334 matches found
CVE-2016-10381
CVE-2016-10381 : The issue affects Qualcomm components in Android CAF releases using the Linux kernel, where the UE can send unprotected MeasurementReports that disclose UE location. Connected documents confirm a Qualcomm information-disclosure vulnerability linked to MeasurementReports, with the...
CVE-2023-21377
CVE-2023-21377 : Concrete information shows a local information disclosure via a restriction bypass in the Android SELinux Policy. The issue is triggered by a permissions bypass within the policy, allowing disclosure without extra execution privileges and without user interaction. Exploitation st...
CVE-2023-21387
The CVE-2023-21387 entry concerns Google Android’s User Backup Manager. The connected documents describe a token leakage via log information disclosure that can bypass user confirmation for backups, leading to local information disclosure with System execution privileges potentially required. Thi...
CVE-2023-21390
CVE-2023-21390 is described across multiple sources as a permission bypass in the Android environment related to a component labeled as Sim, allowing evasion of mobile-preference restrictions and enabling local privilege escalation without requiring extra execution privileges. Exploitation is rep...
CVE-2024-44100
CVE-2024-44100 relates to information disclosure on Google Pixel devices prior to 2024-10-05, specifically in the modem component (A-299774545). The issue stems from a vulnerability in the Pixel modem that enables leakage of information, with a CVSS v3.1 base score of 7.5 (High). Affected product...
CVE-2024-47020
CVE-2024-47020 affects Google Pixel devices running Android prior to the 2024-10-05 patch level, with the vulnerability classified as Information Disclosure in the ABL component (A-331966488). Public descriptors identify an information disclosure bug in ABL on Pixel hardware, but the available do...
CVE-2022-39913
CVE-2022-39913 concerns the Exposure of Sensitive Information to an Unauthorized Actor in Samsung’s Persona Manager prior to Android T(13). The issue arises from a data exposure that allows a local attacker to access user profiles information. Affected product/area: Persona Manager on devices run...
CVE-2023-21392
CVE-2023-21392 concerns a memory corruption vulnerability in Bluetooth, caused by a use-after-free in the Bluetooth stack that can enable local privilege escalation when pairing/connecting to a Bluetooth device. Exploitation does not require user interaction and does not need pre-existing executi...
CVE-2015-1530
The CVE-2015-1530 issue affects Android’s media/libmedia/IAudioPolicyService.cpp prior to Android 5.1. It describes an integer overflow in BnAudioPolicyService::onTransact that can be exploited by a crafted application with an invalid array size to either execute arbitrary code with media_server ...
CVE-2022-39914
The CVE-2022-39914 entry describes an information-disclosure vulnerability in Samsung DisplayManagerService prior to Android T (13). A local attacker could access information about connected DLNA devices due to exposure of sensitive data by DisplayManagerService. The available sources indicate th...
CVE-2023-21382
This CVE (CVE-2023-21382) concerns Android’s Content Resolver allowing local information disclosure due to a missing permission check. Affected: Android devices (Content Resolver metadata about content providers). Root cause: insufficient permission validation on access to content provider metada...
CVE-2016-1948
Mozilla Firefox for Android before 44.0 is vulnerable to MITM during lightweight-theme installation because it may not require HTTPS for the client-server data stream, allowing an attacker to replace theme images/colors. Connected advisories indicate this is a real vulnerability affecting Firefox...
CVE-2023-21367
CVE-2023-21367 concerns the Android Scudo memory allocator. The connected documents confirm a heap OOB read/write due to an insecure implementation/design, enabling local information disclosure without extra execution privileges and with no user interaction required. The Android 14 security relea...
CVE-2022-39912
CVE-2022-39912 describes an improper handling of permissions in the Android PersonaManagerService; prior to Android T(13), setSecureFolderPolicy can be exploited locally to modify settings in Secure Folder. The issue arises from insufficient permission checks in the affected function, enabling a ...
CVE-2023-21393
CVE-2023-21393 is a local elevation of privilege in Android Settings caused by a missing permission check that could allow a user to change the SIM without interaction. Exploitation is described as local with no user interaction and the impact is elevated permissions with high confidentiality, in...
CVE-2025-20980
The CVE-2025-20980 entry concerns Samsung/libsavscmn with an out-of-bounds write that leads to memory corruption on devices running Android prior to 15. Affected component: libsavscmn (memory corruption vulnerability). Root cause: out-of-bounds write. Impact: local attackers could trigger memory ...
CVE-2023-21319
CVE-2023-21319 affects Android (UsageStatsService) and describes a side-channel information disclosure that could allow reading installed 3rd‑party apps. The root cause is local information disclosure without additional privileges or user interaction. The Android 14 Security Release Notes list th...
