Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/12/02 9:26 p.m.55 views

CVE-2018-9423

CVE-2018-9423 affects the Media framework component (ihevcd_parse_slice_header.c) where a missing bounds check allows an out-of-bounds read, leading to DoS. Exploitation requires user interaction. Several connected sources (NVD/Red Hat/Android bulletin) confirm the issue and cite the root cause. ...

6.5CVSS6.8AI score0.00156EPSS
CVE
CVE
added 2020/04/08 5:51 p.m.54 views

CVE-2018-21055

CVE-2018-21055 affects Samsung mobile devices running N (Android 7.0) on Qualcomm MSM8996. The issue allows rooting via a custom image to run arbitrary scripts in the INIT context. Samsung assigns ID SVE-2018-11940 (Sept 2018). CVSS metrics indicate a critical impact (C/H, I/H, A/H) with network ...

10CVSS9.5AI score0.00831EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.54 views

CVE-2018-5845

CVE-2018-5845 describes a race condition in drm_atomic_nonblocking_commit() within the display driver that can lead to a Use-After-Free condition on Android devices using the Linux kernel (CAF Android for MSM, Firefox OS for MSM, QRD). Affected component: DRM display driver; root cause is a race ...

7.6CVSS5AI score0.003EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.54 views

CVE-2018-5846

CVE-2018-5846 affects the IPA driver in Android CAF (Android for MSM, Firefox OS for MSM, QRD Android) on Linux kernels. The issue is a Use-After-Free in the IPA driver that can occur when IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EM...

9.3CVSS5.3AI score0.00408EPSS
CVE
CVE
added 2019/02/13 10:0 p.m.54 views

CVE-2018-6271

CVE-2018-6271 affects NVIDIA Tegra OpenMax driver (libnvomx). The issue arises from delivering extra data with buffers and inadequate validation, enabling potential denial of service or escalation of privileges. Affected products are Jetson TX1/TX2 running Linux for Tegra; NVIDIA lists CVE-2018-6...

9.3CVSS6.3AI score0.00631EPSS
CVE
CVE
added 2024/11/19 7:3 p.m.54 views

CVE-2018-9346

CVE-2018-9346 affects the Android AudioPolicyService component: In BnAudioPolicyService::onTransact there is information disclosure due to uninitialized data, enabling local information disclosure without additional privileges. Exploitation context: local access, no user interaction required. Aff...

5.5CVSS6AI score0.00084EPSS
CVE
CVE
added 2024/11/19 9:10 p.m.54 views

CVE-2018-9417

The CVE-2018-9417 entry affects the Linux kernel USB HID gadget driver (f_hid.c). In functions f_hidg_read and hidg_disable, there is a use-after-free caused by improper locking, enabling local escalation of privilege with no user interaction required. The description states the impact as local p...

7.8CVSS6.9AI score0.0008EPSS
CVE
CVE
added 2024/11/19 9:23 p.m.54 views

CVE-2018-9424

CVE-2018-9424 concerns an out-of-bounds write in CryptoPlugin::decrypt (CryptoPlugin.cpp) that could allow local escalation of privilege with no user interaction. Exploitation details are not provided in the documents; the Android Security Bulletin catalogs this CVE under Media framework issues w...

7.8CVSS7.1AI score0.0008EPSS
CVE
CVE
added 2024/12/02 10:12 p.m.54 views

CVE-2018-9435

CVE-2018-9435 affects the Android Pixel/Nexus ecosystem (System component). The issue stems from a missing bounds check in gatt_process_error_rsp of gatt_cl.cc, enabling a possible out-of-bounds read leading to local information disclosure without user interaction. The Android Pixel/Nexus securit...

6.2CVSS8.1AI score0.00084EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.54 views

CVE-2018-9459

CVE-2018-9459 affects Android across 6.0–8.1. A path traversal flaw in Attachment.java (Attachment of EmlAttachmentProvider.java) enables Elevation of Privilege with remote execution potential. Impact is a remote privilege escalation with no extra credentials; exploitation does not require user i...

