Lucene search
K

334 matches found

CVE
CVE
added 2017/08/18 6:0 p.m.73 views

CVE-2016-10381

CVE-2016-10381 : The issue affects Qualcomm components in Android CAF releases using the Linux kernel, where the UE can send unprotected MeasurementReports that disclose UE location. Connected documents confirm a Qualcomm information-disclosure vulnerability linked to MeasurementReports, with the...

10CVSS8.8AI score0.00976EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.73 views

CVE-2023-21377

CVE-2023-21377 : Concrete information shows a local information disclosure via a restriction bypass in the Android SELinux Policy. The issue is triggered by a permissions bypass within the policy, allowing disclosure without extra execution privileges and without user interaction. Exploitation st...

5.5CVSS5.8AI score0.00089EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.73 views

CVE-2023-21387

The CVE-2023-21387 entry concerns Google Android’s User Backup Manager. The connected documents describe a token leakage via log information disclosure that can bypass user confirmation for backups, leading to local information disclosure with System execution privileges potentially required. Thi...

4.4CVSS4.8AI score0.00102EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.73 views

CVE-2023-21390

CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.73 views

CVE-2024-44100

CVE-2024-44100 relates to information disclosure on Google Pixel devices prior to 2024-10-05, specifically in the modem component (A-299774545). The issue stems from a vulnerability in the Pixel modem that enables leakage of information, with a CVSS v3.1 base score of 7.5 (High). Affected product...

7.5CVSS6.2AI score0.00248EPSS
CVE
CVE
added 2024/10/25 10:34 a.m.73 views

CVE-2024-47020

CVE-2024-47020 affects Google Pixel devices running Android prior to the 2024-10-05 patch level, with the vulnerability classified as Information Disclosure in the ABL component (A-331966488). Public descriptors identify an information disclosure bug in ABL on Pixel hardware, but the available do...

7.5CVSS6.2AI score0.0016EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.72 views

CVE-2022-39913

CVE-2022-39913 concerns the Exposure of Sensitive Information to an Unauthorized Actor in Samsung’s Persona Manager prior to Android T(13). The issue arises from a data exposure that allows a local attacker to access user profiles information. Affected product/area: Persona Manager on devices run...

6.8CVSS3.9AI score0.0008EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.72 views

CVE-2023-21392

CVE-2023-21392 concerns a memory corruption vulnerability in Bluetooth, caused by a use-after-free in the Bluetooth stack that can enable local privilege escalation when pairing/connecting to a Bluetooth device. Exploitation does not require user interaction and does not need pre-existing executi...

8.8CVSS8.4AI score0.00166EPSS
CVE
CVE
added 2020/01/24 5:11 p.m.71 views

CVE-2015-1530

The CVE-2015-1530 issue affects Android’s media/libmedia/IAudioPolicyService.cpp prior to Android 5.1. It describes an integer overflow in BnAudioPolicyService::onTransact that can be exploited by a crafted application with an invalid array size to either execute arbitrary code with media_server ...

7.8CVSS7.8AI score0.00389EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.70 views

CVE-2022-39914

The CVE-2022-39914 entry describes an information-disclosure vulnerability in Samsung DisplayManagerService prior to Android T (13). A local attacker could access information about connected DLNA devices due to exposure of sensitive data by DisplayManagerService. The available sources indicate th...

4CVSS3.9AI score0.00082EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.70 views

CVE-2023-21382

This CVE (CVE-2023-21382) concerns Android’s Content Resolver allowing local information disclosure due to a missing permission check. Affected: Android devices (Content Resolver metadata about content providers). Root cause: insufficient permission validation on access to content provider metada...

5.5CVSS5.2AI score0.00082EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.69 views

CVE-2016-1948

Mozilla Firefox for Android before 44.0 is vulnerable to MITM during lightweight-theme installation because it may not require HTTPS for the client-server data stream, allowing an attacker to replace theme images/colors. Connected advisories indicate this is a real vulnerability affecting Firefox...

5.3CVSS5.9AI score0.00452EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.69 views

CVE-2023-21367

CVE-2023-21367 concerns the Android Scudo memory allocator. The connected documents confirm a heap OOB read/write due to an insecure implementation/design, enabling local information disclosure without extra execution privileges and with no user interaction required. The Android 14 security relea...