CVE-2023-21391
CVE-2023-21391 is documented in Android 14 release notes as a DoS affecting the System area, attributed to improper input validation in the Messaging context. The impact is remote denial of service without user interaction or elevated privileges, with a network-based attack vector (AV:N, PR:N, UI...
CVE-2015-5573
CVE-2015-5573 is a Type Confusion vulnerability affecting Adobe Flash Player prior to 18.0.0.241 and 19.x prior to 19.0.0.185 on Windows/macOS, and prior to 11.2.202.521 on Linux, plus affected AIR/SDK components. The root cause is a type confusion error that could allow an attacker to execute ar...
CVE-2023-21375
CVE-2023-21375 affects Sysproxy with an out-of-bounds write caused by an integer underflow. The vulnerability enables local privilege escalation without extra execution privileges and does not require user interaction. Public documentation reports this issue but provides no concrete exploit detai...
CVE-2023-21376
CVE-2023-21376 affects Android Telephony and is described as a logic error that allows local information disclosure by retrieving the ICCID without requiring user interaction. The primary impact is information disclosure with a high confidentiality impact and no demonstrated exploitation details ...
CVE-2022-20264
CVE-2022-20264 affects Android’s Usage Stats Service . The vulnerability describes a side-channel disclosure that can reveal whether an app is installed without requiring query permissions. The resulting exposure is a local information disclosure with no additional execution privileges, and explo...
CVE-2023-21369
CVE-2023-21369 concerns Android: a permissions bypass in Usage Access that can cause a local denial of service by displaying a Settings usage access restriction toggle screen. Exploitation requires user interaction but not remote code execution; impact is limited to DoS on the device. Affected co...
CVE-2016-1940
CVE-2016-1940 affects Mozilla Firefox on Android (pre-44.0). A data: URL mishandling during shortcut opening or BOOKMARK/intent processing allows remote attackers to spoof the address bar. Affected: Firefox on Android before 44.0. Impact: address-bar spoofing. Mitigation: upgrade to Firefox 44.0 ...
CVE-2023-21315
CVE-2023-21315 describes a heap-based out-of-bounds read in Bluetooth that could cause remote information disclosure without requireing privileges or user interaction. The NVD entry assigns CVSSv3.1: AV=Adjacent, AC=L, PR=NONE, UI=NONE, S=U, C=H, I=N, A=N with a base score of 6.5 (Medium). The A...
CVE-2023-21385
CVE-2023-21385 describes a memory corruption–related out-of-bounds read in Whitechapel that could enable local information disclosure without user interaction. The vulnerability is classified as a local issue with a high potential impact on confidentiality, per the NVD entry (CVSS v3.1: 5.5, MEDI...
CVE-2025-20979
CVE-2025-20979 concerns an out-of-bounds write in Samsung’s libsavscmn prior to Android 15. Affected component: libsavscmn (cell phone software). Root cause: an out-of-bounds write issue that enables local attackers to execute arbitrary code. Impact: high (local code execution with high confident...
CVE-2016-10385
CVE-2016-10385 is a high-severity use-after-free in IMS RCS across Qualcomm Android CAF builds using the Linux kernel. Public docs note a remote-exploitable condition with critical impact ( CVSSv3 9.8 ). The vulnerability affects Qualcomm firmware in CAF Android releases; Android security bulleti...
CVE-2017-8255
CVE-2017-8255 affects Qualcomm bootloader components in Android CAF builds that use the Linux kernel. The issue is described as an integer overflow in the bootloader, leading to elevation of privilege (EoP) within the kernel context. Public sources in the provided documents identify the vulnerabi...
CVE-2017-8260
CVE-2017-8260 is a Qualcomm component issue mapped to the Camera driver in Qualcomm parts. Root cause: a type downcast in CAF Linux kernel code allows a value to bypass validation, enabling an out-of-bounds write. Impact: local kernel context elevation via the Camera driver (per the CVE entry in ...
CVE-2023-21326
Summary of CVE-2023-21326 : This Android vulnerability affects the Package Manager Service and allows a local attacker to determine whether an app is installed without query permissions, via a side-channel information disclosure. The impact is information disclosure (confidentiality) with no user...
CVE-2023-21362
CVE-2023-21362 affects Google Android (Android Framework). The issue is a DoS caused by resource exhaustion that can lead to local denial of service without extra privileges. The available documents cite it as a Framework DoS in Android 14 release notes, with no exploitation details provided. Mit...
CVE-2023-21364
CVE-2023-21364 affects Android’s ContactsProvider, causing a crash loop through resource exhaustion that can lead to local persistent DoS in the Phone app. The vulnerability is connected to the ContactsProvider component and is exploitable with local access and low privileges, without user intera...
