Lucene search

K
GoogleAndroid10.0

1834 matches found

CVE
CVE
added 2021/01/11 10:15 p.m.98 views

CVE-2021-0311

In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Ve...

7.1CVSS6.2AI score0.00198EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.98 views

CVE-2021-0515

In Factory::CreateStrictFunctionMap of factory.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A...

10CVSS9.3AI score0.03134EPSS
CVE
CVE
added 2022/08/05 4:15 p.m.98 views

CVE-2022-33729

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

5.9CVSS4.1AI score0.00025EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.97 views

CVE-2021-0306

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the android.permission.ACTIVITY_RECOGNITION permission without user confirmation. This could lead to local escalation of privilege with no ...

7.8CVSS7.8AI score0.0001EPSS
CVE
CVE
added 2021/08/17 7:15 p.m.97 views

CVE-2021-0593

In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

7.8CVSS7.6AI score0.00033EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.97 views

CVE-2022-20025

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832.

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2022/05/03 8:15 p.m.97 views

CVE-2022-20110

In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901.

7CVSS7AI score0.00011EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.97 views

CVE-2022-20476

In setEnabledSetting of PackageManager.java, there is a possible way to get the device into an infinite reboot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android...

5.5CVSS5.3AI score0.00023EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.97 views

CVE-2022-20478

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00017EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.97 views

CVE-2022-22266

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

4CVSS4AI score0.00018EPSS
CVE
CVE
added 2023/01/26 9:18 p.m.97 views

CVE-2023-20915

In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.6AI score0.0004EPSS
CVE
CVE
added 2020/06/11 3:15 p.m.96 views

CVE-2020-0181

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ...

7.5CVSS7.6AI score0.10762EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.96 views

CVE-2021-0473

In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-1...

8.8CVSS8.8AI score0.0055EPSS
CVE
CVE
added 2021/08/17 7:15 p.m.96 views

CVE-2021-0641

In getAvailableSubscriptionInfoList of SubscriptionController.java, there is a possible disclosure of unique identifiers due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5AI score0.00026EPSS
CVE
CVE
added 2021/08/17 7:15 p.m.96 views

CVE-2021-0642

In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitatio...

5.5CVSS5.1AI score0.00068EPSS
CVE
CVE
added 2022/04/11 8:15 p.m.96 views

CVE-2022-20081

In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.

5.9CVSS5.5AI score0.0018EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.96 views

CVE-2022-20413

In start of Threads.cpp, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-...

5.5CVSS5AI score0.00068EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.96 views

CVE-2022-20451

In onCallRedirectionComplete of CallsManager.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.96 views

CVE-2022-20470

In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a possible way to bypass background activity launch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...

7.8CVSS7.7AI score0.00005EPSS
CVE
CVE
added 2022/07/06 2:15 p.m.96 views

CVE-2022-21767

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.

8.8CVSS8.4AI score0.00072EPSS
CVE
CVE
added 2023/01/26 9:18 p.m.96 views

CVE-2023-20913

In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is nee...

7.8CVSS7.6AI score0.00026EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.96 views

CVE-2023-20945

In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.95 views

CVE-2020-0380

In allocExcessBits of bitalloc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Andro...

10CVSS9.3AI score0.05022EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.95 views

CVE-2021-0475

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Andro...

8.8CVSS8.9AI score0.00574EPSS
CVE
CVE
added 2021/10/22 2:15 p.m.95 views

CVE-2021-0643

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed fo...

5.5CVSS5.2AI score0.00013EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.95 views

CVE-2021-0934

In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Andro...

5.5CVSS5.3AI score0.0002EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.95 views

CVE-2021-39618

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Pro...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.95 views

CVE-2022-20125

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.2CVSS6.7AI score0.00031EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.95 views

CVE-2022-20221

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV...

6.5CVSS6.1AI score0.00149EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.95 views

CVE-2022-20394

In getInputMethodWindowVisibleHeight of InputMethodManagerService.java, there is a possible way to determine when another app is showing an IME due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is need...

5CVSS4.7AI score0.00038EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.95 views

CVE-2022-20412

In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 And...

6.7CVSS6.5AI score0.00031EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.95 views

CVE-2022-20484

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2022/05/03 9:15 p.m.95 views

CVE-2022-21743

In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108.

7.8CVSS7.7AI score0.00037EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.94 views

CVE-2022-20351

In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 An...

5.5CVSS5.5AI score0.0002EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.93 views

CVE-2021-0509

In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Andro...

7CVSS7AI score0.00029EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.93 views

CVE-2021-0589

In BTM_TryAllocateSCN of btm_scn.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 And...

7.8CVSS7.7AI score0.00028EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.93 views

CVE-2021-0930

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

8.8CVSS8.7AI score0.00667EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.93 views

CVE-2021-0931

In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...

5.5CVSS5AI score0.00037EPSS
CVE
CVE
added 2022/05/03 8:15 p.m.93 views

CVE-2022-20084

In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.93 views

CVE-2022-20492

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.7AI score0.00023EPSS
CVE
CVE
added 2020/07/17 9:15 p.m.92 views

CVE-2020-0122

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Pro...

7.2CVSS6.5AI score0.00011EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.92 views

CVE-2021-0397

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 A...

9.8CVSS9.2AI score0.1356EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.92 views

CVE-2021-0516

In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 ...

9.8CVSS9AI score0.01546EPSS
CVE
CVE
added 2021/08/17 7:15 p.m.92 views

CVE-2021-0584

In verifyBufferObject of Parcel.cpp, there is a possible out of bounds read due to an improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Andro...

5.5CVSS5AI score0.0005EPSS
CVE
CVE
added 2021/08/17 7:15 p.m.92 views

CVE-2021-0591

In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: A...

7.3CVSS7.2AI score0.00075EPSS
CVE
CVE
added 2021/10/22 2:15 p.m.92 views

CVE-2021-0706

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

5.5CVSS5.7AI score0.00028EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.92 views

CVE-2021-0889

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 An...

10CVSS9.2AI score0.03655EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.92 views

CVE-2021-39626

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.7AI score0.0002EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.92 views

CVE-2022-20480

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.92 views

CVE-2022-20486

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.7AI score0.00016EPSS
Total number of security vulnerabilities1834