Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/02/06 5:26 a.m.56 views

CVE-2022-47342

CVE-2022-47342: Affected via engineermode services on Unisoc chipsets; root cause is a missing permission check that allows local access to sensitive engineermode functionality, causing local denial of service. Impact is indicated as High for availability with local attack vector and low privileg...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.56 views

CVE-2022-47354

CVE-2022-47354 involves a missing permission check in the log service, enabling local denial of service. The connected documents consistently describe the root cause as a lack of privilege validation within the log service, leading to a local impact (DoS) without remote execution. Specific affect...

5.5CVSS5.3AI score0.00081EPSS
CVE
CVE
added 2023/02/06 5:28 a.m.56 views

CVE-2022-47369

CVE-2022-47369 concerns a vulnerability in the WLAN driver where a missing parameters check could allow local denial of service to WLAN services. The issue is described across multiple sources as affecting the WLAN driver and enabling local impact, with the root cause identified as inadequate val...

5.7CVSS5.3AI score0.00091EPSS
CVE
CVE
added 2023/02/06 5:28 a.m.56 views

CVE-2022-47370

The CVE-2022-47370 entry concerns the WLAN driver. A missing parameters check in the WLAN driver is described as allowing local denial of service in WLAN services. Affected component: WLAN driver (details about specific hardware/vendor not provided in the documents). Root cause: missing parameter...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/02/06 5:28 a.m.56 views

CVE-2022-47451

CVE-2022-47451 describes a missing parameters check in the WLAN driver that could allow a local denial of service in WLAN services. Multiple connected sources (NVD, Red Hat advisory, CNNVD, CVE listings, and PT security) consistently indicate the issue stems from insufficient validation in the WL...

6.3CVSS5.3AI score0.00161EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.56 views

CVE-2022-47465

CVE-2022-47465 affects the vdsp service, where a missing permission check can cause local denial of service. The CVE description and multiple sources confirm a local, low-privilege issue with no required user interaction, resulting in availability impact. Exploitation details are not provided in ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.56 views

CVE-2022-47467

The CVE-2022-47467 issue is a missing permission check in the telecom service component, enabling local denial of service. Affected context repeatedly ties this to UNISOC chipsets and telecom service workflows, but concrete vulnerable versions are not specified in the provided documents. The vuln...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.56 views

CVE-2022-48231

Summary (CVE-2022-48231): The vulnerability is described as a missing permission check in the soter service, leading to local denial of service with no additional execution privileges. Public references indicate the issue in the UNISOC/“Soter service” used in chipsets and related Red Hat/NVD reco...

5.5CVSS5.4AI score0.00092EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.56 views

CVE-2023-20605

CVE-2023-20605 describes an out-of-bounds read in MediaTek keyinstall caused by a missing bounds check, potentially enabling local information disclosure with SYSTEM privileges and no user interaction. The advisory notes a patch (Patch ID: ALPS07550104; Issue ID: ALPS07550104). Exploitation detai...

4.4CVSS4.2AI score0.00097EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.56 views

CVE-2023-20608

The CVE-2023-20608 issue concerns MediaTek chip display DRM and is caused by a race condition leading to a use-after-free, enabling local privilege escalation with SYSTEM privileges. Affected component is the display DRM path; impact is local escalation of privileges (no user interaction required...

6.4CVSS6.6AI score0.00092EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.56 views

CVE-2023-20619

The CVE-2023-20619 entry concerns the vcu component, with a memory corruption issue caused by improper locking. The vulnerability enables local escalation of privileges to System execution level and does not require user interaction. A patch is identified as ALPS07519159 (Issue ALPS07519159). Pub...

6.7CVSS6.8AI score0.0008EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.56 views

CVE-2023-20636

CVE-2023-20636 affects the MediaTek display drm module. The root cause is a missing bounds check that can cause an out-of-bounds write, enabling local privilege escalation with SYSTEM execution privileges required; no user interaction is needed. A patch is identified as ALPS07292593/ALPS07292593....