8.8CVSS7.4AI score0.01677EPSS
CVE
CVE
added 2024/11/20 5:40 p.m.54 views

CVE-2018-9481

CVE-2018-9481 : The vulnerability is in the Bluetooth stack, specifically in the function bta_hd_set_report_act of bta_hd_act.cc. An integer overflow can trigger an out-of-bounds read, enabling remote information disclosure through the Bluetooth service without extra privileges or user interactio...

6.5CVSS6.5AI score0.00138EPSS
CVE
CVE
added 2024/11/20 5:41 p.m.54 views

CVE-2018-9482

The CVE-2018-9482 entry concerns the Bluetooth stack component: the function intr_data_copy_cb in btif_hd.cc. The flaw is described as an out-of-bounds read caused by an integer overflow, which could lead to local information disclosure in the Bluetooth service without extra privileges or user in...

6.5CVSS6.1AI score0.00087EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.54 views

CVE-2018-9508

CVE-2018-9508 describes an out-of-bounds read in Bluetooth handling (smp_process_keypress_notification in smp_act.cc) that could lead to remote information disclosure without user interaction. Affected platforms include Android 7.0–8.1. The NVD notes a CVSSv3 base score of 6.5 (Attack vector: Adj...

6.5CVSS6.1AI score0.00675EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.54 views

CVE-2018-9551

CVE-2018-9551 affects Android 9 (Android-9) in the CAacDecoder_Init path of aacdecoder.cpp, where a missing bounds check can cause an out-of-bounds write. This vulnerability could enable remote code execution within the media server with privileges of a privileged process, requiring user interact...

9.3CVSS7.8AI score0.01089EPSS
CVE
CVE
added 2019/04/19 7:39 p.m.54 views

CVE-2019-2035

The CVE-2019-2035 issue affects Android and is caused by a missing bounds check in rw_i93_sm_update_ndef within rw_i93.cc, leading to an out-of-bounds write. The described impact is local elevation of privilege with user interaction required for exploitation, on Android versions 7.0–9 (Android ID...

7.8CVSS7.7AI score0.00445EPSS
CVE
CVE
added 2020/03/24 5:48 p.m.54 views

CVE-2019-20538

CVE-2019-20538 concerns a heap overflow in the knox_kap driver on Samsung mobile devices running P(9.0) software (Samsung ID SVE-2019-14857). The vulnerability affects the kernel driver stack used by Samsung devices and is documented as a local issue within the knox_kap component. The provided so...

7.8CVSS7.8AI score0.00136EPSS
CVE
CVE
added 2020/03/24 7:49 p.m.54 views

CVE-2019-20593

CVE-2019-20593 concerns Samsung mobile devices running N(7.x) or O(8.x) software where the Gallery app leaks Private Mode thumbnails. Public descriptions across multiple sources (NVD entry, Red Hat advisory, CNVD, CVE pages) consistently state the vulnerability involves information disclosure via...

5.3CVSS5.4AI score0.0034EPSS
CVE
CVE
added 2020/04/17 1:35 p.m.54 views

CVE-2019-20772

CVE-2019-20772 affects LG mobile devices running Android 7.0–9.0 where the Account subsystem permits an authorization bypass. The vendor-specific LG advisory (LVE-SMP-190007) and Red Hat/NVD entries corroborate the same description. Root cause and exact vulnerable component are not detailed in th...

9.8CVSS9.2AI score0.00455EPSS
CVE
CVE
added 2020/04/17 1:47 p.m.54 views

CVE-2019-20784

CVE-2019-20784 affects LG mobile devices running Android 7.0–8.1 (MTK chipset) where the interaction between GPS and 911 emergency calls is mishandled. The issue is described in multiple sources (NVD, Red Hat, CVE listing) as a GPS-related handling flaw during emergency calls, with LG’s internal ...

