2022/12/16 12:0 a.m.191 views

CVE-2022-20572

CVE-2022-20572 affects Android kernel components: in verity_target of dm-verity-target.c there is a missing permission check that could allow modification of read-only files, enabling local privilege escalation with System-level privileges. Exploitation is local and does not require user interact...

6.7CVSS6.7AI score0.00485EPSS
CVE
CVE
added 2023/07/12 11:18 p.m.191 views

CVE-2023-20942

The CVE-2023-20942 issue affects Android’s AudioFlinger.cpp, specifically in openMmapStream, where a logic error can allow recording audio without showing the microphone privacy indicator. This vulnerability enables local privilege escalation with no extra execution privileges and requires no use...

5.5CVSS5.7AI score0.0007EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.190 views

CVE-2021-39695

CVE-2021-39695 affects Android 11 Framework via BasePermission.java, where a logic error enables local elevation of privilege. Exploitation requires User privileges but not user interaction. Multiple connected sources confirm the issue and link to Android’s March 2022 bulletin; patched updates ad...

7.8CVSS7.6AI score0.00126EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.190 views

CVE-2021-39796

CVE-2021-39796 affects HarmfulAppWarningActivity in Android (HarmfulAppWarningActivity.java). It enables a tapjacking/overlay technique to trick a user into installing a harmful app, potentially causing local escalation of privilege with User execution privileges and requiring user interaction fo...

7.3CVSS7.2AI score0.00156EPSS
CVE
CVE
added 2022/08/09 8:21 p.m.190 views

CVE-2022-20346

CVE-2022-20346 affects the Android Media Framework, specifically the updateAudioTrackInfoFromESDS_MPEG4Audio path in MPEG4Extractor.cpp. The root cause is an incorrect bounds check that enables an out-of-bounds read, which could lead to remote information disclosure. The description indicates no ...

7.5CVSS6.1AI score0.004EPSS
CVE
CVE
added 2022/05/03 7:56 p.m.189 views

CVE-2022-20109

CVE-2022-20109 affects MediaTek’s ion component (ALPS platform). The issue is a use-after-free caused by improper update of reference counts, enabling local escalation of privilege without additional execution privileges or user interaction. Patch ALPS06399915 exists (Issue ALPS06399915) as the r...

7.8CVSS7.8AI score0.00107EPSS
CVE
CVE
added 2022/08/09 8:23 p.m.189 views

CVE-2022-20355

CVE-2022-20355 affects PacProxyService.java in Android (Android-10/11/12, incl. 12L). The flaw is in get() with improper input validation, causing a locally exploitable system-service crash that yields a Denial of Service with Low privileges required; no user interaction needed. Mitigation per th...

5.5CVSS5.3AI score0.00093EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.189 views

CVE-2023-40123

CVE-2023-40123 affects the PipMenuView.java component in the Android framework, with a bug in updateActionViews that allows a confused deputy to bypass a multi-user security boundary, causing local information disclosure without extra execution privileges. Exploitation requires no user interactio...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.188 views

CVE-2019-2220

CVE-2019-2220 affects the Android Framework (AppOpsService) and involves a bypass of user interaction requirements caused by mishandling of application suspend. The vulnerability could allow local information disclosure without requiring additional privileges. Affected products are Android 9 and ...

5.5CVSS5.1AI score0.00164EPSS
CVE
CVE
added 2022/05/10 7:57 p.m.188 views

CVE-2022-20009

CVE-2022-20009 refers to a vulnerability in the Android/Linux kernel USB gadget subsystem where a missing bounds check can cause an out-of-bounds write, enabling local privilege escalation with no required user interaction. The issue is described across multiple sources as affecting the Android k...

7.2CVSS6.9AI score0.00329EPSS
CVE
CVE
added 2023/02/28 12:0 a.m.188 views

CVE-2023-20937

CVE-2023-20937 concerns memory corruption via a use-after-free in several functions of the Android Linux kernel, enabling local privilege escalation with no user interaction required. The vulnerability is described across multiple sources as affecting the Android kernel and related MM subsystems,...

7.8CVSS7.4AI score0.00217EPSS
CVE
CVE
added 2022/06/15 12:0 a.m.187 views

CVE-2022-20144

CVE-2022-20144 affects Android (AvatarPhotoController.java) on Android 10–11, where a confused deputy in multiple functions could allow access to content owned by system content providers. This could enable local escalation of privilege with no additional execution privileges and no user interact...

7.8CVSS7.7AI score0.00143EPSS
CVE
CVE
added 2023/01/24 12:0 a.m.187 views

CVE-2022-20489

Summary: CVE-2022-20489 describes an elevation-of-privilege issue in Android related to AutomaticZenRule.java, allowing local escalation without extra execution privileges and no user interaction. Affected software: Android devices (Android-10 to Android-13) as listed in the CVE entry and Android...

7.8CVSS7.6AI score0.00275EPSS
CVE
CVE
added 2022/06/06 5:29 p.m.187 views

CVE-2022-21745

CVE-2022-21745 describes a memory corruption via a use-after-free in WIFI Firmware, enabling remote privilege escalation when devices connect to an attacker‑controlled Wi‑Fi hotspot. The issue requires no user interaction and is exploitable by an adjacent network. Public references indicate a pat...

