Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/03/24 12:0 a.m.182 views

CVE-2023-20966

CVE-2023-20966 is described across multiple sources as a heap buffer overflow in the inflate.c function that can cause a local elevation of privilege. The vulnerability affects Android 11–13 (Android-11, -12, -12L, -13) and requires no user interaction, with exploitation characterized as a local ...

7.8CVSS7.8AI score0.00099EPSS
CVE
CVE
added 2017/02/07 7:2 a.m.181 views

CVE-2016-10044

CVE-2016-10044 is supported by connected advisories: the Linux kernel up to version 4.7.7 contains a vulnerability in the aio_mount path. Specifically, the aio_mount function in fs/aio.c did not properly restrict execute access, enabling local users to bypass SELinux W^X policy and gain privilege...

7.8CVSS7.3AI score0.00299EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.181 views

CVE-2019-2222

CVE-2019-2222 affects Android Media Framework, specifically the ihevcd_parse_slice_data path in ihevcd_parse_slice.c, where a missing bounds check can cause an out-of-bounds write. This could allow remote code execution in a privileged context, requiring user interaction to exploit. Affected Andr...

7.8CVSS7.9AI score0.00579EPSS
CVE
CVE
added 2020/10/14 1:2 p.m.181 views

CVE-2020-0411

CVE-2020-0411 affects Android media framework (Media Framework) with an out-of-bounds write in AACExtractor.cpp due to uninitialized data, potentially enabling remote information disclosure. The Android 10/11 patch details in the 2020-10 bulletin list CVE-2020-0411 as an Information Disclosure is...

6.5CVSS6.2AI score0.00847EPSS
CVE
CVE
added 2022/08/09 8:22 p.m.181 views

CVE-2022-20348

CVE-2022-20348 affects LocationServicesWifiScanningPreferenceController.java in Android (Android-10/11/12/12L). The issue is an admin restriction bypass caused by a missing permission check in updateState, enabling local escalation of privilege without extra execution privileges and with no user ...

7.8CVSS7.7AI score0.00111EPSS
CVE
CVE
added 2022/08/09 8:24 p.m.181 views

CVE-2022-20358

CVE-2022-20358 affects Android 10–12 (including 12L) and is tied to a flaw in AbstractThreadedSyncAdapter.startSync where a missing permission check could allow access to protected content in content providers. This is a local information-disclosure vulnerability with user privileges required, an...

7.1CVSS3.6AI score0.00179EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.181 views

CVE-2022-20411

CVE-2022-20411 is an Android Bluetooth heap/bounds issue in avdt_msg_asmbl (avdt_msg.cc) where a missing bounds check enables an out-of-bounds write. This can lead to remote code execution over Bluetooth with no user interaction or privileges required. Affected: Android-10, Android-11, Android-12...

8.8CVSS8.8AI score0.01868EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.181 views

CVE-2022-20498

Technical details for CVE-2022-20498 are not provided in the connected documents. The initial description mentions an out-of-bounds read in fdt_ro.c causing local information disclosure, but lacks concrete product/version data or mitigations beyond the Android bulletin reference. Monitor for upda...

4.4CVSS4.3AI score0.01149EPSS
CVE
CVE
added 2023/08/14 9:6 p.m.181 views

CVE-2023-21287

The CVE-2023-21287 entry concerns a type confusion vulnerability in Google Android that could allow remote code execution without user interaction. Connected sources corroborate that this issue is listed under the Android security bulletin as a high-severity, remote code execution vulnerability a...

9.8CVSS9.4AI score0.00419EPSS
CVE
CVE
added 2024/03/11 4:35 p.m.181 views

CVE-2024-23717

CVE-2024-23717 affects Google's Android Bluetooth stack. The vulnerability is in the function access_secure_service_from_temp_bond of btm_sec.cc , caused by improper input validation, enabling keystroke injection and potential remote (proximal/adjacent) elevation of privilege without additional e...

9.1CVSS7.5AI score0.00366EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.180 views

CVE-2019-2218

CVE-2019-2218 affects Android Framework (PackageInstallerService.java) with a missing permission check in createSessionInternal, enabling local elevation of privilege by installing malicious packages. Exploitation is local with no user interaction required and could grant complete confidentiality...

7.8CVSS7.6AI score0.00153EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.180 views

CVE-2019-2221

CVE-2019-2221 affects Android 10, related to hasActivityInVisibleTask in WindowProcessController.hasActivityInVisibleTask. Root cause: incorrect handling of top activities in the INITIALIZING state, allowing bypass of user interaction requirements. Impact: local elevation of privilege (EoP) with ...