5.5CVSS5.6AI score0.00129EPSS
CVE
CVE
added 2019/11/13 5:42 p.m.54 views

CVE-2019-2207

CVE-2019-2207 affects Android devices (Android 8.0–10) and is tied to a flaw in the nfa_hci_handle_admin_gate_rsp path of nfa_hci_act.cc. The issue is an out-of-bounds write caused by missing bounds checks in this function, enabling local elevation of privilege with system execution privileges re...

7.8CVSS7.7AI score0.00181EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.54 views

CVE-2019-9291

CVE-2019-9291 affects Android 10 Bluetooth with a remote code execution due to improper memory allocation in the Bluetooth stack. The vulnerability enables network-based exploitation requiring user interaction; CVSS indicates high impact (C/H/I/A) with network access and low attack complexity, an...

8.8CVSS8.9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.54 views

CVE-2019-9431

CVE-2019-9431 describes a Bluetooth vulnerability in Android 10: a use-after-free leads to an out-of-bounds read, enabling remote information disclosure. The issue can disclose heap information and requires no user interaction, with potential system-level privileges needed for impact per public r...

4.9CVSS5.5AI score0.00689EPSS
CVE
CVE
added 2020/01/06 5:25 p.m.54 views

CVE-2019-9469

CVE-2019-9469 affects the Android kernel Titan‑M component. A flaw in km_compute_shared_hmac (km4.c) allows an out‑of‑bounds write due to input validation issues, enabling local privilege escalation with no user interaction. CVSS data in NVD indicates LOCAL access, LOW attack complexity, with HIG...

7.8CVSS8.1AI score0.00156EPSS
CVE
CVE
added 2020/02/13 2:22 p.m.54 views

CVE-2020-0005

CVE-2020-0005 describes an out-of-bounds write in the Bluetooth stack (btm_read_remote_ext_features_complete in btm_acl.cc) that could enable local elevation of privilege to SYSTEM on Android 8.0–10. No user interaction is required. Public docs list Android versions affected as 8.0, 8.1, 9, and 1...

7.2CVSS6.7AI score0.0018EPSS
CVE
CVE
added 2020/02/13 2:22 p.m.54 views

CVE-2020-0027

CVE-2020-0027 affects Android System component HidRawSensor (HidRawSensor.cpp), where HidRawSensor::batch can trigger an out-of-bounds write due to an unexpected switch fallthrough. This leads to local elevation of privilege with no extra user interaction. Impact is described as local, with compl...

7.8CVSS7.7AI score0.00181EPSS
CVE
CVE
added 2020/03/10 7:55 p.m.54 views

CVE-2020-0031

Technical details for CVE-2020-0031 are not publicly provided in the supplied documents. Monitor for updates.

5CVSS4.8AI score0.00157EPSS
CVE
CVE
added 2020/05/14 8:8 p.m.54 views

CVE-2020-0098

CVE-2020-0098 affects Android framework (ActivityStack.java) and enables a local elevation of privilege due to a confused deputy in navigateUpToLocked. The issue allows a local attacker to bypass permissions without extra execution privileges, with no user interaction required. Affected Android v...

7.8CVSS7.7AI score0.00152EPSS
CVE
CVE
added 2020/06/10 5:11 p.m.54 views

CVE-2020-0118

The CVE-2020-0118 issue affects the Android Media framework on Android 10. It is an EoP in RegionSamplingThread.cpp’s addListener caused by improper input validation, enabling a local attacker to escalate privileges without additional execution privileges; user interaction is required to exploit....

7.8CVSS7.7AI score0.00183EPSS
CVE
CVE
added 2020/05/11 3:12 p.m.54 views

CVE-2020-12746

CVE-2020-12746 affects Samsung mobile devices (Exynos) on O(8.X), P(9.0), and Q(10.0). The issue is a heap-based buffer overflow that lets an attacker bypass the Secure Bootloader protection mechanism and execute arbitrary code. The Samsung internal ID is SVE-2020-16712 (May 2020). Connected sour...

