Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/08/11 3:21 p.m.58 views

CVE-2022-20301

CVE-2022-20301 affects Android 13, with a missing permission check in Content that could allow an attacker to determine whether an account exists on the device, enabling local information disclosure. Impact is described as information disclosure with user execution privileges required and no user...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:22 p.m.58 views

CVE-2022-20306

CVE-2022-20306 affects Android 13 via the Camera Provider HAL. The issue is a memory corruption due to a use-after-free in the Camera Provider HAL, enabling local elevation of privileges with SYSTEM rights and no user interaction required. The vulnerability impact is described as local EoP with h...

6.7CVSS7AI score0.00099EPSS
CVE
CVE
added 2022/08/11 3:27 p.m.58 views

CVE-2022-20325

CVE-2022-20325 affects Android 13 in the Media stack, where a use-after-free leads to potential code execution and local privilege escalation with no user interaction required. The entry consistently describes the vulnerability as a local-privilege-escalation issue due to a use-after-free in the ...

7.8CVSS8.1AI score0.00102EPSS
CVE
CVE
added 2022/08/11 3:31 p.m.58 views

CVE-2022-20362

CVE-2022-20362 : This Android 13 Bluetooth vulnerability is caused by an out-of-bounds write due to an integer overflow, enabling remote code execution with no privileges and no user interaction, exploitable by an adjacent attacker. Remediation is via Android 13 security updates (patch level 2022...

8.8CVSS8.8AI score0.0024EPSS
CVE
CVE
added 2022/07/06 1:7 p.m.58 views

CVE-2022-21773

CVE-2022-21773 describes a use-after-free in the TEEI driver caused by a race condition, enabling local escalation of privilege to System level without user interaction. Affected component: TEEI driver (details aligned with vendor advisories). The vulnerability could be triggered via a race in th...

6.7CVSS6.7AI score0.00086EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.58 views

CVE-2022-26463

The CVE-2022-26463 issue affects vow (MediaTek vow) and involves an out-of-bounds read caused by an incorrect bounds check. The vulnerability could lead to local information disclosure with System execution privileges required, and no user interaction is needed to exploit. Public references in th...

4.4CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.58 views

CVE-2022-26464

CVE-2022-26464 is a vulnerability described in IBM Datacap-related advisories as an out-of-bounds write in vow that can lead to local privilege elevation. The IBM bulletin lists affected products/versions as Datacap Navigator 9.1.7, 9.1.8, and 9.1.9, with a remediation recommendation to upgrade t...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.58 views

CVE-2022-26470

The CVE-2022-26470 issue affects the aie module in MediaTek chips. It is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation to System level with no user interaction required. A patch is identified as ALPS07116037 (Issue ALPS07116037).

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/06/07 6:4 p.m.58 views

CVE-2022-30728

CVE-2022-30728 describes an information-disclosure vulnerability affecting Samsung ScanPool prior to SMR Jun-2022 Release 1, enabling a local attacker to obtain MAC address information. The issue is a local-privilege/misconfiguration type exposure within ScanPool, with no broader impact described...

3.3CVSS3.9AI score0.00102EPSS
CVE
CVE
added 2022/07/11 1:32 p.m.58 views

CVE-2022-30756

The CVE-2022-30756 entry describes an implicit Intent hijacking flaw in Samsung Finder prior to the SMR July 2022 Release 1. The underlying issue is that implicit intent invocation allows unrestrained recipients, enabling an attacker to launch certain Finder-privileged activities. Impact is descr...

8.5CVSS7.5AI score0.00134EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.58 views

CVE-2022-32607

CVE-2022-32607 affects the aee component in MediaTek-derived implementations. The root cause is a use-after-free caused by a missing bounds check, enabling local escalation to System privileges without user interaction. The vulnerability is described with a local attack vector and high impact on ...

6.7CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.58 views

CVE-2022-32639

CVE-2022-32639 concerns watchdog with an out-of-bounds read caused by a missing bounds check. The vulnerability enables local escalation of privilege to System execution level; exploitation does not require user interaction. Patch ID ALPS07494487 is cited in the records. Current connected documen...