7.8CVSS7.7AI score0.00165EPSS
CVE
CVE
added 2020/07/17 8:7 p.m.180 views

CVE-2020-0225

CVE-2020-0225 affects Android 10 and is triggered by an out-of-bounds write in the function a2dp_vendor_ldac_decoder_decode_packet within a2dp_vendor_ldac_decoder.cc, caused by a missing bounds check. This leads to remote code execution with no privileges or user interaction required, as describe...

10CVSS9.3AI score0.02681EPSS
CVE
CVE
added 2022/05/10 7:57 p.m.180 views

CVE-2022-20011

CVE-2022-20011 : Affected Android versions 10–12/12L have a local information disclosure in NotificationManagerService.getArray, where a leak of one user’s notifications to another is possible due to a missing check. Exploitation requires local access with no user interaction; impact is informati...

5.5CVSS5AI score0.00128EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.180 views

CVE-2022-20423

CVE-2022-20423 is an Android kernel vulnerability arising in rndis_set_response() in rndis.c that allows an out-of-bounds write due to integer overflow. The issue can enable local privilege escalation when a malicious USB device is attached, with physical access required (no user interaction). Pu...

4.6CVSS5.8AI score0.00231EPSS
CVE
CVE
added 2019/09/05 9:36 p.m.179 views

CVE-2019-2176

CVE-2019-2176 affects Android 8.0–9 where ihevcd_parse_buffering_period_sei in ihevcd_parse_headers.c can write out of bounds due to a missing bounds check, enabling remote code execution with user interaction required. The issue resides in the Android Media framework, with high/critical severity...

9.3CVSS8AI score0.01038EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.179 views

CVE-2022-20130

CVE-2022-20130 : In Android Media Framework, an out-of-bounds write due to a heap buffer overflow in transportDec_OutOfBandConfig (tpdec_lib.cpp) could enable remote code execution with no privileges or user interaction. Affected: Android 10–12–12L; patches released per the 2022-06 Android Bullet...

10CVSS9.5AI score0.0839EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.178 views

CVE-2019-2217

CVE-2019-2217 is a memory corruption via use-after-free in GpuStats.cpp (setCpuVulkanInUse) leading to local privilege escalation on Android 10. Public docs confirm the flaw is in the Android Framework (GpuStats.cpp) and cause is memory corruption with use-after-free. The Android Security Bulleti...

7.8CVSS7.8AI score0.00164EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.178 views

CVE-2019-2223

CVE-2019-2223 is a remote code execution in Android’s Media Framework caused by an out-of-bounds write in ihevcd_ref_list.c due to a missing bounds check. Affected: Android 8.0–10 (per Android Security Bulletin December 2019). Exploitation described in connected sources requires a crafted media f...

7.8CVSS7.9AI score0.00564EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.178 views

CVE-2019-2231

CVE-2019-2231 affects the Android blob handling in Blob::Blob (blob.cpp), where improper input validation can lead to an unencrypted master key and local information disclosure. The issue requires local access with system privileges to exploit, with no user interaction needed. Public sources conf...

4.4CVSS4.3AI score0.00095EPSS
CVE
CVE
added 2021/01/11 9:47 p.m.178 views

CVE-2021-0316

CVE-2021-0316 affects Android’s Bluetooth stack (AVRC) due to an out-of-bounds write in avrc_pars_vendor_cmd within avrc_pars_tg.cc caused by a missing bounds check. This leads to remote code execution over Bluetooth with no privileges and no user interaction required. Affected Android versions i...

10CVSS9.3AI score0.03057EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.178 views

CVE-2021-39693

CVE-2021-39693 affects Android 12 via a logic error in AppOpsService.java (onUidStateChanged) that may allow access to location without a visible indicator, causing local privilege escalation with no extra execution privileges and no user interaction required. Connected sources confirm the issue ...

7.8CVSS7.6AI score0.00124EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.178 views

CVE-2021-39702

CVE-2021-39702 affects Android 12; in onCreate of RequestManageCredentials.java, a tapjacking/overlay attack could allow a third‑party app to install certificates without user approval, enabling local elevation of privilege with User interaction required . Documented impact: EoP with high confide...

9.3CVSS7.6AI score0.00314EPSS
CVE
CVE
added 2014/12/17 11:0 a.m.177 views

CVE-2014-9322

CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...

7.8CVSS7.4AI score0.01504EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.177 views

CVE-2021-39619

CVE-2021-39619 affects Android (Android 11 and 12) in the UsageStatsService.java updatePackageMappingsData path. The root cause enables bypassing security/privacy settings for app usage, permitting local escalation of privilege without extra execution privileges and without user interaction. Expl...