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.56 views

CVE-2023-20637

CVE-2023-20637 affects the ril component in MediaTek chips, with an out-of-bounds write caused by a missing bounds check. The issue could enable local escalation of privilege with System execution privileges required and no user interaction needed. Patch ALPS07628588/ALPS07628588 is referenced; n...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.56 views

CVE-2023-20639

CVE-2023-20639 affects the ril module in MediaTek chips, where a missing bounds check enables an out-of-bounds write that can lead to local escalation of privilege with System execution privileges required. The vulnerability is exploitable locally with no user interaction, and a patch (ALPS076285...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.56 views

CVE-2023-20663

CVE-2023-20663 describes a potential out-of-bounds write in wlan due to an integer overflow, enabling local privilege escalation with System execution privileges required and no user interaction. The vulnerability is tied to a patch ID ALPS07560741 / Issue ID ALPS07560741. Connected sources menti...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.56 views

CVE-2023-20744

The CVE-2023-20744 vulnerability affects the vcu module in MediaTek chips. It is described as a use-after-free caused by a logic error, enabling local escalation of privilege with System execution privileges required and no user interaction needed. Connected documents corroborate a fault in vcu w...

6.7CVSS6.7AI score0.00097EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.56 views

CVE-2023-20812

CVE-2023-20812 affects the WLAN driver via an out-of-bounds write caused by improper input validation. Impact described as local information disclosure with potential System privileges required; no user interaction needed for exploitation. Patch ALPS07944987 (Issue ID ALPS07944987) referenced in ...

4.4CVSS4.4AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.56 views

CVE-2023-21295

CVE-2023-21295 affects Google Android’s SliceManagerService. The root cause is a missing null check in the content provider check, enabling local information disclosure without additional privileges and with no user interaction required. Connected sources (e.g., Red Hat, CNVD, NVD, CNNVD, and And...

5.5CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.56 views

CVE-2023-21296

CVE-2023-21296 corresponds to an information-disclosure flaw in Android’s permission side-channel that can reveal whether an app is installed, enabling local escalation of privilege with no extra execution privileges required. Exploitation requires user interaction. Android 14 patch release notes...

5.5CVSS6.2AI score0.00096EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.56 views

CVE-2023-21302

CVE-2023-21302 affects Android’s Package Manager. The issue is a side-channel information disclosure that lets an attacker determine whether an app is installed without query permissions, leading to local information disclosure without any execution privileges. Exploitation details are not provid...

5.5CVSS5.6AI score0.00092EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.56 views

CVE-2023-21350

CVE-2023-21350 affects Android's Media Projection component. An attacker can infer whether a target app is installed via a side-channel disclosure, without query permissions, enabling local information leakage with no user interaction. Impact is limited to confidentiality (high) per sources; atta...

5.5CVSS5.6AI score0.00083EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.56 views

CVE-2023-21381

CVE-2023-21381 is an Android vulnerability reported across multiple sources, with concrete details indicating a local use-after-free in the Media Resource Manager that enables possible local arbitrary code execution and local escalation of privilege without user interaction. The Android 14 releas...

7.8CVSS8.1AI score0.00093EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.56 views

CVE-2023-21388

CVE-2023-21388 affects Google Android, specifically the Settings component, where a missing permission check can enable a local escalation of privilege without extra execution privileges or user interaction. The vulnerability is categorized as EoP with a high impact on confidentiality, integrity,...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.56 views

CVE-2023-30926

CVE-2023-30926 affects the opm service: a missing permission check can permit local information disclosure without additional privileges. The CVSS vector indicates local attack with low complexity and low privileges required, affecting confidentiality (high) with no integrity/availability impact....

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/08/07 1:54 a.m.56 views

CVE-2023-33906

CVE-2023-33906 concerns a missing permission check in the Contacts Service, leading to potential local information disclosure without requiring additional execution privileges. Public sources consistently describe the issue as a permission check omission, yielding information exposure at the loca...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/08/07 1:54 a.m.56 views

CVE-2023-33907

The CVE-2023-33907 issue is described across multiple sources as a flaw in the Contacts Service where a missing permission check can allow local information disclosure without requiring additional execution privileges. The Red Hat entry explicitly notes a missing permission check as the root caus...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.56 views

CVE-2023-40640

CVE-2023-40640 concerns the SoundRecorder service where a missing permission check could allow local information disclosure without requiring execution privileges. Affected detail across connected sources centers on UNISOC chipsets’ SoundRecorder component; root cause is insufficient access contr...

