Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2022/09/09 2:40 p.m.54 views

CVE-2022-36853

The CVE-2022-36853 issue affects Samsung Photo Editor (on Samsung mobile devices) prior to the SMR Sep-2022 Release 1. Root cause: intent redirection in Photo Editor that may disclose sensitive information. Impact: enables information disclosure to an attacker without user interaction (per NVD me...

7.5CVSS7.4AI score0.00197EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.54 views

CVE-2022-36861

CVE-2022-36861 affects Samsung SystemUI prior to SMR Sep-2022 Release 1. It is described as a custom permission misuse that lets an attacker use some protected functions with SystemUI privilege. Root cause: misuse of a custom permission in SystemUI. Impact: potential elevation of privileges withi...

5.9CVSS5.2AI score0.00086EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.54 views

CVE-2022-38674

The CVE-2022-38674 entry concerns a vulnerability in the wlan driver where a missing parameters check can allow a local denial of service against wlan services. Affected component: wlan driver (and associated Qualcomm wlan context in several records). Root cause: insufficient input/parameter vali...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.54 views

CVE-2022-39097

CVE-2022-39097 concerns a missing permission check in the power management service. Root cause described as allowing setup with no additional execution privileges. CVSS v3.1 score 7.8 (HIGH) with LOCAL, LOW complexity, LOW privileges required; impacts on confidentiality, integrity, and availabili...

7.8CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.54 views

CVE-2022-42757

CVE-2022-42757 affects the wlan driver (notably in UNISOC chipsets). The root cause is a missing bounds check in the wlan driver, which could lead to local denial of service in wlan services. Documented impacts across multiple sources indicate a local attack vector with low overall risk (CVSS 3.1...

3.3CVSS4AI score0.00083EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.54 views

CVE-2022-42758

In CVE-2022-42758, multiple sources confirm a vulnerability in the WLAN driver (specifically a missing bounds check in the WLAN driver) that can cause local denial of service in WLAN services. Affected component is the WLAN driver (Unisoc chipset context appears in related tooling); root cause is...

3.3CVSS4AI score0.00083EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.54 views

CVE-2022-42761

CVE-2022-42761 concerns the WLAN driver in UNISOC chipsets, where a missing bounds check can enable local denial of service in WLAN services. The NVD/Red Hat/UNISOC‑linked entries describe the issue and assign CVSS v3.1 base score 5.5 (Medium) with LOCAL attack vector, LOW complexity and privileg...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.54 views

CVE-2022-42777

CVE-2022-42777 concerns a missing permission check in the power management service, enabling setup of the service with no additional execution privileges. The issue is described as local attack vector with low attack complexity, requiring low privileges and no user interaction, and it is assessed...

7.8CVSS7.5AI score0.00091EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.54 views

CVE-2022-47325

The CVE-2022-47325 entry concerns the WLAN driver where a missing permission check could allow local information disclosure. Several connected sources (NVD, Red Hat, CVE listing, PRION, CNNVD) consistently describe this issue as a local-information-disclosure vulnerability in the WLAN driver, cau...

6.4CVSS5.1AI score0.00085EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.54 views

CVE-2022-47346

In CVE-2022-47346, the issue affects engineermode services where a missing permission check enables local denial of service. The CVE is described as a local vulnerability with a DoS impact, relying on local access to trigger the flaw. The provided metrics indicate a local attack vector with low c...

5.5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.54 views

CVE-2022-47481

CVE-2022-47481 affects the telephony service where a missing permission check can allow a local denial-of-service without requiring extra privileges. The available documents consistently describe this as a local impact (AV:L/PR:L/UI:N) with a high availability impact and no confidentiality/integr...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.54 views

CVE-2022-48235

The CVE-2022-48235 issue concerns the UNISOC MP3 encoder in chipsets, where a missing bounds check can cause an out-of-bounds write. This leads to a local denial of service with System execution privileges required. Affected component: MP3 encoder; root cause: missing bounds check leading to out-...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.54 views