7.8CVSS7.8AI score0.00133EPSS
CVE
CVE
added 2022/05/10 7:58 p.m.177 views

CVE-2022-20113

CVE-2022-20113 affects Android 12/12L via a logic error in mPreference of DefaultUsbConfigurationPreferenceController.java that could enable file transfer mode, enabling local elevation of privilege with no extra execution privileges and no user interaction required. Documented impact is high (CV...

7.8CVSS7.6AI score0.00164EPSS
CVE
CVE
added 2022/06/15 1:3 p.m.177 views

CVE-2022-20147

CVE-2022-20147 affects Google/Android: the out-of-bounds write in nfa_dm_check_set_config within nfa_dm_main.cc is caused by a missing bounds check. This yields local privilege escalation with no additional execution privileges and no user interaction required. Affected: Android 10–12/12L. Root c...

7.8CVSS7.7AI score0.00113EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.177 views

CVE-2023-40117

CVE-2023-40117 affects the Android SettingsProvider.java resetSettingsLocked path and describes a local privilege-escalation via a lockscreen bypass caused by a permissions bypass. The vulnerability enables elevation of privilege with LOCAL attack vector and LOW required privileges, without user ...

7.8CVSS7.7AI score0.00103EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.176 views

CVE-2019-1986

CVE-2019-1986 affects the Android Framework, specifically a vulnerability in SkSwizzler (SkSwizzler.cpp) where a missing bounds check enables an out-of-bounds write. This can allow remote escalation of privilege to system_server, with execution in a privileged context, requiring user interaction ...

9.3CVSS8.6AI score0.01502EPSS
CVE
CVE
added 2019/09/05 9:43 p.m.176 views

CVE-2019-2181

CVE-2019-2181 affects the Android/Linux kernel binder implementation (binder.c: binder_transaction), where an integer overflow can cause an out-of-bounds write. This enables local privilege escalation with no extra privileges; exploitation requires user interaction per the description. Public ref...

7.8CVSS8.3AI score0.00409EPSS
CVE
CVE
added 2019/12/06 10:40 p.m.176 views

CVE-2019-2229

CVE-2019-2229 affects Android (Android-8.0/8.1/9/10) where BaseWidgetProvider.java::updateWidget can leak user data due to a missing permission check. The vulnerability enables local information disclosure without additional execution privileges and does not require user interaction. Exploitation...

5.5CVSS5AI score0.00131EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.176 views

CVE-2021-39633

CVE-2021-39633 affects the Android/Linux kernel’s gre_handle_offloads path in ip_gre.c, where a memory access fault can cause a page fault and local information disclosure with no extra privileges or user interaction. Public details in connected Nessus advisories (Unity Linux UTSA advisories) con...

5.5CVSS4.8AI score0.0018EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.176 views

CVE-2021-39668

CVE-2021-39668 is an Android elevation-of-privilege issue identified in onActivityViewReady within DetailDialog.kt, caused by an Intent Redirect (confused deputy) that could allow local escalation of privileges to the System UI. Affected versions are Android 11 and 12; exploitation requires user ...

7.8CVSS7.6AI score0.00132EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.176 views

CVE-2021-39690

CVE-2021-39690 affects Android 12, where the vulnerability lies in setDisplayPadding within WallpaperManagerService.java. The issue permits a persistent Denial of Service (DoS) due to improper input validation, with local attack vector and no user interaction required. Exploitation status is not ...

5.5CVSS5.3AI score0.00127EPSS
CVE
CVE
added 2022/06/15 1:0 p.m.176 views

CVE-2022-20126

The vulnerability CVE-2022-20126 affects Android (Android-10 to Android-12L) via the Bluetooth stack: in AdapterService.java, setScanMode can enable Bluetooth discovery mode without user interaction due to a missing permission check. This creates local elevation of privilege with user execution p...

7.3CVSS7.2AI score0.00237EPSS
CVE
CVE
added 2022/02/11 5:40 p.m.176 views

CVE-2022-23427

CVE-2022-23427 concerns a PendingIntent hijacking flaw in Samsung’s KnoxPrivacyNoticeReceiver. The vulnerability allows a local attacker to access media files via an implicit Intent prior to the SMR Feb-2022 Release 1. The descriptions across NVD, Red Hat, CNVD, CVE list, and related advisories a...

7.1CVSS6.6AI score0.001EPSS
CVE
CVE
added 2020/05/06 4:25 p.m.175 views

CVE-2020-8899

CVE-2020-8899 covers a buffer/heap overflow in Samsung’s Quram qmg (Qmage) codec used by Android Skia, affecting O(8.x), P(9.0), and Q(10.0). An unauthenticated MMS can trigger an RCE via a heap-based overflow in the Quram/QMG image decoding path (QMG/QM formats), with Project Zero documenting th...