4.4CVSS4.9AI score0.00129EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.58 views

CVE-2022-32653

The CVE-2022-32653 issue affects MediaTek’s mtk-aie, described as a use-after-free caused by a logic error that could allow local escalation of privilege with system execution privileges needed, no user interaction required. Multiple connected sources (Red Hat, CVE listings, PRION, CNNVD, PT-Secu...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.58 views

CVE-2022-36854

The CVE-2022-36854 issue affects the library libapexjni.media.samsung.so (Samsung), with an out-of-bounds read that could allow an attacker to access unauthorized information. Connected documents consistently identify the vulnerable component as libapexjni.media.samsung.so and cite the root cause...

5.5CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.58 views

CVE-2022-39086

CVE-2022-39086 affects network services with a missing permission check that can enable local privilege escalation requiring system execution privileges. Multiple connected sources associate this issue with UNISOC chipset/network services, indicating the root cause is lack of privilege checking. ...

6.7CVSS6.7AI score0.00147EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.58 views

CVE-2022-39098

The CVE-2022-39098 entry details a vulnerability in the power management service where a missing permission check could allow an attacker to set up the power management service without requiring additional execution privileges. Judging from the connected records, the issue is assigned a CVSS v3.1...

7.8CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.58 views

CVE-2022-39880

CVE-2022-39880 affects DualOutFocusViewer prior to Samsung SMR Nov-2022 Release 1. Root cause: improper input validation leading to local arbitrary code execution. Impact (per sources): local attacker can execute code with affected privileges; CVSSv3.1 base score 7.8 (HIGH) with LOCAL access, LOW...

7.8CVSS7.7AI score0.00094EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.58 views

CVE-2022-39884

CVE-2022-39884 is an improper access control issue in IImsService prior to Samsung SMR Nov-2022 Release 1 that could allow a local attacker to access Call information. Documented impact is local and requires low attack complexity with local access; no public exploit details are provided in the co...

4.3CVSS4AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.58 views

CVE-2022-42763

The CVE-2022-42763 issue affects the wlan driver and is caused by a missing bounds check in the wireless subsystem. The exposed vulnerability could allow local denial of service to wlan services. Documented descriptions consistently identify the wlan driver as the vulnerable component and cite th...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.58 views

CVE-2022-42773

The CVE-2022-42773 issue concerns the WLAN driver (multiple references cite the same description) with a missing bounds check in the WLAN driver, leading to local denial of service of WLAN services. Affected context appears to involve UNISOC chipset WLAN drivers; specific product/version details ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.58 views

CVE-2022-42780

CVE-2022-42780 concerns a lack of proper bounds checking in the WLAN driver (notably in UNISOC WLAN driver variants) that can lead to a local denial of service in WLAN services. The issue is described as an out-of-bounds condition in the driver, enabling a local attacker with low privileges and n...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.58 views

CVE-2022-44443

CVE-2022-44443 concerns a missing bounds check in the WLAN driver, causing local denial of service in WLAN services. The connected sources consistently describe the vulnerable component as the WLAN driver and attribute the issue to an out-of-bounds condition leading to DoS. The available document...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.58 views

CVE-2022-47345

CVE-2022-47345 affects engineermode services due to a missing permission check, enabling local denial of service. The included metrics indicate a CVSS v3.1 base score of 5.5 (LOCAL vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Exploitation status is not detailed in the provided documents, and no ...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.58 views

CVE-2022-48377

CVE-2022-48377 concerns a vulnerability in the dialer service, where a missing permission check could allow a local denial of service without requiring additional privileges. Affected software appears tied to Unisoc/Unisoc-dialer components referenced across multiple records, but no precise produ...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.58 views

CVE-2023-20609

CVE-2023-20609 affects the MediaTek chip ccu component. The vulnerability is described as an out-of-bounds read caused by a logic error, potentially leading to local information disclosure with SYSTEM-level privileges required. Exploitation does not require user interaction. A patch is identified...