CVE-2022-48370

CVE-2022-48370 describes a local information disclosure in the Unisoc dialer service due to a missing permission check. The vulnerability affects Unisoc chipsets’ dialer component and could allow access to sensitive data without extra execution privileges. No explicit affected version ranges or p...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.54 views

CVE-2023-20674

The CVE-2023-20674 issue affects the WLAN component in MediaTek devices, caused by an out-of-bounds read due to a missing bounds check. This vulnerability could allow local information disclosure and may enable system-level execution privileges, with no user interaction required. Multiple feeds (...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.54 views

CVE-2023-20675

CVE-2023-20675 concerns MediaTek platforms where the kernel/wlan component is vulnerable to an out-of-bounds read caused by a missing bounds check. The issue can lead to local information disclosure, with potentially full System privileges if exploited, and does not require user interaction. Conn...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.54 views

CVE-2023-20781

In keyinstall, a memory corruption vulnerability is caused by a missing bounds check, enabling local denial of service with SYSTEM privileges without user interaction. Affects the keyinstall component; exploitation details are not provided beyond the local-privilege context. The issue is associat...

4.4CVSS4.8AI score0.00084EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.54 views

CVE-2023-20785

Summary: CVE-2023-20785 describes a potential out-of-bounds write in the audio component due to a missing bounds check, enabling local escalation of privilege to system execution level. The vulnerability is described with no user interaction required. Affected component: Audio subsystem (MediaTek...

6.4CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.54 views

CVE-2023-20806

CVE-2023-20806 affects the MediaTek chipset-embedded hcp module, where a missing bounds check can cause an out-of-bounds write. This can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed for exploitation. The issue is tied to patch ...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.54 views

CVE-2023-20823

CVE-2023-20823 affects the cmdq component and is caused by an incorrect status check that enables an out-of-bounds read. The vulnerability could allow local denial of service with SYSTEM privileges, and exploitation does not require user interaction. A patch is referenced as ALPS08021592 (Issue I...

4.4CVSS4.6AI score0.00084EPSS
CVE
CVE
added 2023/08/14 9:10 p.m.54 views

CVE-2023-21234

CVE-2023-21234 is a Wear OS/Android System vulnerability involving a missing permission check in the launchConfirmationActivity of ChooseLockSettingsHelper.java that could allow enabling developer options without entering the lockscreen PIN. This enables a local escalation of privilege with no ex...

5.5CVSS5.7AI score0.00074EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21321

CVE-2023-21321 affects Android's Package Manager, enabling cross-user information disclosure due to a missing permission check. The vulnerability allows local information disclosure with no privileges and no user interaction required. The connected sources list this CVE as part of Android 14 secu...

5.5CVSS5.7AI score0.00083EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21329

CVE-2023-21329 describes an information disclosure in Android's Activity Manager caused by a missing permission check, enabling local access to whether an app is installed without user interaction. The Android 14 security release notes list this CVE under Framework with a Moderate severity and in...

5.5CVSS5.7AI score0.00099EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21352

CVE-2023-21352 affects NFA and is caused by a missing bounds check leading to an out-of-bounds read. This can result in local information disclosure without additional execution privileges, and exploitation does not require user interaction, per the provided description. Connected sources corrobo...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21359

CVE-2023-21359 concerns Bluetooth: an out-of-bounds read due to a missing bounds check could disclose local information via the Bluetooth server. Exploitation requires SYSTEM privileges; no user interaction. Documented in NVD/Red Hat/CNVD entries and Android 14 notes corroborate a Bluetooth infor...

4.4CVSS5AI score0.00085EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.54 views

CVE-2023-21378

CVE-2023-21378 : In Telecomm, a missing permission check enables silencing the ring for calls of secondary users, causing a local elevation of privilege with no additional execution privileges needed. Exploitation does not require user interaction. CVSSv3.1 base score is 7.8 (High), with local at...

7.8CVSS7.8AI score0.00087EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.54 views

CVE-2023-32808

The CVE-2023-32808 entry concerns a Bluetooth driver issue where improper access control of the register interface allows read/write access to registers, enabling local leakage of sensitive information with system-level privileges required. The description notes no user interaction is needed for ...