10CVSS9.7AI score0.05711EPSS
CVE
CVE
added 2022/08/09 8:21 p.m.175 views

CVE-2022-20347

CVE-2022-20347 affects Android 10–12(12L) with a vulnerability in the onAttach path of ConnectedDeviceDashboardFragment.java that enables a permission bypass via a confused deputy, enabling remote escalation of privilege in Bluetooth settings without extra execution privileges or user interaction...

8.8CVSS8.6AI score0.00796EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.175 views

CVE-2023-21116

CVE-2023-21116 affects Android 11–13 and stems from a logic error in InstallPackageHelper.java, in verifyReplacingVersionCode, which could downgrade system apps below the system image version and enable local elevation of privilege with System privileges. Exploitation details are not provided in ...

6.7CVSS6.6AI score0.00091EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.175 views

CVE-2023-40139

The CVE-2023-40139 entry describes a local information-disclosure vulnerability in the Android FillUi component (FillUi.java) that allows an attacker to view another user’s images due to a confused deputy. Exploitation requires no user interaction and can occur with local access; no remote/vector...

5.5CVSS5.1AI score0.00089EPSS
CVE
CVE
added 2025/01/02 11:58 p.m.175 views

CVE-2024-43762

CVE-2024-43762 is a local Elevation of Privilege vulnerability affecting Android components (notably Framework and System in the 2024-12 Android bulletin). The issue arises from a logic error that can prevent unbinding a service from the system, enabling a local attacker to escalate privileges wi...

7.8CVSS7.1AI score0.00185EPSS
CVE
CVE
added 2019/06/07 7:31 p.m.174 views

CVE-2019-2090

CVE-2019-2090 affects Android Framework code (PackageManagerService.java) where isPackageDeviceAdminOnAnyUser lacks a necessary permissions check, enabling local elevation of privilege without extra permissions. Documented impact is local compromise with high impact on confidentiality, integrity,...

7.8CVSS7.5AI score0.00131EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.174 views

CVE-2019-9325

The CVE-2019-9325 issue affects the libvpx library (VP8/VP9 SDK) and is described as an out-of-bounds read caused by a missing bounds check. According to the provided documents, this could lead to remote information disclosure with no inherent execution privileges, and exploitation requires user ...

6.5CVSS6.6AI score0.02571EPSS
CVE
CVE
added 2022/06/15 1:1 p.m.174 views

CVE-2022-20137

CVE-2022-20137 affects Android 12/Android 12L. The issue resides in NetworkProviderSettings.java onCreateContextMenu, where a missing permission check could allow a non-owner user to change WiFi settings, enabling local elevation of privilege. Exploitation requires user interaction, and the impac...

7.3CVSS7.2AI score0.00111EPSS
CVE
CVE
added 2022/06/15 1:2 p.m.174 views

CVE-2022-20143

CVE-2022-20143 concerns a DoS vulnerability in Android’s ZenModeHelper.addAutomaticZenRule due to resource exhaustion. The initial entry and connected documents identify the root cause as resource exhaustion in addAutomaticZenRule and describe a local denial of service that can be triggered with ...

5.5CVSS5.3AI score0.00098EPSS
CVE
CVE
added 2020/09/17 6:45 p.m.173 views

CVE-2020-0432

CVE-2020-0432 affects the Android kernel networking.c function skb_to_mamac, where an integer overflow can cause an out-of-bounds write. The consequence specified is local privilege escalation with no extra execution privileges or user interaction required. The provided connected advisories (Unit...

7.8CVSS7.7AI score0.00225EPSS
CVE
CVE
added 2022/03/16 2:4 p.m.173 views

CVE-2021-39689

CVE-2021-39689 is a local elevation-of-privilege vulnerability reported in Android 12, due to a logic error in multiple functions of odsign_main.cpp. It could allow a local attacker with system privileges to gain full control without user interaction. The Android bulletin notes this issue under t...

7.2CVSS6.6AI score0.00099EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.173 views

CVE-2023-40116

CVE-2023-40116 affects Android via a logic error in PipTaskOrganizer.java (onTaskAppeared), enabling bypass of background activity launch restrictions and resulting in local elevation of privilege without additional execution privileges or user interaction. Public sources in the Connected documen...

7.8CVSS7.7AI score0.00102EPSS
CVE
CVE
added 2023/10/27 8:22 p.m.173 views

CVE-2023-40138

CVE-2023-40138 affects the FillUi component (FillUi.java) in Android, enabling information disclosure by viewing another user’s images via a confused deputy. The vulnerability can be exploited locally without user interaction, and the impact is local information exposure with no added executable ...

3.3CVSS3.6AI score0.00091EPSS
CVE
CVE
added 2016/06/16 6:0 p.m.172 views

CVE-2016-5300

Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...

7.8CVSS7.7AI score0.06539EPSS
Total number of security vulnerabilities8153