8.8CVSS8.7AI score0.00373EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.187 views

CVE-2023-20917

CVE-2023-20917 affects Android 11–13 and is related to a logic error in ResolverActivity.java (onTargetSelected) that could allow a local escalation of privilege by sharing the wrong file. The exploit requires local access with no user interaction; impact is described as high (C/H/I/A). The provi...

7.8CVSS7.6AI score0.00124EPSS
CVE
CVE
added 2023/07/12 11:33 p.m.187 views

CVE-2023-21255

CVE-2023-21255 is a memory corruption vulnerability in the Linux kernel binder.c caused by a use-after-free. It leads to local privilege escalation with no extra privileges or user interaction required (CVSS 3.1 base 7.8). Affected component: binder.c in the kernel; impact is described as local e...

7.8CVSS8.8AI score0.00194EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.186 views

CVE-2019-2225

CVE-2019-2225 describes an elevation-of-privilege vulnerability in Android Bluetooth pairing where a malicious device could pair without user confirmation and interact with the phone, enabling remote privilege escalation without user interaction. The affected platform versions listed are Android ...

8.8CVSS8.5AI score0.00398EPSS
CVE
CVE
added 2023/04/19 12:0 a.m.186 views

CVE-2023-21081

CVE-2023-21081 affects Google Android (Android 11, 12, 12L, 13) via the PackageInstallerService.java and related files. A logic error in multiple functions could bypass background activity launch restrictions, enabling local elevation of privilege without requiring additional execution privileges...

7.8CVSS7.7AI score0.00096EPSS
CVE
CVE
added 2023/08/14 9:6 p.m.186 views

CVE-2023-21285

CVE-2023-21285 affects Android’s MediaSessionRecord.java, where a flawed setMetadata function could allow a local attacker to view another user’s images via a confused deputy. The issue enables local information disclosure without additional execution privileges and does not require user interact...

5.5CVSS5.1AI score0.00173EPSS
CVE
CVE
added 2024/07/09 8:11 p.m.186 views

CVE-2024-31320

CVE-2024-31320 relates to Android’s setSkipPrompt in AssociationRequest.java, where an attacker could establish a companion device association without user confirmation, enabling local elevation of privilege with no user interaction. The Red Hat and CNVD entries align on an Android elevation-of-p...

7.8CVSS6.8AI score0.00259EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.185 views

CVE-2019-9464

CVE-2019-9464 is a targeted Elevation of Privilege vulnerability in the Android Framework affecting Android 10, caused by an incorrect warning about an app accessing the user’s location in RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java. This could undermine ...

5.5CVSS5.5AI score0.00359EPSS
CVE
CVE
added 2022/06/15 1:1 p.m.185 views

CVE-2022-20134

CVE-2022-20134 concerns a mitigation-resistant input validation flaw in Android’s UI flow. In readArguments of CallSubjectDialog.java, an improper validation allows an attacker to trick a user into dialing the wrong phone number, enabling local elevation of privilege with no additional execution ...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2010/09/10 6:0 p.m.184 views

CVE-2010-1807

CVE-2010-1807 is a WebKit-related vulnerability where improper validation of floating-point data (non-standard NaN handling) enables remote code execution or a denial of service via a crafted HTML document. Affected: WebKit/Safari on macOS/iOS (Safari 4.x before 4.1.2 and 5.x before 5.0.2), Andro...

9.3CVSS8.9AI score0.61319EPSS
CVE
CVE
added 2016/04/27 5:0 p.m.184 views

CVE-2016-0774

CVE-2016-0774 affects Linux kernel backports in Debian wheezy (before 3.2.73-2+deb7u3) and RHEL 7.1 (before 3.10.0-229.26.2). The flaw is in the pipe_read/pipe_write paths in fs/pipe.c where the side effects of failed __copy_to_user_inatomic/__copy_from_user_inatomic calls are not properly handle...

6.8CVSS6.7AI score0.00337EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.184 views

CVE-2021-0707

CVE-2021-0707 is a vulnerability in the Android kernel: in the function driven by the DMA buffer subsystem, specifically in dma_buf_release of dma-buf.c , there is a memory corruption due to a use-after-free. This can lead to local privilege escalation with no additional execution privileges requ...

7.8CVSS8AI score0.00153EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.184 views

CVE-2022-20140

CVE-2022-20140 is a Bluetooth GATT stack vulnerability in Android 12/12L where an out-of-bounds write occurs in read_multi_rsp in gatt_sr.cc due to an incorrect bounds check. This can lead to remote escalation of privilege with no user interaction and requires no additional execution privileges. ...

10CVSS9.1AI score0.08575EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.184 views

CVE-2023-40127

CVE-2023-40127 is an Android information-disclosure issue affecting the MediaProvider component across multiple locations. It arises from a confused deputy scenario, allowing local information disclosure with no additional execution privileges and without user interaction. The NVD entry notes a l...

