Lucene search
+L
GoogleAndroid

8153 matches found

cve
cve
added 2017/09/21 3:0 p.m.54 views

CVE-2017-8281

CVE-2017-8281 is reported as a race condition in Qualcomm CAF Android builds using the Linux kernel, affecting the DCI driver and allowing access to memory that has already been freed during event status queries. Connected sources identify the affected component as the DCI driver in Qualcomm auto...

4.7CVSS5.5AI score0.0036EPSS
cve
cve
added 2019/08/20 7:54 p.m.54 views

CVE-2019-2137

CVE-2019-2137 affects Android 9 (Pie); the issue is in TelecomManager.java endCall() where a missing permission check allows a local DoS that can block access to Emergency Services with user execution privileges, and does not require user interaction. Exploitation details are not provided in the ...

5.5CVSS5.3AI score0.00155EPSS
cve
cve
added 2018/03/12 1:0 p.m.53 views

CVE-2017-6288

CVE-2017-6288 affects NVIDIA libnvrm in Android. It describes an out-of-bounds read caused by a missing bounds check, enabling local information disclosure. The issue is identified as a Information Disclosure/DoS-like risk on Android devices (Pixel/Nexus contexts cited) with a reported MEDIUM bas...

5.5CVSS5.3AI score0.00132EPSS
cve
cve
added 2017/08/16 3:0 p.m.53 views

CVE-2017-6421

CVE-2017-6421 describes an elevation-of-privilege vulnerability in the Qualcomm MStar touchscreen driver affecting Qualcomm-based Android devices. The issue arises in the touch controller function where a variable is user-controlled, enabling a buffer overflow. Public details indicate the vulnera...

8.8CVSS8.5AI score0.00513EPSS
cve
cve
added 2017/06/13 8:0 p.m.53 views

CVE-2017-7366

CVE-2017-7366 affects Android devices using CAF Linux kernel with KGSL kernel graphics guest library: a KGSL ioctl fails to validate all parameters, enabling an elevation of privilege within the GPU driver. The vulnerability is listed under Qualcomm components in the 2017-06-05 Android bulletin; ...

5.5CVSS5.9AI score0.00281EPSS
cve
cve
added 2017/06/13 8:0 p.m.53 views

CVE-2017-7371

CVE-2017-7371 affects Android CAF devices using the Linux kernel with SLIMbus when Bluetooth is active. Root cause: a data pointer may be used after being freed when SLIMbus is turned off via Bluetooth, leading to memory corruption and potential local impact. Affected component: Qualcomm/Bluetoot...

9.3CVSS7.4AI score0.00363EPSS
cve
cve
added 2017/06/13 8:0 p.m.53 views

CVE-2017-8234

CVE-2017-8234 affects Android devices using CAF with the Linux kernel, where an out-of-bounds access in a camera driver function can potentially occur. Connected sources identify the issue within camera-related components, notably Qualcomm camera driver entries in the 2017 Android security bullet...

9.3CVSS7.5AI score0.00363EPSS
cve
cve
added 2017/06/13 8:0 p.m.53 views

CVE-2017-8241

Technical details about CVE-2017-8241 are not publicly provided in the connected documents. The materials here only reiterate a buffer overflow in a WLAN function due to an incorrect message length. Monitor for official updates and patches.

9.3CVSS7.7AI score0.00415EPSS
cve
cve
added 2017/11/16 10:0 p.m.53 views

CVE-2017-9696

CVE-2017-9696 involves a buffer over-read in the Qualcomm MSM camera driver (msm_isp_stop_stats_stream) affecting Android variants built for MSM, Firefox OS for MSM, and QRD Android with CAF Linux kernels. The problem stems from not validating userspace-supplied stream_cfg_cmd->num_streams aga...

7.5CVSS7.1AI score0.00412EPSS
cve
cve
added 2020/04/08 5:22 p.m.53 views

CVE-2018-21069

CVE-2018-21069 affects Samsung mobile devices running N(7.x) with MediaTek chipsets. The issue is an information disclosure of kernel stack memory in a MediaTek driver. Samsung reference ID SVE-2018-11852 (July 2018). Connected sources corroborate the vulnerability but do not provide exploit deta...