10CVSS9.8AI score0.01082EPSS
CVE
CVE
added 2020/05/11 3:47 p.m.54 views

CVE-2020-12754

CVE-2020-12754 affects LG mobile devices running Android 7.2, 8.0, 8.1, 9, and 10. A crafted app can obtain control of device input through the window system service, enabling partial to high impact on confidentiality, integrity, and availability as per CVSS metrics. Root cause centered on window...

7.8CVSS7.5AI score0.00295EPSS
CVE
CVE
added 2021/02/04 5:10 p.m.54 views

CVE-2021-0346

CVE-2021-0346 affects Android devices via the VPU component. The issue is an out-of-bounds write caused by an incorrect bounds check, enabling local escalation to System privileges without user interaction. Affected: Android 10 and Android 11 (VPU). Impact per sources indicates local privilege el...

7.2CVSS6.7AI score0.00166EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.54 views

CVE-2021-0366

In CVE-2021-0366, the vulnerability affects Android devices (Android-10 and Android-11) due to a memory corruption in the vpu caused by a race condition. This leads to local privilege escalation with System privileges required, and exploitation does not require user interaction. The vulnerability...

6.9CVSS6.7AI score0.00096EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.54 views

CVE-2021-0403

CVE-2021-0403 affects MediaTek netdiag on Android-11 . The root cause is a missing permission check in netdiag that can cause local information disclosure with System execution privileges needed. Exploitation requires no user interaction (local attack). Publicly documented patch: ALPS05475124 . E...

4.4CVSS4.3AI score0.00125EPSS
CVE
CVE
added 2021/03/10 4:17 p.m.54 views

CVE-2021-0460

CVE-2021-0460 affects Google's FingerTipS touchscreen driver in the Android kernel. The root cause is an integer overflow causing an out-of-bounds read in fts_driver_test_write, enabling a local attacker to disclose kernel data. Exploitation requires ability to execute low-privileged code; user i...

4.4CVSS4.2AI score0.00124EPSS
CVE
CVE
added 2022/01/14 7:11 p.m.54 views

CVE-2021-1035

The CVE-2021-1035 entries describe a vulnerability in the Android BluetoothDevicePickerPreferenceController.java: setLaunchIntent allows invoking an arbitrary broadcast receiver due to a confused deputy, enabling local elevation of privilege with no extra privileges and no user interaction requir...

7.8CVSS7.7AI score0.00122EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.54 views

CVE-2021-25397

CVE-2021-25397 concerns an improper access control in Samsung TelephonyUI prior to SMR MAY-2021 Release 1. The issue allows a local attacker, via untrusted applications, to write arbitrary files within the telephony process. Documented impact across sources indicates local privilege escalation po...

6.8CVSS6.2AI score0.0013EPSS
CVE
CVE
added 2021/09/09 6:4 p.m.54 views

CVE-2021-25460

CVE-2021-25460 affects BlockchainTZService, where an improper access control in the sspExit() function could allow an attacker to terminate the service. The issue is limited to BlockchainTZService prior to SMR Sep-2021 Release 1. Impact is service termination (availability). Remediation: upgrade ...

5.5CVSS5.4AI score0.00096EPSS
CVE
CVE
added 2021/10/06 5:9 p.m.54 views

CVE-2021-25480

CVE-2021-25480 describes a vulnerability in the GUTI REALLOCATION COMMAND handling within Qualcomm modems, where a lack of replay attack protection before Samsung’s SMR Oct-2021 Release 1 could enable remote denial of service on the mobile network connection. The issue is tied to Qualcomm modem p...

7.5CVSS7.4AI score0.0046EPSS
CVE
CVE
added 2021/12/08 2:19 p.m.54 views

CVE-2021-25516

CVE-2021-25516 affects Samsung Exynos baseband (prior to SMR Dec-2021 Release 1). An improper handling of exceptional conditions in the baseband’s RRC MeasurementReport allows an attacker to track a device’s location. Impact is described as location-tracking with high practicality on affected Sam...