5.5CVSS5.2AI score0.00076EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.56 views

CVE-2023-42647

CVE-2023-42647 affects the Ifaa service. The root cause is a missing permission check that allows writing permission usage records for apps, leading to local information disclosure without additional execution privileges. Adverse impact is confined to information disclosure (confidentiality) with...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.56 views

CVE-2023-52350

The CVE-2023-52350 issue affects the ril service in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds write. This can lead to local denial of service with System privileges required. Documents consistently state the vulnerability as a possible out-of-bounds write in ...

5.5CVSS6.7AI score0.00081EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.56 views

CVE-2024-20002

CVE-2024-20002 affects TVAPI with an out-of-bounds write caused by a missing bounds check. The vulnerability allows local escalation to SYSTEM with no user interaction required, as indicated by both NVD and Red Hat entries. The impact is limited to local privilege escalation with high confidentia...

6.7CVSS6.7AI score0.00113EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.56 views

CVE-2024-20089

CVE-2024-20089 affects MediaTek wlan in various MediaTek chipsets. The vulnerability stems from incorrect error handling in the wlan component, enabling a remote denial of service without user interaction. The issue is classified with a HIGH impact (Availability) and NETWORK attack vector, with n...

7.5CVSS7AI score0.00306EPSS
CVE
CVE
added 2024/07/01 8:40 a.m.56 views

CVE-2024-39428

CVE-2024-39428 involves an out-of-bounds write due to a missing bounds check in the trusty service. Across multiple sources (NVD entry and Red Hat advisory) the vulnerability can lead to local denial of service with System execution privileges required. The affected component is described as the ...

6.8CVSS6.8AI score0.00093EPSS
CVE
CVE
added 2024/07/01 8:40 a.m.56 views

CVE-2024-39429

The CVE-2024-39429 entries describe a vulnerability in the faceid service where an out-of-bounds write can occur due to a missing bounds check. Affected component: faceid service. Impact per sources: local denial of service without requiring additional privileges. The descriptions consistently re...

6.2CVSS6.8AI score0.00081EPSS
CVE
CVE
added 2024/09/27 7:37 a.m.56 views

CVE-2024-39434

CVE-2024-39434 concerns UNISOC chipsets where the drm service contains a missing bounds check that enables an out-of-bounds read. This is described as a local denial of service condition with system execution privileges required. The available connected sources consistently report the issue in th...

6.2CVSS6.9AI score0.00076EPSS
CVE
CVE
added 2024/10/09 6:43 a.m.56 views

CVE-2024-39438

The CVE-2024-39438 issue affects the linkturbonative service, caused by improper input validation that enables command injection. Exploitation could grant local escalation to SYSTEM-equivalent privileges. Connected sources (PT-2024-28497, NVD/ CVE records, Red Hat advisory) confirm the vulnerabil...

6.7CVSS7.7AI score0.00252EPSS
CVE
CVE
added 2025/12/08 4:56 p.m.56 views

CVE-2025-22432

CVE-2025-22432 affects the Android Framework (CallRedirectionProcessor.java). The root cause is improper input validation in notifyTimeout, which may create a persistent connection and enable local escalation of privilege, triggering background activity launches with User privileges and no user i...

6.7CVSS6.4AI score0.00097EPSS
CVE
CVE
added 2013/12/14 8:0 p.m.55 views

CVE-2013-6271

CVE-2013-6271 affects Android 4.0–4.3; a vulnerability in com.android.settings.ChooseLockGeneric allows an unprivileged app to bypass restrictions and remove the device lock by invoking updateUnlockMethodAndFinish with PASSWORD_QUALITY_UNSPECIFIED. Exploits/PoC exist (CRT-RemoveLocks; Metasploit ...

8.8CVSS6.6AI score0.08896EPSS
CVE
CVE
added 2020/01/23 2:32 p.m.55 views

CVE-2013-6792

Google Android prior to 4.4 contains an APK Signature Security Bypass vulnerability. The issue is cited across multiple sources (NVD entry CVE-2013-6792, Red Hat advisory, CVE listings) and is associated with a signature bypass in APK handling. The CIRCL feed notes an exploit entry, indicating ex...

9.8CVSS9AI score0.02991EPSS
CVE
CVE
added 2014/04/29 8:0 p.m.55 views

CVE-2013-7373

CVE-2013-7373 affects Android versions before 4.4, where the OpenSSL PRNG seeding is inadequate. This weakens cryptographic protections because the PRNG may be reused across multiple applications, potentially reducing confidentiality, integrity, and availability. The vulnerability is documented a...