7.5CVSS7.1AI score0.00413EPSS
cve
cve
added 2024/11/19 6:59 p.m.53 views

CVE-2018-9344

The CVE-2018-9344 entry describes a use-after-free in DescramblerImpl.cpp caused by improper locking, enabling local privilege escalation with no extra privileges and no user interaction. Connected sources associate this issue with Android’s Media framework and list affected context in the Androi...

7.8CVSS6.9AI score0.00074EPSS
cve
cve
added 2018/11/06 5:0 p.m.53 views

CVE-2018-9359

CVE-2018-9359 describes an out-of-bounds read in Android’s L2CAP handling (process_l2cap_cmd in l2c_main.cc) that could lead to remote information disclosure without prior privileges or user interaction. Affected products span Android 6.0 through 8.1 (Android-6.0/6.0.1, 7.0/7.1.x, 8.0, 8.1). The ...

7.8CVSS6.9AI score0.01709EPSS
cve
cve
added 2024/11/19 11:57 p.m.53 views

CVE-2018-9467

CVE-2018-9467 is a vulnerability in the getHost() path of UriTest.java where incorrect web origin determination could cause security decisions to be made incorrectly. It requires no user interaction and does not require privileges; exploitation is described as a network-vector issue with high imp...

9.8CVSS6.7AI score0.00305EPSS
cve
cve
added 2024/11/20 5:28 p.m.53 views

CVE-2018-9477

CVE-2018-9477 is an Elevation of Privilege issue in Android’s Settings app (Development options) caused by a missing permission check. It enables a local attacker to bypass authentication and escalate privileges with no additional execution privileges required, though user interaction is needed f...

7.8CVSS7.3AI score0.00089EPSS
cve
cve
added 2024/11/20 5:49 p.m.53 views

CVE-2018-9486

CVE-2018-9486 affects the Bluetooth stack component hidh_l2cif_data_ind in hidh_conn.cc, where a missing bounds check can cause an out-of-bounds read. This could lead to local information disclosure over Bluetooth with no additional execution privileges and without user interaction. Connected sou...

6.5CVSS5.9AI score0.00108EPSS
cve
cve
added 2018/10/02 7:0 p.m.53 views

CVE-2018-9505

CVE-2018-9505 affects Android Bluetooth code (mca_ccb_hdl_req in mca_cact.cc) causing an out-of-bounds read due to a missing bounds check. The Android bulletin lists this as CVE-2018-9505 (Framework, ID) with High severity and notes affected patch levels, including 2018-10-01 and 2018-10-05 updat...

6.5CVSS6.1AI score0.00571EPSS
cve
cve
added 2018/10/02 7:0 p.m.53 views

CVE-2018-9507

CVE-2018-9507 affects Android devices and relates to the Bluetooth stack. A vulnerability in bta_av_proc_meta_cmd (bta_av_act.cc) allows an out-of-bounds read due to an incorrect bounds check, enabling remote information disclosure over Bluetooth without extra privileges and without user interact...

6.5CVSS6.1AI score0.00571EPSS
cve
cve
added 2019/02/28 5:0 p.m.53 views

CVE-2019-1997

CVE-2019-1997 affects Android’s random.c: In random_get_bytes, an insecure default value degrades randomness, enabling local information disclosure over an insecure wireless connection with no user interaction. Affected Android versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation context: netwo...

7.5CVSS6.8AI score0.00857EPSS
cve
cve
added 2019/02/28 5:0 p.m.53 views

CVE-2019-1998

CVE-2019-1998 affects Android 9. In the event_handler of keymaster_app.c, a table can be lost on reboot causing resource exhaustion and a local denial of service, not mitigated by a factory reset. Exploitation does not require user interaction. The Android bulletin lists this issue under 2019-02-...

5.5CVSS5.3AI score0.00176EPSS
cve
cve
added 2019/05/08 4:27 p.m.53 views

CVE-2019-2049

CVE-2019-2049 involves a memory corruption via a use-after-free in avrcp_service.cc (SendMediaUpdate/SendFolderUpdate), leading to local privilege escalation in the Android Bluetooth service on Android 9. The Android bulletin attributes this as an EoP (High) vulnerability in the System component;...