5.5CVSS5.8AI score0.00086EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.68 views

CVE-2022-39912

CVE-2022-39912 describes an improper handling of permissions in the Android PersonaManagerService; prior to Android T(13), setSecureFolderPolicy can be exploited locally to modify settings in Secure Folder. The issue arises from insufficient permission checks in the affected function, enabling a ...

6.2CVSS3.9AI score0.00081EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.67 views

CVE-2023-21393

CVE-2023-21393 is a local elevation of privilege in Android Settings caused by a missing permission check that could allow a user to change the SIM without interaction. Exploitation is described as local with no user interaction and the impact is elevated permissions with high confidentiality, in...

7.8CVSS7.8AI score0.00104EPSS
CVE
CVE
added 2025/05/07 8:34 a.m.67 views

CVE-2025-20980

The CVE-2025-20980 entry concerns Samsung/libsavscmn with an out-of-bounds write that leads to memory corruption on devices running Android prior to 15. Affected component: libsavscmn (memory corruption vulnerability). Root cause: out-of-bounds write. Impact: local attackers could trigger memory ...

5.5CVSS4.1AI score0.00075EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.66 views

CVE-2023-21319

CVE-2023-21319 affects Android (UsageStatsService) and describes a side-channel information disclosure that could allow reading installed 3rd‑party apps. The root cause is local information disclosure without additional privileges or user interaction. The Android 14 Security Release Notes list th...

5.5CVSS5AI score0.00086EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.66 views

CVE-2023-21391

CVE-2023-21391 is documented in Android 14 release notes as a DoS affecting the System area, attributed to improper input validation in the Messaging context. The impact is remote denial of service without user interaction or elevated privileges, with a network-based attack vector (AV:N, PR:N, UI...

7.5CVSS7.8AI score0.0042EPSS
CVE
CVE
added 2015/09/22 10:0 a.m.65 views

CVE-2015-5573

CVE-2015-5573 is a Type Confusion vulnerability affecting Adobe Flash Player prior to 18.0.0.241 and 19.x prior to 19.0.0.185 on Windows/macOS, and prior to 11.2.202.521 on Linux, plus affected AIR/SDK components. The root cause is a type confusion error that could allow an attacker to execute ar...

10CVSS7.5AI score0.05667EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.65 views

CVE-2023-21375

CVE-2023-21375 affects Sysproxy with an out-of-bounds write caused by an integer underflow. The vulnerability enables local privilege escalation without extra execution privileges and does not require user interaction. Public documentation reports this issue but provides no concrete exploit detai...

7.8CVSS7.9AI score0.00095EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.65 views

CVE-2023-21376

CVE-2023-21376 affects Android Telephony and is described as a logic error that allows local information disclosure by retrieving the ICCID without requiring user interaction. The primary impact is information disclosure with a high confidentiality impact and no demonstrated exploitation details ...

5.5CVSS5.7AI score0.00087EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.64 views

CVE-2022-20264

CVE-2022-20264 affects Android’s Usage Stats Service . The vulnerability describes a side-channel disclosure that can reveal whether an app is installed without requiring query permissions. The resulting exposure is a local information disclosure with no additional execution privileges, and explo...

5.5CVSS5.6AI score0.00105EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.64 views

CVE-2023-21369

CVE-2023-21369 concerns Android: a permissions bypass in Usage Access that can cause a local denial of service by displaying a Settings usage access restriction toggle screen. Exploitation requires user interaction but not remote code execution; impact is limited to DoS on the device. Affected co...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.63 views

CVE-2016-1940

CVE-2016-1940 affects Mozilla Firefox on Android (pre-44.0). A data: URL mishandling during shortcut opening or BOOKMARK/intent processing allows remote attackers to spoof the address bar. Affected: Firefox on Android before 44.0. Impact: address-bar spoofing. Mitigation: upgrade to Firefox 44.0 ...

5.3CVSS5.8AI score0.00666EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.63 views

CVE-2023-21315

CVE-2023-21315 describes a heap-based out-of-bounds read in Bluetooth that could cause remote information disclosure without require­ing privileges or user interaction. The NVD entry assigns CVSSv3.1: AV=Adjacent, AC=L, PR=NONE, UI=NONE, S=U, C=H, I=N, A=N with a base score of 6.5 (Medium). The A...