4.4CVSS4.2AI score0.00099EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.58 views

CVE-2023-20632

CVE-2023-20632 affects the usb module in MediaTek hardware/software, causing an out-of-bounds write due to a missing bounds check. The impact is local escalation of privileges with System execution privileges required; no user interaction is needed. A patch/mitigation is referenced as Patch ID AL...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.58 views

CVE-2023-20640

The CVE-2023-20640 entry concerns the ril module in MediaTek chips, with a root cause of an out-of-bounds write due to a missing bounds check. This could enable local escalation of privilege to SYSTEM level without user interaction. The vulnerability details indicate a high-impact, local attack v...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.58 views

CVE-2023-20659

CVE-2023-20659 concerns a local out-of-bounds write in the WLAN path of a MediaTek/ALPS component, caused by a missing bounds check. The issue can lead to local privilege escalation with System execution privileges needed; exploitation does not require user interaction. The patch reference provid...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.58 views

CVE-2023-20662

The CVE-2023-20662 entry describes a vulnerability in the wlan component where an integer overflow causes an out-of-bounds write. This could enable local escalation of privilege with SYSTEM-level execution privileges and requires no user interaction. A patch is identified as ALPS07560765 (Issue A...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.58 views

CVE-2023-20679

CVE-2023-20679 affects MediaTek WLAN in which a missing bounds check allows an out-of-bounds read, enabling local escalation of privilege without user interaction. Impact: confidentiality impact listed as high; privilege requirement is high with local attack vector, no UI interaction needed. Root...

4.4CVSS4.9AI score0.00093EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.58 views

CVE-2023-20733

CVE-2023-20733 affects the vcu component in MediaTek chips. The vulnerability is a use-after-free caused by improper locking, enabling local escalation of privilege with System execution privileges required. Exploitation details are not provided in the supplied documents. Patch ID ALPS07645149 (I...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.58 views

CVE-2023-20738

CVE-2023-20738 affects the vcu component in MediaTek chips, caused by a missing bounds check that permits an out-of-bounds write. The vulnerability can lead to local escalation of privilege with SYSTEM-level execution, and exploitation does not require user interaction. Public references consiste...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.58 views

CVE-2023-20739

The CVE-2023-20739 issue affects the vcu component in MediaTek chips. It describes a memory corruption resulting from a logic error, enabling local escalation of privilege with SYSTEM execution privileges, without user interaction. Reported patch ID: ALPS07559819 (Issue ALPS07559819). Connected s...

6.7CVSS6.8AI score0.00099EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.58 views

CVE-2023-20809

CVE-2023-20809 concerns MediaTek’s vdec component, where a missing bounds check enables an out-of-bounds write. This can lead to local privilege escalation with system privileges, and exploitation does not require user interaction. The advisory notes a patch: DTV03751198 (Issue ID: DTV03751198). ...

6.7CVSS6.7AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.58 views

CVE-2023-21306

CVE-2023-21306 affects Android’s ContentService, enabling local information disclosure by reading installed sync content providers via a side-channel. The vulnerability description states no additional execution privileges and no user interaction are required. The available sources (CVE entry and...

5.5CVSS5.5AI score0.00092EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.58 views

CVE-2023-21334

CVE-2023-21334 affects Android's App Ops Service. A logic error allows an attacker with local access to disclose information about installed packages without requiring extra execution privileges or user interaction. The vulnerability is documented across multiple sources (NVD/Red Hat/CNNVD) with ...

5.5CVSS5.8AI score0.00105EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.58 views

CVE-2023-21347

CVE-2023-21347 is a Bluetooth information-disclosure vulnerability caused by a missing bounds check that enables a remote read of memory without user interaction. The initial and related records consistently describe an out-of-bounds read leading to potential information disclosure with no extra ...

7.5CVSS7.4AI score0.00364EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.58 views

CVE-2023-21396

CVE-2023-21396 affects Android’s Activity Manager (System component) with a logic error that can cause a background activity to launch, enabling local escalation of privilege. Under the Android 14 release notes, this is categorized as EoP (Moderate) in the System group. The description explicitly...

7.8CVSS7.8AI score0.00105EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.58 views

CVE-2023-32823

The CVE-2023-32823 entry describes a memory corruption issue in the rpmb module (MediaTek). The root cause is a missing bounds check that can lead to local privilege escalation with System-level execution privileges required; no user interaction is needed. Affected component: rpmb (MediaTek devic...