7.8CVSS7.8AI score0.0017EPSS
cve
cve
added 2020/03/24 6:19 p.m.53 views

CVE-2019-20552

CVE-2019-20552 concerns FRP (Factory Reset Protection) bypass on Samsung mobile devices running Android P (9.0) via an RCS call. Connected sources corroborate a FRP bypass vulnerability affecting Samsung devices; one CNVD entry characterizes the underlying issue as an input validation error, whil...

7.5CVSS7.5AI score0.00364EPSS
cve
cve
added 2020/03/24 7:34 p.m.53 views

CVE-2019-20619

CVE-2019-20619 affects Samsung mobile devices running Android P (9.0) with Secure Startup, where keyboard suggested words may be leaked during startup. Samsung ID SVE-2019-13773. No public exploitation details or fixes are provided in the connected documents.

7.5CVSS7.5AI score0.00413EPSS
cve
cve
added 2020/04/17 1:43 p.m.53 views

CVE-2019-20780

CVE-2019-20780 relates to LG mobile devices running Android 7.x–8.1, where security settings governing package verification and acceptance from known sources are mishandled. The root cause is the mishandling of these security settings, as described across multiple sources (LG ID LVE-SMP-190002). ...

9.8CVSS9.2AI score0.00449EPSS
cve
cve
added 2019/08/20 7:46 p.m.53 views

CVE-2019-2121

CVE-2019-2121 : A race condition in ActivityManagerService.attachApplication on Android 9 (Pie) can lead to local escalation of privilege without extra privileges; no user interaction required. Affected component is the framework entry point for app attachment. The core issue is a race in attachi...

7CVSS7AI score0.00123EPSS
cve
cve
added 2020/02/13 2:20 p.m.53 views

CVE-2020-0017

CVE-2020-0017 is an information-disclosure flaw in the Android Framework where the primary user’s dictionary could be visible and modifiable by other local users. It affects Android 8.0–10 and requires no extra execution privileges, with exploitation requires user interaction. The Android 2020 se...

4.4CVSS4.4AI score0.00176EPSS
cve
cve
added 2020/02/13 2:20 p.m.53 views

CVE-2020-0018

CVE-2020-0018 affects Android 8.x–10, in MotionEntry::appendDescription of InputDispatcher.cpp. The issue is an information-disclosure vulnerability: an attacker could cause local disclosure of user input with system-level privileges, and exploitation does not require user interaction (local atta...

4.4CVSS4.2AI score0.0016EPSS
cve
cve
added 2020/02/13 2:22 p.m.53 views

CVE-2020-0026

CVE-2020-0026 affects Android 8.0–10 via Parcel::continueWrite in Parcel.cpp, where a use-after-free causes memory corruption and local elevation of privilege without user interaction. Documented impact is elevated privileges in a local context; no remote code execution details are provided. Affe...

7.8CVSS7.8AI score0.00171EPSS
cve
cve
added 2020/03/10 7:56 p.m.53 views

CVE-2020-0043

CVE-2020-0043 involves the FPC Fingerprint TEE on Android. In authorize_enrol of fpc_ta_hw_auth.c there is a missing bounds check causing an out-of-bounds read, leading to possible local information disclosure with system privileges and no user interaction required. Affected class: Android kernel...

4.4CVSS4.3AI score0.00158EPSS
cve
cve
added 2020/06/11 2:43 p.m.53 views

CVE-2020-0219

CVE-2020-0219 affects Android 10. The issue is in onCreate of SliceDeepLinkSpringBoard.java, where an insecure Intent could allow local elevation of privilege with no additional execution privileges and without user interaction. The provided documents corroborate the vulnerability and its local-p...

7.8CVSS7.9AI score0.00329EPSS
cve
cve
added 2020/09/18 3:26 p.m.53 views

CVE-2020-0327

CVE-2020-0327 affects Android 11: a missing permission check in core networking could allow local information disclosure of app network usage. Exploitation reportedly requires user execution but no user interaction, and the impact is local information disclosure with HIGH confidentiality impact p...