6.5CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.63 views

CVE-2023-21385

CVE-2023-21385 describes a memory corruption–related out-of-bounds read in Whitechapel that could enable local information disclosure without user interaction. The vulnerability is classified as a local issue with a high potential impact on confidentiality, per the NVD entry (CVSS v3.1: 5.5, MEDI...

5.5CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2025/05/07 8:24 a.m.62 views

CVE-2025-20979

CVE-2025-20979 concerns an out-of-bounds write in Samsung’s libsavscmn prior to Android 15. Affected component: libsavscmn (cell phone software). Root cause: an out-of-bounds write issue that enables local attackers to execute arbitrary code. Impact: high (local code execution with high confident...

8.4CVSS8.4AI score0.00083EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.61 views

CVE-2016-10385

CVE-2016-10385 is a high-severity use-after-free in IMS RCS across Qualcomm Android CAF builds using the Linux kernel. Public docs note a remote-exploitable condition with critical impact ( CVSSv3 9.8 ). The vulnerability affects Qualcomm firmware in CAF Android releases; Android security bulleti...

10CVSS8.8AI score0.00937EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.61 views

CVE-2017-8255

CVE-2017-8255 affects Qualcomm bootloader components in Android CAF builds that use the Linux kernel. The issue is described as an integer overflow in the bootloader, leading to elevation of privilege (EoP) within the kernel context. Public sources in the provided documents identify the vulnerabi...

9.3CVSS7.4AI score0.00483EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.61 views

CVE-2017-8260

CVE-2017-8260 is a Qualcomm component issue mapped to the Camera driver in Qualcomm parts. Root cause: a type downcast in CAF Linux kernel code allows a value to bypass validation, enabling an out-of-bounds write. Impact: local kernel context elevation via the Camera driver (per the CVE entry in ...

7.8CVSS7.3AI score0.00534EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21326

Summary of CVE-2023-21326 : This Android vulnerability affects the Package Manager Service and allows a local attacker to determine whether an app is installed without query permissions, via a side-channel information disclosure. The impact is information disclosure (confidentiality) with no user...

5.5CVSS5.6AI score0.00088EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21362

CVE-2023-21362 affects Google Android (Android Framework). The issue is a DoS caused by resource exhaustion that can lead to local denial of service without extra privileges. The available documents cite it as a Framework DoS in Android 14 release notes, with no exploitation details provided. Mit...

5.5CVSS5.6AI score0.0008EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.61 views

CVE-2023-21364

CVE-2023-21364 affects Android’s ContactsProvider, causing a crash loop through resource exhaustion that can lead to local persistent DoS in the Phone app. The vulnerability is connected to the ContactsProvider component and is exploitable with local access and low privileges, without user intera...

5.5CVSS5.5AI score0.00085EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.61 views

CVE-2023-21398

CVE-2023-21398 affects the Android ecosystem with a logic error in the sdksandbox component that enables a strandhogg-style overlay attack, leading to local elevation of privilege without extra execution privileges and with no user interaction required. Multiple sources (NVD, Red Hat, CNVD, CN) d...

7.8CVSS7.8AI score0.00116EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.60 views

CVE-2017-0863

CVE-2017-0863 is an elevation-of-privilege vulnerability in the Upstream kernel video driver affecting the Android kernel on Pixel/Nexus devices. The issue enables a local attacker to escalate privileges (local exploit, low attack complexity, no user interaction), with partial confidentiality, in...

7.8CVSS7.2AI score0.00155EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.60 views

CVE-2017-8240

CVE-2017-8240 is described as an off-by-one kernel driver over-read in CAF Android releases using the Linux kernel. Connected Nessus advisories for Unity Linux 20.1050e/20.1060e/20.1070e reference UTSA advisories (UTSA-2026-001627, UTSA-2026-003309, UTSA-2026-002623) noting a security update addr...