3.3CVSS3.7AI score0.00184EPSS
CVE
CVE
added 2016/06/16 6:0 p.m.183 views

CVE-2012-6702

CVE-2012-6702 affects the Expat XML parser. Root cause: Expat may call srand or be used with a non-zero seed in XML_SetHashSalt, weakening cryptographic protections. Impact: context-dependent attackers could defeat cryptographic protections via srand-based vectors. No explicit fix in the provided...

5.9CVSS6.2AI score0.02371EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.183 views

CVE-2017-0553

CVE-2017-0553 is a libnl/libnl3 integer overflow in nlmsg_reserve() = 3.3.0 (or the specific patched package version as provided by distributions; examples include Arch Linux ASA-201706-35 recommending 3.3.0-1 and Red Hat/CentOS advisories updating libnl3). Several advisories reference this CVE (...

7.6CVSS6.6AI score0.01959EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.183 views

CVE-2020-0182

CVE-2020-0182 affects libexif, where exif_entry_get_value may perform an out-of-bounds read due to a missing bounds check, enabling local information disclosure without extra privileges. The published advisories and vendor bulletins (e.g., Red Hat RHSA-2020:4040; Debian DLA-2249-1; ALAS2-2020-152...

6.5CVSS6.5AI score0.01106EPSS
CVE
CVE
added 2020/07/17 8:11 p.m.183 views

CVE-2020-0230

CVE-2020-0230 is an Android-related issue described as an out-of-bounds write caused by an incorrect bounds check. The connected records identify the vulnerability as affecting the MediaTek vcu component in Android, with an Elevation of Privilege (EoP) impact classified as High. The Android bulle...

9.8CVSS9.1AI score0.00478EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.183 views

CVE-2021-39669

CVE-2021-39669 affects Android 11–12, in InstallCaCertificateWarning.java (onCreate). It enables a tapjacking/overlay flow to mislead users during CA certificate installation, leading to local elevation of privilege. Exploitation requires user interaction; no additional privileges are needed. Pat...

7.8CVSS7.6AI score0.00095EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.183 views

CVE-2021-39694

CVE-2021-39694 affects Android 12 via a RoleParser.java issue that allows a default app to have user-denied permissions bypassed, enabling local escalation of privilege with no additional execution privileges and no user interaction required. Public exploitation details are not provided in the co...

7.8CVSS7.6AI score0.0012EPSS
CVE
CVE
added 2022/03/09 5:2 p.m.183 views

CVE-2022-20047

CVE-2022-20047 affects MediaTek video decoder with a missing bounds check leading to an out-of-bounds write and local privilege escalation without user interaction. The issue is documented with patch ALPS05917489 (Issue ID: ALPS05917489). Connected sources also corroborate the vulnerability as a ...

7.8CVSS8.2AI score0.00115EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.183 views

CVE-2023-20914

CVE-2023-20914 affects Android 11 in the Framework via onSetRuntimePermissionGrantStateByDeviceAdmin (AdminRestrictedPermissionsUtils.java). It enables a permissions bypass that could allow the work profile to read SMS messages, causing local information disclosure with low privileges and no user...

5.5CVSS5AI score0.0006EPSS
CVE
CVE
added 2019/06/07 7:37 p.m.182 views

CVE-2019-2097

CVE-2019-2097 affects Android systems via a memory corruption caused by type confusion in HAliasAnalyzer.Query (hydrogen-alias-analysis.h). This vulnerability could allow remote code execution from the context of a malicious proxy configuration without user interaction. Affected products/versions...

10CVSS9.3AI score0.01334EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.182 views

CVE-2021-0694

The CVE-2021-0694 entry concerns Android 11, where in ActiveServices.java (setServiceForegroundInnerLocked) a background app can regain foreground permissions due to insufficient background restrictions, leading to local elevation of privilege without requiring user interaction. The impact is ele...

7.8CVSS7.6AI score0.00109EPSS
CVE
CVE
added 2022/06/15 12:59 p.m.182 views

CVE-2022-20123

CVE-2022-20123 affects Android 10–12 (including 12L) via a missing bounds check in phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, causing an out-of-bounds read and potential remote information disclosure without user interaction. The issue is categorized in the Android Security Bulletin as a hi...

7.8CVSS7AI score0.00832EPSS
CVE
CVE
added 2022/07/13 6:22 p.m.182 views

CVE-2022-20219

CVE-2022-20219 affects Android Framework due to a logic error in StorageManagerService.java and UserManagerService.java that can leave user directories unencrypted, causing local information disclosure without extra privileges or user interaction. The issue is documented for Android-10, Android-1...

5.5CVSS5.1AI score0.00071EPSS
CVE
CVE
added 2023/03/24 12:0 a.m.182 views

CVE-2023-20966

CVE-2023-20966 is described across multiple sources as a heap buffer overflow in the inflate.c function that can cause a local elevation of privilege. The vulnerability affects Android 11–13 (Android-11, -12, -12L, -13) and requires no user interaction, with exploitation characterized as a local ...

7.8CVSS7.8AI score0.00099EPSS
Total number of security vulnerabilities8153