5.5CVSS5.8AI score0.00145EPSS
cve
cve
added 2020/09/17 8:52 p.m.53 views

CVE-2020-0346

The CVE-2020-0346 entry affects Android 11 media framework/Mediaserver. The vulnerability is an out-of-bounds write caused by an integer overflow in a Mediaserver component, enabling local elevation of privilege without user interaction. Impacted version: Android 11 (Android device context). Expl...

7.8CVSS8.2AI score0.00158EPSS
cve
cve
added 2020/05/11 3:40 p.m.53 views

CVE-2020-12752

CVE-2020-12752 affects Samsung mobile devices running P(9.0)/Q(10.0) with TEEGRIS. The issue allows attackers to determine user credentials via a brute-force attack against the Gatekeeper Trustlet, as described in multiple sources (Samsung ID SVE-2020-16908). The attack surface is the Gatekeeper ...

7.5CVSS7.5AI score0.00493EPSS
cve
cve
added 2020/06/04 5:9 p.m.53 views

CVE-2020-13829

CVE-2020-13829 affects Samsung mobile devices running Android P (9.0) and Q (10.0). The issue enables attackers to disable SEAndroid protection within the RKP (Recovery Kernel Patch). Root cause: SEAndroid enforcement can be turned off in RKP, per the available descriptions. Impact: disabling SEA...

7.5CVSS7.5AI score0.00346EPSS
cve
cve
added 2021/02/02 11:1 p.m.53 views

CVE-2021-0356

CVE-2021-0356 affects Android 10 and Android 11 in the netdiag component, where improper input validation enables a local command-injection that can grant SYSTEM-level privileges without user interaction. The issue’s impact is described as local escalation with high confidentiality, integrity, an...

6.7CVSS6.9AI score0.00325EPSS
cve
cve
added 2021/03/10 4:10 p.m.53 views

CVE-2021-0383

CVE-2021-0383 affects CaptivePortalLoginActivity.java on Android 11. Root cause: a confused deputy could lead to local escalation of privilege in carrier settings without additional execution privileges; no user interaction required. Impact: partial confidentiality/integrity/availability (HIGH fo...

7.8CVSS7.6AI score0.00124EPSS
cve
cve
added 2021/06/11 4:42 p.m.53 views

CVE-2021-0492

The CVE-2021-0492 entry concerns Android’s memory management driver, where an out-of-bounds write due to a missing bounds check could enable local privilege escalation without user interaction. Concrete details across connected sources identify the affected component as the memory management driv...

7.8CVSS7.7AI score0.00132EPSS
cve
cve
added 2021/09/09 6:5 p.m.53 views

CVE-2021-25461

CVE-2021-25461 concerns a stack-based buffer overflow caused by an improper length check in APAService prior to Samsung SMR Sep-2021 Release 1. The vulnerability affects the APAService component and has documented impact in CVSS: CVSSv3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW attack...

7.8CVSS7.5AI score0.00165EPSS
cve
cve
added 2023/01/24 12:0 a.m.53 views

CVE-2022-20214

CVE-2022-20214 (Android) affects the Car Settings app on Android 10–12. The vulnerability is a tapjacking issue where an attacker can overlay the “Modify system settings” toggle, potentially allowing apps to modify system settings without user consent. The CVSS 3.1 base metrics indicate: Attack V...

4.7CVSS4.6AI score0.00226EPSS
cve
cve
added 2023/01/24 12:0 a.m.53 views

CVE-2022-20215

CVE-2022-20215 describes a tapjacking/overlay attack in the MasterClearConfirmFragment.java on Android 10–12 that could trigger a local factory reset, causing a denial of service without extra privileges. Exploitation requires user interaction and can occur locally; no exploit details or likeliho...

5.5CVSS5.3AI score0.00126EPSS
cve
cve
added 2022/08/11 3:19 p.m.53 views

CVE-2022-20294

CVE-2022-20294 affects Google Android 13. The issue stems from a missing permission check in Content, allowing local information disclosure of accounts present on the device. Exploitation would require local access with no user interaction (per the description), and the CVSS score is 5.5 (Medium)...