9.3CVSS7.3AI score0.00468EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.60 views

CVE-2023-21397

CVE-2023-21397 is documented in Android 14 Framework as an elevation of privilege (EoP) vulnerability. The issue originates from the Setup Wizard where an insecure default value permits saving a Wi‑Fi network, enabling local privilege escalation with no additional execution privileges and no user...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.59 views

CVE-2017-8235

CVE-2017-8235 is listed in Qualcomm component notes as an Elevation of Privilege affecting the Camera driver. The description from the initial document states that in CAF Android releases, a memory structure in a camera driver is not properly protected. The connected Android bulletin entries conf...

5.5CVSS5.8AI score0.00281EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.59 views

CVE-2023-21309

CVE-2023-21309 affects libcore (Android). The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure without extra privileges or user interaction. Exploitation details beyond this are not provided in the supplied documents. No sp...

5.5CVSS5.2AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.59 views

CVE-2023-21312

CVE-2023-21312 affects Android's IntentResolver, enabling cross-user media read via a confused deputy and resulting in local information disclosure without extra privileges. Exploitation is described as non-interactive and local, with no user interaction required and no remote access. There are m...

5.5CVSS5.7AI score0.00088EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.59 views

CVE-2023-21336

CVE-2023-21336 concerns an information disclosure vulnerability in Android’s Input Method, where side-channel information can reveal whether an app is installed without query permissions. The issue is described as a local information disclosure with no extra execution privileges required, and exp...

5.5CVSS5.6AI score0.00101EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.59 views

CVE-2023-21343

CVE-2023-21343 affects Android’s ActivityStarter where an unsafe PendingIntent can trigger a background activity launch, enabling local elevation of privilege without user interaction. Affected component: ActivityStarter (framework). Root cause: unsafe PendingIntent that can be exploited locally....

7.8CVSS7.8AI score0.00103EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.59 views

CVE-2023-21384

CVE-2023-21384 : Affected software is the Android Package Manager. The issue is an information-disclosure vulnerability caused by an unsafe PendingIntent, enabling local information disclosure with low-privilege access. Exploitation requires no user interaction but attacker must have local access...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2020/02/12 7:1 p.m.58 views

CVE-2011-2343

Technical details about CVE-2011-2343 are not publicly provided in the connected documents. Monitor for updates.

2.4CVSS3.7AI score0.00157EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.58 views

CVE-2014-9961

CVE-2014-9961 is disclosed for Android builds from CAF that use the Linux kernel, describing a vulnerability in eMMC write protection that can be exploited to bypass power-on write protection. The issue is exploitable locally (attack vector: local) with user interaction potentially required, and ...

9.3CVSS7.3AI score0.00561EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.58 views

CVE-2016-10346

CVE-2016-10346 describes an integer overflow in the hypervisor of Qualcomm closed‑source components used in Android CAF/Linux kernel. The vulnerability affects Qualcomm hypervisor code in Android devices, with root cause an integer overflow in the hypervisor. According to the provided data, the i...

10CVSS7.9AI score0.00877EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.58 views

CVE-2017-8236

CVE-2017-8236 is a buffer overflow vulnerability in an IPA driver present in CAF Android builds using the Linux kernel. Affected component: IPA driver; Root cause: buffer overflow. Potential impact per CVSS3 metrics is HIGH for confidentiality, integrity, and availability, with LOCAL exploitabili...

9.3CVSS7.7AI score0.00393EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.58 views

CVE-2017-8266

CVE-2017-8266 describes a race condition in the Qualcomm video driver used in CAF Android/Linux kernel variants, potentially leading to a use-after-free. Affected component: video driver within Qualcomm/CAF/Linux kernel stack. Impact details in the CVE notes indicate a partial impact on confident...

7CVSS6.7AI score0.00322EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.58 views

CVE-2023-21313

CVE-2023-21313 affects Android Core with a missing permission check that allows forwarding calls without user knowledge, enabling local elevation of privilege. Exploitation requires Local access; UI interaction is not needed. The CVSSv3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates hig...

7.8CVSS7.8AI score0.00085EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.58 views

CVE-2023-21365

CVE-2023-21365 affects Android’s Phone app, where the Contacts component can enter a crash loop due to resource exhaustion. This leads to a local denial of service with User privileges required and no user interaction needed. Public details from the provided sources confirm the DoS impact and loc...

5.5CVSS5.5AI score0.00081EPSS
Total number of security vulnerabilities334