Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/11/19 9:26 p.m.57 views

CVE-2018-9432

CVE-2018-9432 affects Android components in BluetoothPermissionActivity.java (specifically in createPhonebookDialogView and createMapDialogView), where a permissions bypass could allow local elevation of privilege by hiding and bypassing the user’s ability to disable access to contacts. The descr...

7.8CVSS7.1AI score0.00077EPSS
CVE
CVE
added 2024/11/19 10:18 p.m.57 views

CVE-2018-9440

CVE-2018-9440 affects Android’s Media Framework (M3UParser.cpp): parsing can trigger resource exhaustion and DoS without elevated privileges, requiring user interaction to exploit. Red Hat and NVD entries corroborate the DoS impact with UI interaction. Android’s security bulletin (Sept 2018) list...

6.5CVSS6.6AI score0.00173EPSS
CVE
CVE
added 2024/11/20 4:53 p.m.57 views

CVE-2018-9469

CVE-2018-9469 affects Android frame­work components where ShortcutService.java can create a spoofed shortcut due to a missing permission check. This could enable a local elevation of privilege in a privileged app, with exploitation requiring user interaction. Connected documents confirm the same ...

8.4CVSS7.9AI score0.0008EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.57 views

CVE-2018-9555

CVE-2018-9555 applies to Android Bluetooth, where the function l2c_lcc_proc_pdu in l2c_fcr.cc contains a missing bounds check causing an out-of-bounds write. This can enable remote escalation of privilege via Bluetooth with no user interaction, impacting Android 7.0–9 according to the CVE record....

8.8CVSS8.4AI score0.00676EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.57 views

CVE-2019-1993

CVE-2019-1993 affects Android 8.0–9, with a memory corruption/integer overflow in the btif_hd.cc register_app function. The issue can enable local escalation of privilege with no additional execution privileges and does not require user interaction. Root cause: integer overflow leading to memory ...

7.8CVSS7.8AI score0.00182EPSS
CVE
CVE
added 2019/04/19 7:21 p.m.57 views

CVE-2019-2027

CVE-2019-2027 affects Android’s Media framework. The vulnerability is a floor0_inverse1 out-of-bounds write in floor0.c caused by an incorrect bounds check, leading to remote code execution. Exploitation requires user interaction, and impact is rated high (RCE) across Android 7.0 through 9 in the...

9.3CVSS8.8AI score0.01224EPSS
CVE
CVE
added 2020/03/24 5:43 p.m.57 views

CVE-2019-20534

CVE-2019-20534 affects Samsung mobile devices running Android P (9.0). The issue allows an attacker to view the home-screen wallpaper by adjusting the brightness on a locked screen. The description repeatedly mirrors Samsung’s SVE-2019-15540 identifier; Red Hat and CNVD/EUVD/CVE records corrobora...

2.4CVSS4.2AI score0.00139EPSS
CVE
CVE
added 2020/03/24 6:57 p.m.57 views

CVE-2019-20586

CVE-2019-20586 affects Samsung mobile devices running O(8.1) and P(9.0) with TEEGRIS. Root cause is a type confusion in the FINGERPRINT Trustlet, enabling arbitrary code execution. Exploitation details are not provided in the available documents, and no public patch/version fix is specified; one ...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/03/24 7:0 p.m.57 views

CVE-2019-20589

CVE-2019-20589 concerns Samsung mobile devices with O(8.x) and P(9.0) on TEEGRIS. A type confusion in the SKPM Trustlet can lead to arbitrary code execution. Affected platform details are cited in multiple sources; the vulnerability is tied to the Trustlet’s handling of internal objects, enabling...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/04/17 1:33 p.m.57 views

CVE-2019-20770

CVE-2019-20770 affects LG mobile devices running Android 9.0. The HAL service contains a buffer overflow that leads to arbitrary code execution. Sources in connected documents (Red Hat and NVD entries) confirm the description and LG’s internal ID LVE-SMP-190013 (Sept 2019). No further exploit det...

7.8CVSS8AI score0.00154EPSS
CVE
CVE
added 2019/08/20 7:52 p.m.57 views

CVE-2019-2133

CVE-2019-2133 affects Android and is rooted in the Mfc_Transceive path of phNxpExtns_MifareStd.cpp, where a heap buffer overflow can cause an out‑of‑bounds write. This vulnerability could enable local elevation of privilege with no extra execution privileges, with user interaction required to exp...