7.5CVSS6.7AI score0.01144EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.55 views

CVE-2014-9934

CVE-2014-9934 : A PKCS#1 v1.5 signature verification routine in all Android CAF releases using the Linux kernel may not check padding, potentially enabling signature forgery or bypass of integrity checks. The NVD entry reports a high impact (CVSS v3.0: HIGH, LOCAL attack vector with high confiden...

9.3CVSS7.2AI score0.00369EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.55 views

CVE-2014-9944

CVE-2014-9944 affects the Secure File System in all Android CAF builds using the Linux kernel. The issue is described as an Integer Overflow that could lead to a Buffer Overflow. Available sources note the vulnerability at a high impact level (CVSSv3 base score 7.8; CVSSv2 9.3) with local attack ...

9.3CVSS7.1AI score0.00522EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.55 views

CVE-2015-0575

CVE-2015-0575 describes an insecure-cipher-suite issue in Qualcomm components used in Android builds (CAF Linux kernel). The connected CNVD-2017-26831 entry explicitly attributes the vulnerability to the Qualcomm closed‑source component in Android, arising from insecure default cipher configurati...

10CVSS7.8AI score0.0052EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.55 views

CVE-2015-3865

CVE-2015-3865 : Elevation of privilege in the Android Runtime (ART) before 5.1.1 LMY48T allows a crafted application to gain Signature or SignatureOrSystem privileges, as described in the NVD entry. The root cause is an ART elevation-of-privilege flaw enabling local code execution within an eleva...

9.3CVSS6.8AI score0.00618EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.55 views

CVE-2015-6605

CVE-2015-6605 concerns the Android mediaserver component. In affected Android releases prior to 5.1.1 LMY48T, a denial-of-service condition can be triggered in mediaserver, causing a process crash via unspecified vectors. The vulnerability is linked to internal bugs 20915134 and 23142203 and is d...

5CVSS6.5AI score0.00529EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.55 views

CVE-2015-6618

CVE-2015-6618 is a Bluetooth remote-code-execution vulnerability in Android 4.4 and 5.x (before 5.1.1 LMY48Z). The issue permits user‑assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment; exploitation details require the attacker to be paired ...

4.3CVSS7.5AI score0.0037EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.55 views

CVE-2015-6640

The CVE-2015-6640 issue affects Android kernels prior to 5.1.1 (LMY49F) and 6.0 prior to 2016-01-01. It concerns the prctl_set_vma_anon_name function in kernel/sys.c, which does not ensure that only a single vma is accessed during a specific update action. Consequence: local privilege escalation ...

9.3CVSS7.5AI score0.00729EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.55 views

CVE-2015-7718

CVE-2015-7718 affects Android’s mediaserver in versions 5.x up to 5.1.1 (LMY48T) and 6.0 prior to 2015-10-01. The vulnerability allows a denial of service (process crash) via unspecified vectors and is described as a different issue from CVE-2015-6605. The provided sources do not reveal the exact...

5CVSS6.4AI score0.00443EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.55 views

CVE-2015-9041

CVE-2015-9041 is a buffer overflow vulnerability in Qualcomm closed‑source components used in Android CAF builds based on the Linux kernel, triggered during WCDMA radio tuning. Public sources (NVD/CNVD) describe a buffer overflow in the Qualcomm component within Android, with potential for arbitr...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.55 views

CVE-2016-0818

The CVE affects Conscrypt’s TrustManagerImpl on Android, where caching mishandles the distinction between an intermediate CA and a trusted root CA. Affected: Android/Conscrypt versions: 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01. Impact: enables MITM by exploiting an int...

5.9CVSS5.6AI score0.00268EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.55 views

CVE-2016-0826

CVE-2016-0826 affects libcameraservice in mediaserver on Android 4.x (before 4.4.4), 5.x (before 5.1.1 LMY49H), and 6.x (before 2016-03-01). The issue is that the camera service dump path does not require use of ICameraService::dump, allowing a crafted application to dump data directly and obtain...

9.3CVSS7.5AI score0.00569EPSS
Total number of security vulnerabilities8153