4.4CVSS4.5AI score0.00094EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.54 views

CVE-2023-32824

The CVE-2023-32824 entry affects the rpmb module and describes a double-free issue caused by improper locking, enabling local escalation of privilege with System execution privileges required and no user interaction. Patch: ALPS07912966; Issue: ALPS07912961. Connected records consistently identif...

6.7CVSS6.7AI score0.00085EPSS
CVE
CVE
added 2023/10/08 3:35 a.m.54 views

CVE-2023-40633

CVE-2023-40633 describes a vulnerability in the phasecheckserver where a missing permission check could allow local information disclosure without requiring additional execution privileges. Supported by multiple sources (NVD entry, CVE records, and related enrichments), the flaw is characterized ...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.54 views

CVE-2023-42646

CVE-2023-42646 concerns UNISOC-based systems with an Ifaa service that lacks a required permission check, enabling local information disclosure without additional privileges. The root cause is insufficient access-control in the Ifaa service, leading to exposure of sensitive data to an attacker wi...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.54 views

CVE-2023-42649

CVE-2023-42649 concerns UNISOC chipsets’ engineermode where a missing permission check allows local information disclosure without requiring execution privileges. Affected component: engineermode logic; root cause: inadequate permission validation leading to exposure of sensitive data to local at...

5.5CVSS5.2AI score0.00084EPSS
CVE
CVE
added 2023/09/27 2:8 p.m.54 views

CVE-2023-44128

CVE-2023-44128 affects LGInstallService (com.lge.lginstallservies) on LG devices, where the exported AIDL-based InstallService exposes installPackage* methods that call installPackageVerify() for signature validation after a delete-file operation. An attacker can manipulate conditions so the secu...

5CVSS4.6AI score0.00068EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.54 views

CVE-2023-52534

This CVE concerns the ngmm component. The root cause is incorrect error handling that can lead to undefined behavior, resulting in remote denial of service. Affected software is ngmm; the exact versions are not specified in the provided documents. Impact is limited to availability (DoS) with no u...

5.9CVSS6.9AI score0.00325EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.54 views

CVE-2024-20084

CVE-2024-20084 affects MediaTek power components. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with System execution privileges required; exploitation is not user-initiated. Patch ALPS08944210 is noted (Issue MSV-15...

4.4CVSS6.2AI score0.00098EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.54 views

CVE-2024-20134

CVE-2024-20134 affects the RIL (Radio Interface Layer) with a possible out-of-bounds write caused by a missing bounds check. The issue could enable local privilege escalation to System level and does not require user interaction for exploitation. A patch is referenced (ALPS09154589) with an inter...

6.7CVSS7.4AI score0.00081EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.54 views

CVE-2024-20135

In soundtrigger, a missing bounds check can cause an out-of-bounds write, enabling local escalation to System privileges with no user interaction required. Several sources (NVD/Red Hat/CVE references) confirm the issue and patch ID ALPS09142526 (Issue MSV-1841) as the remediation. Affected produc...

6.7CVSS7.4AI score0.00081EPSS
CVE
CVE
added 2026/03/02 7:2 p.m.54 views

CVE-2024-31328

CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...

8.8CVSS6.2AI score0.00115EPSS
CVE
CVE
added 2024/07/01 8:40 a.m.54 views

CVE-2024-39430

The CVE-2024-39430 issue affects the faceid service, described as an out-of-bounds write caused by a missing bounds check. The practical impact is local denial of service with no additional execution privileges required. Connected PT-2024-28491 notes affected versions are not specified and provid...

6.2CVSS6.8AI score0.00081EPSS
CVE
CVE
added 2025/07/08 2:0 a.m.54 views

CVE-2025-20694

CVE-2025-20694 affects Bluetooth firmware (MediaTek chipsets). The issue is a fault due to an uncaught exception that can cause a system crash, enabling remote denial of service with no user interaction and with adjacent access as per the CVSS data. The vulnerability is tied to the Bluetooth FW c...