9.3CVSS7.8AI score0.00543EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.57 views

CVE-2019-9418

CVE-2019-9418 affects Android 10 via libstagefright, where a missing bounds check can cause resource exhaustion leading to remote DoS with no extra privileges required (user interaction). Connected sources confirm the issue and indicate mitigation through Android 10 patch level 2019-09-01 or late...

7.1CVSS6.8AI score0.00685EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.57 views

CVE-2019-9429

CVE-2019-9429 affects the profman component in Android 10. The issue is a memory corruption–related out-of-bounds write that could enable local privilege escalation with no user interaction. Exploitation is described as local; no remote/vector details are provided. Mitigation: apply Android 10 se...

7.8CVSS8.2AI score0.00162EPSS
CVE
CVE
added 2020/02/13 2:21 p.m.57 views

CVE-2020-0020

CVE-2020-0020 affects the Android 10 ExifInterface.getAttributeRange implementation. The issue is an incorrect bounds check in redacting location metadata from media files, enabling local information disclosure with no user interaction required (privileges: none; attack vector: LOCAL; CVSS v3.1 b...

5.5CVSS5.1AI score0.00148EPSS
CVE
CVE
added 2020/06/10 5:11 p.m.57 views

CVE-2020-0121

CVE-2020-0121: In Android 10, a logic error in AppOpsService.updateUidProcState allows a local information disclosure of location data with user privileges and no user interaction. Affected software is Android 10; root cause is a logic flaw enabling a permission bypass in updateUidProcState. Impa...

5.5CVSS5.1AI score0.00258EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.57 views

CVE-2020-0189

In Android 10, the vulnerability CVE-2020-0189 affects the Media Framework (hevc/decoder path) via ihevcd_decode() in ihevcd_decode.c, causing resource exhaustion from an infinite loop. This can lead to remote denial of service without extra execution privileges; exploitation requires user intera...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/09/17 8:44 p.m.57 views

CVE-2020-0267

CVE-2020-0267 affects Android 11 WindowManager. The issue allows a local attacker to trigger the launch of a malicious app due to a confused deputy, causing elevation of privilege without extra execution privileges, with user interaction required for exploitation. Affected component is WindowMana...

9.3CVSS8.1AI score0.0055EPSS
CVE
CVE
added 2020/09/18 3:4 p.m.57 views

CVE-2020-0309

CVE-2020-0309 affects Android 11 Bluetooth server and is described across multiple sources as an out-of-bounds write caused by an integer overflow, enabling local elevation of privilege to System with no user interaction required. The vulnerability concerns the Android-11 Bluetooth stack and is l...

6.7CVSS7.2AI score0.00137EPSS
CVE
CVE
added 2020/09/17 8:50 p.m.57 views

CVE-2020-0369

CVE-2020-0369 affects libavb and is an out-of-bounds write caused by an integer overflow that can lead to local privilege escalation without user interaction. Exploitation details are not provided in the connected documents beyond the local-privilege-elevation impact for Android 11. Remediation i...

7.8CVSS8.2AI score0.00151EPSS
CVE
CVE
added 2020/04/17 1:23 p.m.57 views

CVE-2020-11873

CVE-2020-11873 affects LG mobile devices running Android OS 7.2, 8.0, 8.1, 9 and 10. The vulnerability is a stack-based overflow in the logging tool, causing privilege escalation. Root cause is a stack overflow in the logging component; impact is elevated privileges for an attacker without user i...

9.8CVSS9.5AI score0.0044EPSS
CVE
CVE
added 2020/06/04 5:7 p.m.57 views

CVE-2020-13831

CVE-2020-13831 affects Samsung mobile devices running O(8.x) and P(9.0) on Exynos 7570. The vulnerability stems from the Trustonic Kinibi component, which allows arbitrary memory mapping. This yields high-severity impact (partial confidentiality, integrity, and availability; in NVD, CVSSv3.1 base...

9.8CVSS9.4AI score0.00443EPSS
CVE
CVE
added 2020/06/04 5:6 p.m.57 views

CVE-2020-13832

Technical details about CVE-2020-13832 are not publicly available in the provided connected documents. Monitor for updates.

9.8CVSS9.7AI score0.00678EPSS
CVE
CVE
added 2020/10/06 6:32 p.m.57 views

CVE-2020-26599

CVE-2020-26599 affects Samsung mobile devices running Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication, enabling potential credentialless interaction with the lockscreen flow. The Samsung ID SVE-2020-17079 (October 2020) is cited. Connected advis...