CVE-2023-21398
CVE-2023-21398 affects the Android ecosystem with a logic error in the sdksandbox component that enables a strandhogg-style overlay attack, leading to local elevation of privilege without extra execution privileges and with no user interaction required. Multiple sources (NVD, Red Hat, CNVD, CN) d...
CVE-2017-0863
CVE-2017-0863 is an elevation-of-privilege vulnerability in the Upstream kernel video driver affecting the Android kernel on Pixel/Nexus devices. The issue enables a local attacker to escalate privileges (local exploit, low attack complexity, no user interaction), with partial confidentiality, in...
CVE-2017-8240
CVE-2017-8240 is described as an off-by-one kernel driver over-read in CAF Android releases using the Linux kernel. Connected Nessus advisories for Unity Linux 20.1050e/20.1060e/20.1070e reference UTSA advisories (UTSA-2026-001627, UTSA-2026-003309, UTSA-2026-002623) noting a security update addr...
CVE-2023-21397
CVE-2023-21397 is documented in Android 14 Framework as an elevation of privilege (EoP) vulnerability. The issue originates from the Setup Wizard where an insecure default value permits saving a Wi‑Fi network, enabling local privilege escalation with no additional execution privileges and no user...
CVE-2017-8235
CVE-2017-8235 is listed in Qualcomm component notes as an Elevation of Privilege affecting the Camera driver. The description from the initial document states that in CAF Android releases, a memory structure in a camera driver is not properly protected. The connected Android bulletin entries conf...
CVE-2023-21309
CVE-2023-21309 affects libcore (Android). The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure without extra privileges or user interaction. Exploitation details beyond this are not provided in the supplied documents. No sp...
CVE-2023-21312
CVE-2023-21312 affects Android's IntentResolver, enabling cross-user media read via a confused deputy and resulting in local information disclosure without extra privileges. Exploitation is described as non-interactive and local, with no user interaction required and no remote access. There are m...
CVE-2023-21336
CVE-2023-21336 concerns an information disclosure vulnerability in Android’s Input Method, where side-channel information can reveal whether an app is installed without query permissions. The issue is described as a local information disclosure with no extra execution privileges required, and exp...
CVE-2023-21343
CVE-2023-21343 affects Android’s ActivityStarter where an unsafe PendingIntent can trigger a background activity launch, enabling local elevation of privilege without user interaction. Affected component: ActivityStarter (framework). Root cause: unsafe PendingIntent that can be exploited locally....
CVE-2023-21384
CVE-2023-21384 : Affected software is the Android Package Manager. The issue is an information-disclosure vulnerability caused by an unsafe PendingIntent, enabling local information disclosure with low-privilege access. Exploitation requires no user interaction but attacker must have local access...
CVE-2011-2343
Technical details about CVE-2011-2343 are not publicly provided in the connected documents. Monitor for updates.
CVE-2014-9961
CVE-2014-9961 is disclosed for Android builds from CAF that use the Linux kernel, describing a vulnerability in eMMC write protection that can be exploited to bypass power-on write protection. The issue is exploitable locally (attack vector: local) with user interaction potentially required, and ...
CVE-2016-10346
CVE-2016-10346 describes an integer overflow in the hypervisor of Qualcomm closed‑source components used in Android CAF/Linux kernel. The vulnerability affects Qualcomm hypervisor code in Android devices, with root cause an integer overflow in the hypervisor. According to the provided data, the i...
CVE-2017-8236
CVE-2017-8236 is a buffer overflow vulnerability in an IPA driver present in CAF Android builds using the Linux kernel. Affected component: IPA driver; Root cause: buffer overflow. Potential impact per CVSS3 metrics is HIGH for confidentiality, integrity, and availability, with LOCAL exploitabili...
CVE-2017-8266
CVE-2017-8266 describes a race condition in the Qualcomm video driver used in CAF Android/Linux kernel variants, potentially leading to a use-after-free. Affected component: video driver within Qualcomm/CAF/Linux kernel stack. Impact details in the CVE notes indicate a partial impact on confident...
CVE-2023-21313
CVE-2023-21313 affects Android Core with a missing permission check that allows forwarding calls without user knowledge, enabling local elevation of privilege. Exploitation requires Local access; UI interaction is not needed. The CVSSv3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates hig...
CVE-2023-21365
CVE-2023-21365 affects Android’s Phone app, where the Contacts component can enter a crash loop due to resource exhaustion. This leads to a local denial of service with User privileges required and no user interaction needed. Public details from the provided sources confirm the DoS impact and loc...