6.5CVSS6.6AI score0.00153EPSS
CVE
CVE
added 2025/09/04 5:17 a.m.54 views

CVE-2025-36887

CVE-2025-36887 affects the function wl_cfgscan_update_v3_schedscan_results() in wl_cfgscan.c, where an out-of-bounds write results from an incorrect bounds check. This could enable local escalation of privilege with no extra execution privileges required and no user interaction. Multiple sources ...

7.8CVSS6.4AI score0.00078EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.54 views

CVE-2026-0059

Technical details about CVE-2026-0059 are not publicly available in the provided documents; no affected products, versions, root cause, or mitigations are disclosed here. Monitor for updates.

8CVSS6.5AI score0.00114EPSS
CVE
CVE
added 2014/03/03 2:0 a.m.53 views

CVE-2014-1939

CVE-2014-1939 affects Android’s BrowserFrame.java (Android before 4.4). The vulnerability arises from using addJavascriptInterface with an instance of SearchBoxImpl, allowing attackers to perform arbitrary Java code execution via the searchBoxJavaBridge_ interface at certain API levels. Exploitat...

7.5CVSS7.1AI score0.01071EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.53 views

CVE-2014-9784

CVE-2014-9784 affects Qualcomm components in Android on Nexus 5 and Nexus 7 (2013) devices. The issue arises from multiple buffer overflows in drivers/char/diag/diag_debugfs.c, enabling a local attacker with a crafted application to gain privileges. Root cause: buffer overflow in the diag_debugfs...

9.3CVSS7.6AI score0.00605EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.53 views

CVE-2014-9876

CVE-2014-9876 affects Android with Qualcomm components on Nexus 5/5X/6/6P/7 (2013). The vulnerability is in drivers/char/diag/diagfwd.c, where mishandling of certain integer values allows privilege escalation via a crafted application (Android internal bug 28767796; Qualcomm CR483408). Exploitati...

7.8CVSS7.5AI score0.00466EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.53 views

CVE-2014-9879

The CVE-2014-9879 issue affects the mdss mdp3 driver in the Qualcomm components on Nexus 5 devices running Android prior to 2016-08-05. The vulnerability arises because user-space data is not validated, enabling a locally staged attacker to gain privileges via a crafted application (Android inter...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.53 views

CVE-2014-9923

CVE-2014-9923 is described in the provided records as a buffer copy without checking the input size, located in NAS for CAF Android releases using the Linux kernel. The vulnerability path is not fully detailed beyond this memory-unsafe copy, and exploitation details are not provided in the suppli...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.53 views

CVE-2014-9941

Technical details for CVE-2014-9941 are not publicly provided in the supplied documents. No specific affected products, root cause, or fixes are present here; monitor for updates from official sources.

7.6CVSS6.7AI score0.00347EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.53 views

CVE-2014-9942

CVE-2014-9942 affects the boot path in all Android releases from CAF that use the Linux kernel. The root cause is a Use of Uninitialized Variable in the boot code, which could lead to memory corruption or unpredictable behavior. The NVD CVSSv3 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.53 views

CVE-2014-9950

Technical details for CVE-2014-9950 are not publicly available in the provided documents; monitor for updates.

9.3CVSS7.2AI score0.00443EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.53 views

CVE-2015-3879

CVE-2015-3879 affects the Android Media Player Framework (Android 5.1.1 LMY48T and earlier). The issue allows an attacker via a crafted application to gain privileges in mediaserver through memory corruption in media processing paths. Connected sources frame this as an elevation-of-privilege vuln...

9.3CVSS6.8AI score0.00618EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.53 views

CVE-2015-6614

CVE-2015-6614 affects Android 5.x before 5.1.1 LMY48X in Telephony. The vulnerability is an elevation-of-privilege flaw that can allow a local malicious app to bypass intended network-interface restrictions, gain privileges, and enable actions such as bypassing restrictions, expensive data transf...

5.8CVSS6.8AI score0.00563EPSS
Total number of security vulnerabilities8153