5.3CVSS5.4AI score0.00328EPSS
CVE
CVE
added 2021/01/22 7:16 p.m.57 views

CVE-2020-27098

CVE-2020-27098 affects Android 11 and targets UriGrantsManagerService.checkGrantUriPermission. The vulnerability describes a permissions bypass that could allow an app to access contacts via a local, privilege-escalation path without user interaction. It is a local information-disclosure issue (c...

5.5CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.57 views

CVE-2021-0895

In CVE-2021-0895, the affected component is MediaTek Apusys (apusys). The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required; exploitation is possible without user interaction. The vulnerability is li...

6.7CVSS6.7AI score0.00115EPSS
CVE
CVE
added 2021/04/09 5:35 p.m.57 views

CVE-2021-25361

The CVE-2021-25361 issue affects Samsung’s stickerCenter component prior to SMR APR-2021 Release 1. The vulnerability stems from improper access control, enabling a local attacker to read or write arbitrary files of the system process via an untrusted application. Public documentation consistentl...

8.8CVSS8.3AI score0.00167EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.57 views

CVE-2021-25387

The CVE-2021-25387 issue affects Samsung’s libsflacextractor library, specifically the sflacfd_get_frm() function. The root cause is improper input validation in sflacfd_get_frm(), which can lead to arbitrary code execution in the mediaextractor process. Affected software is the libsflacextractor...

10CVSS9.6AI score0.00572EPSS
CVE
CVE
added 2021/07/08 1:43 p.m.57 views

CVE-2021-25428

The CVE-2021-25428 entry concerns Samsung’s PackageManager, affected before the SMR July-2021 Release 1. The root cause is an improper validation check in PackageManager that can let untrusted apps obtain dangerous level permissions without user confirmation in limited circumstances (local, low c...

7.8CVSS7.5AI score0.00102EPSS
CVE
CVE
added 2022/08/11 3:13 p.m.57 views

CVE-2022-20267

The CVE-2022-20267 issue affects Android 13’s Bluetooth implementation. It arises from a missing permission check that could allow enabling or disabling Bluetooth connections without user consent, enabling local elevation of privilege with no user interaction required. Affected component: Bluetoo...

3.3CVSS5.2AI score0.00086EPSS
CVE
CVE
added 2022/08/11 3:16 p.m.57 views

CVE-2022-20279

CVE-2022-20279 affects Android 13, specifically through DevicePolicyManager where a side-channel can reveal whether an app is installed without query permissions, enabling local information disclosure with no extra privileges. The issue is categorized as a Framework component vulnerability (Polic...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:17 p.m.57 views

CVE-2022-20286

CVE-2022-20286 affects Android 13 under the Connectivity component. A logic error can bypass the restriction on starting activities from the background, potentially enabling local privilege escalation with user privileges and no user interaction required. Documented impact: local elevation of pri...

7.8CVSS7.9AI score0.00105EPSS
CVE
CVE
added 2022/08/11 3:19 p.m.57 views

CVE-2022-20293

CVE-2022-20293 affects Android 13 LauncherApps: a side-channel disclosure lets a local attacker determine whether an app is installed without query permissions, enabling local information disclosure with no execution privileges and no user interaction. Affected component: LauncherApps; root cause...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:20 p.m.57 views

CVE-2022-20295

CVE-2022-20295 affects Android 13 via a missing permission check in ContentService, enabling information disclosure by checking whether an account exists on the device. Impact is local, with no user interaction required beyond local access; exploits are described as requiring user privileges but ...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:25 p.m.57 views

CVE-2022-20315

CVE-2022-20315 affects Android 13 with a missing permission check in ActivityManager, causing disclosure of installed packages via local information disclosure without extra privileges and no user interaction. Affected component: ActivityManager; root cause: inadequate permission check; impact: l...

3.3CVSS3.7AI score0.00089EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.57 views

CVE-2022-32608

CVE-2022-32608 describes a race-condition–driven use-after-free in the jpeg component that can allow local escalation of privilege to SYSTEM. Exploitation is possible without user interaction, with local access required. Reported patch/identifier: ALPS07388753 (Issue ID: ALPS07388753). Connected ...

6.4CVSS6.6AI score0.00098EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.57 views

CVE-2022-32613

CVE-2022-32613 affects the vcu component. A race condition can cause memory corruption, enabling local privilege escalation with SYSTEM execution privileges and no user interaction required. The exploitation vector/status is not detailed in the provided documents, but a patch is identified (ALPS0...