7.5CVSS7.5AI score0.00301EPSS
CVE
CVE
added 2022/08/11 3:14 p.m.54 views

CVE-2022-20274

In Android 13, CVE-2022-20274 affects the Keyguard component where a missing permission check could enable local escalation of privilege and prevent screen timeout. Exploitation requires local access with low privileges and no user interaction, potentially compromising confidentiality, integrity,...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2022/08/11 3:23 p.m.54 views

CVE-2022-20308

CVE-2022-20308 affects hostapd in Android 13, where an insecure default value in hostapd leads to remote denial of service of the Wi‑Fi hotspot without extra privileges or user interaction. The issue is described as an insecure configuration default that can be exploited remotely to cause DoS. Pu...

7.5CVSS7.4AI score0.00495EPSS
CVE
CVE
added 2022/08/11 3:24 p.m.54 views

CVE-2022-20313

The CVE-2022-20313 entry affects Android 13 and concerns the Bluetooth subsystem. It describes an out-of-bounds write due to a missing bounds check, which could enable local escalation of privilege to System level without user interaction. The vulnerability impacts the Bluetooth path selectively ...

6.8CVSS7.2AI score0.00165EPSS
CVE
CVE
added 2022/08/11 3:26 p.m.54 views

CVE-2022-20322

CVE-2022-20322 affects Android 13 where the PackageManager may disclose installed package information due to a missing permission check. The issue enables local information disclosure without extra execution privileges and without user interaction. The vulnerability is classified as Local (ATT&CK...

5.5CVSS5.6AI score0.00092EPSS
CVE
CVE
added 2022/08/11 3:29 p.m.54 views

CVE-2022-20333

The CVE-2022-20333 entry concerns Android 13 Bluetooth, where a missing null check can cause a crash leading to remote denial of service without privileges or user interaction. Affected component: Bluetooth on Android 13. Underlying cause: null-pointer-like condition causing a crash; no exploit d...

6.5CVSS6.8AI score0.00218EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.54 views

CVE-2022-26450

CVE-2022-26450 affects MediaTek Apusys. The vulnerability is a use-after-free caused by a race condition in apusys that can lead to local escalation of privileges with System execution privileges required; exploitation does not require user interaction. The issue is documented across multiple sou...

6.4CVSS6.6AI score0.00074EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.54 views

CVE-2022-26451

In ged, a use-after-free due to improper locking is described, enabling local escalation to SYSTEM privileges with no user interaction required. Patch ID ALPS07202966 (Issue ALPS07202966) is noted as the remediation; exploitation status is not detailed in the provided documents.

6.7CVSS6.7AI score0.0008EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.54 views

CVE-2022-32647

CVE-2022-32647 affects the ccu component and is described as an out-of-bounds write caused by improper input validation. The impact is local escalation of privilege with system execution privileges required, and exploitation is possible without user interaction. Remediation: patch identified as A...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2022/07/11 1:35 p.m.54 views

CVE-2022-33698

CVE-2022-33698 describes an information-disclosure vulnerability in Samsung’s Telecom application on Samsung mobile devices. The underlying issue allows local attackers to access the ICCID via logs, i.e., sensitive hardware identifiers are exposed by log handling within the Telecom app. Affected ...

3.3CVSS3.9AI score0.00099EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.54 views

CVE-2022-36845

CVE-2022-36845 corresponds to a heap-based overflow in the MHW_RECOG_LIB_INFO function of libSDKRecognitionText.spensdk.samsung.so. The vulnerability affects versions prior to Samsung SMR Sep-2022 Release 1. Root cause is a heap overflow in MHW_RECOG_LIB_INFO, which can lead to a memory access fa...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.54 views

CVE-2022-36848

In the connected PT-2022-23652 document, the issue is an Improper Authorization in the SoftwareX component tied to the setDualDARPolicyCmd function. Affects SoftwareX versions prior to SMR Sep-2022 Release 1; local attackers can cause a local permanent denial of service. Mitigation: update to SMR...

5.5CVSS5.3AI score0.00076EPSS
Total number of security vulnerabilities8153