5.5CVSS5.5AI score0.00089EPSS
cve
cve
added 2022/10/07 12:0 a.m.53 views

CVE-2022-26474

The CVE-2022-26474 entry describes a local privilege escalation in MediaTek sensorhub due to an out-of-bounds write from an incorrect buffer size calculation. Vulnerable component: sensorhub in affected MediaTek chips; root cause is incorrect buffer size calculation leading to out-of-bounds write...

6.7CVSS6.8AI score0.00128EPSS
cve
cve
added 2022/07/11 1:32 p.m.53 views

CVE-2022-30755

CVE-2022-30755 affects Samsung AppLock prior to the SMR July 2022 Release 1. The issue is improper authentication resulting from insufficient authentication logic, enabling an attacker to bypass password confirmation by hijacking an implicit intent. The vulnerability is documented across multiple...

7.8CVSS7.8AI score0.00104EPSS
cve
cve
added 2022/11/08 12:0 a.m.53 views

CVE-2022-32616

CVE-2022-32616 affects the isp component in MediaTek-based devices, causing an out-of-bounds write due to uninitialized data. This can enable local escalation of privilege with System execution privileges required, and no user interaction is needed. The entry lists patch ALPS07341258 / Issue ALPS...

6.7CVSS6.7AI score0.00134EPSS
cve
cve
added 2022/07/11 1:35 p.m.53 views

CVE-2022-33695

The CVE-2022-33695 entry concerns Samsung InputManagerService on Samsung Android devices. The vulnerability arises from improper modification permissions in InputManagerService, allowing an attacker to access the service without authorization. Affected component: InputManagerService (Binder-like ...

7.8CVSS7.5AI score0.00098EPSS
cve
cve
added 2022/09/09 2:40 p.m.53 views

CVE-2022-36858

CVE-2022-36858 is a heap-based overflow in GetCorrectDbLanguageTypeEsPKc() within libSDKRecognitionText.spensdk.samsung.so, affecting Samsung devices prior to SMR Sep-2022 Release 1. The vulnerability can cause a memory access fault due to heap overflow in the affected function. Available documen...

7.8CVSS7.5AI score0.00101EPSS
cve
cve
added 2022/12/06 12:0 a.m.53 views

CVE-2022-39091

CVE-2022-39091 involves a missing permission check in the power management service. The root cause is insufficient authorization in the power management component, enabling setup of the service with no additional execution privileges required. Documented impact is a local attack surface with high...

7.8CVSS7.5AI score0.00109EPSS
cve
cve
added 2022/10/14 12:0 a.m.53 views

CVE-2022-39108

CVE-2022-39108 affects the Music service: a missing permission check is the root cause, enabling elevation of privilege with no extra execution privileges required. According to the available data, the exploit is local with low privileges required and no user interaction, and the CVSSv3.1 base sc...

7.8CVSS7.6AI score0.00107EPSS
cve
cve
added 2022/10/14 12:0 a.m.53 views

CVE-2022-39121

CVE-2022-39121 describes an out-of-bounds write in a sensor driver caused by a missing bounds check, potentially allowing a local denial of service in the kernel. Connected sources reference Unisoc chipset implementations and related sensor-driver context; no explicit affected versions or fix are...

5.5CVSS5.4AI score0.00084EPSS
cve
cve
added 2022/10/14 12:0 a.m.53 views

CVE-2022-39128

CVE-2022-39128 corresponds to a vulnerability in the sensor driver that can cause a local denial of service in the kernel due to an out-of-bounds write from a missing bounds check. The connected documents consistently describe: (1) the flaw as a bounds-check omission in the sensor driver, (2) imp...

5.5CVSS5.4AI score0.00084EPSS
cve
cve
added 2022/10/07 12:0 a.m.53 views

CVE-2022-39852

CVE-2022-39852 is a heap-based overflow in the makeContactAGIF function of libagifencoder.quram.so, vulnerable in Samsung devices prior to SMR Oct-2022 Release 1. This can allow local attacker-controlled code execution with high impact on confidentiality, integrity, and availability. Remediation ...

8CVSS7.8AI score0.00098EPSS
Total number of security vulnerabilities8153