6.4CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.57 views

CVE-2022-32614

CVE-2022-32614 concerns a memory corruption flaw in Audio processing within MediaTek chipsets. The root cause is a logic error in the audio path that can allow local privilege escalation to SYSTEM level with no user interaction required. Exploitation details are not provided in the available docu...

6.7CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.57 views

CVE-2022-32617

CVE-2022-32617 affects the typec component in affected MediaTek hardware. The root cause is an out-of-bounds write caused by an incorrect buffer-size calculation, enabling local privilege escalation for an attacker with physical access and no extra privileges or user interaction required. The vul...

6.8CVSS6.7AI score0.00202EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.57 views

CVE-2022-32640

CVE-2022-32640 concerns MediaTek Meta WiFi with an out-of-bounds write caused by a missing bounds check. The vulnerability enables local privilege escalation with SYSTEM level execution privileges required; no user interaction is needed. Connected documents confirm affected component is Meta WiFi...

6.7CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.57 views

CVE-2022-32641

CVE-2022-32641 affects Meta Wifi implementations in MediaTek chipsets, with an out-of-bounds read caused by a missing bounds check. This can enable local escalation of privilege with System execution privileges required; exploitation reportedly does not require user interaction. The patch referen...

6.7CVSS6.6AI score0.00131EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.57 views

CVE-2022-36849

CVE-2022-36849 is a use-after-free vulnerability in the sdp_mm_set_process_sensitive function of the sdpmm driver, affecting Samsung devices in the SMR Sep-2022 Release 1. The issue arises from post-release reuse in the sdpmm driver and could allow malicious actions. Publicly documented impact fo...

7.8CVSS7.8AI score0.0009EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.57 views

CVE-2022-38678

CVE-2022-38678 describes a missing permission check in the contacts service that could lead to a local denial-of-service without requiring additional privileges. The vulnerability affects the contacts service component and is characterized by a local attack vector with low attack complexity and l...

5.5CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.57 views

CVE-2022-39125

The CVE-2022-39125 entry concerns a vulnerability in a sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service in the kernel. The data in connected sources consistently describe the issue as a sensor-driver boundary-check failure affecting k...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.57 views

CVE-2022-42774

CVE-2022-42774 corresponds to a local denial-of-service vulnerability in the wlan driver caused by a missing bounds check in the wlan path. Connected sources confirm the issue affects the wlan driver and can lead to DoS of wlan services via local access. The Red Hat advisory and other feeds reite...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.57 views

CVE-2022-44446

CVE-2022-44446 affects the WLAN driver, with the root cause described as a missing bounds check in the wlan driver. The practical impact stated across sources is a local denial of service in WLAN services. No exploit details, affected product versions, or remediation steps are provided in the con...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.57 views

CVE-2022-44447

The CVE-2022-44447 vulnerability affects the wlan driver (reported across multiple feeds) due to a missing bounds check that can cause a NULL pointer dereference, leading to local denial of service in wlan services. The issue is characterized by local attack vector, low complexity, and no user in...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.57 views

CVE-2022-47475

CVE-2022-47475 : A missing permission check in the telephony service allows local information disclosure with no additional privileges. The issue is described across multiple sources as a lack of privilege verification within the telephony module (confidentiality impact: HIGH). No concrete exploi...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.57 views

CVE-2022-48244

CVE-2022-48244 affects UNISOC chipsets’ audio service, with a missing permission check as the root cause. This could enable local escalation of privilege with no additional execution privileges, aligning with the CVSS 3.1 base metrics (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8). Exploit...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.57 views

CVE-2022-48376

CVE-2022-48376 affects UNISOC chipsets’ dialer service module. The root cause is a missing permission check, which could allow a local attacker to trigger a denial of service without gaining additional execution privileges. The CVE is documented with a CVSS v3.1 base score of 5.5 (Local attack, L...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.57 views

CVE-2023-20650

The CVE-2023-20650 entry describes a vulnerability in MediaTek chips’ apu module: an out-of-bounds write from a missing bounds check, enabling local escalation of privilege to System level. No exploitation details are provided in the documents. CVSSv3.1/3.1 base score 6.7 (MEDIUM); attack vector ...

6.7CVSS6.7AI score0.00095EPSS
Total number of security vulnerabilities8153