6.7CVSS6.8AI score0.00085EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.58 views

CVE-2023-52348

CVE-2023-52348 describes a vulnerability in the ril service observed on UNISOC chipsets where a missing bounds check enables an out-of-bounds write. This can cause local denial of service with System execution privileges. Documents consistently indicate this is a boundary-check issue in ril, but ...

4.4CVSS6.7AI score0.00084EPSS
CVE
CVE
added 2025/01/06 3:18 a.m.58 views

CVE-2024-20153

CVE-2024-20153 affects the WLAN STA module (MediaTek ecosystem) and describes a vulnerability where an attacker could coax a client to attach to an AP using a spoofed SSID, potentially causing remote information disclosure without extra privileges. Exploitation is stated as not requiring user int...

7.5CVSS6.8AI score0.00323EPSS
CVE
CVE
added 2024/10/09 6:43 a.m.58 views

CVE-2024-39439

The CVE-2024-39439 entry affects the DRM service and is caused by a missing bounds check that enables an out-of-bounds write. Reported impact is local denial of service with System execution privileges required; no exploitation details are provided in the connected documents. Affected software ve...

6.2CVSS6.8AI score0.00076EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.57 views

CVE-2009-3698

CVE-2009-3698 describes a vulnerability in the Dalvik API used by Android 1.5 and earlier. An unspecified function in the Dalvik API can be triggered by a crafted application to cause a denial of service (system process restart). The issue is potentially related to CVE-2009-2656, indicating a fam...

4.3CVSS6.8AI score0.01458EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.57 views

CVE-2014-7916

CVE-2014-7916 affects Android’s libstagefright SampleTable.cpp; an integer overflow in SampleTable.cpp in Android before 5.0.0 has unspecified impact. Connected sources confirm the affected component and root cause; no explicit remediation or patch version is provided in the supplied documents.

10CVSS6.9AI score0.00623EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.57 views

CVE-2014-7917

CVE-2014-7917 concerns Android libstagefright’s SampleTable.cpp where an integer overflow exists in the MP4 processing path. Affected software: Android before version 5.0.0, referencing internal bug 15342615. The description notes unspecified impact and attack vectors. There is no explicit remedi...

10CVSS6.9AI score0.00623EPSS
CVE
CVE
added 2017/04/13 3:0 p.m.57 views

CVE-2014-7921

CVE-2014-7921 affects Android mediaserver (Android 4.0.3 through 5.x prior to 5.1). The vulnerability is a privilege-escalation flaw enabled by mediaserver, per the CVE entry. Connected sources corroborate the same affected component and version range. The initial description does not provide roo...

10CVSS9.3AI score0.00871EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.57 views

CVE-2014-9881

CVE-2014-9881 affects Qualcomm components in Android on Nexus 7 (2013) where drivers/media/radio/radio-iris.c uses an incorrect integer data type, enabling privilege escalation or denial of service (buffer overflow) via a crafted app. The issue is documented in CVE descriptions and mapped to Andr...

7.8CVSS7.5AI score0.00481EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.57 views

CVE-2014-9924

Technical details about CVE-2014-9924 are not provided in the supplied connected documents. Public information appears limited to a Signed to Unsigned Conversion Error in CAF Linux kernel. Monitor for updates.

9.3CVSS7.1AI score0.0046EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.57 views

CVE-2014-9936

CVE-2014-9936 describes a time-of-check time-of-use race condition in TrustZone used during authentication on Android devices that use CAF/Linux kernel. Connected sources indicate the issue affects Android releases prior to 7.0 in TrustZone authentication routines, implying a potential impact to ...

7.6CVSS6.8AI score0.00572EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.57 views

CVE-2014-9981

CVE-2014-9981 is reported as a Qualcomm component issue. The connected data indicate a buffer/overflow concern in the USB interface during boot for Qualcomm components used in Android CAF builds running the Linux kernel. The root cause is described as an insufficient overflow check in the USB int...

10CVSS8.9AI score0.00964EPSS
Total number of security vulnerabilities8153