Lucene search

K
GoogleAndroid10.0

1835 matches found

CVE
CVE
added 2021/10/22 2:15 p.m.87 views

CVE-2021-0483

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-1533...

7.8CVSS7.4AI score0.00014EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.87 views

CVE-2021-0682

In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

5.5CVSS5AI score0.00026EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.87 views

CVE-2021-0689

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 An...

5.5CVSS5AI score0.0004EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.87 views

CVE-2021-0704

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges nee...

5.5CVSS5.2AI score0.00009EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.87 views

CVE-2021-0963

In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: Androi...

7.1CVSS7AI score0.0001EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.87 views

CVE-2022-20041

In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596.

7.8CVSS7.6AI score0.00013EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.87 views

CVE-2022-23429

An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.

5.3CVSS4.6AI score0.00016EPSS
CVE
CVE
added 2022/03/10 5:47 p.m.87 views

CVE-2022-25819

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.

5.5CVSS5.3AI score0.00018EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.87 views

CVE-2022-44427

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.87 views

CVE-2022-44431

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/02/12 4:15 a.m.87 views

CVE-2022-47339

In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

6.7CVSS7AI score0.00021EPSS
CVE
CVE
added 2020/08/11 8:15 p.m.86 views

CVE-2020-0241

In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 A...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.86 views

CVE-2020-0414

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: And...

6.5CVSS6.3AI score0.00253EPSS
CVE
CVE
added 2020/12/14 10:15 p.m.86 views

CVE-2020-0459

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check. This could lead to local information disclosure of WiFi network names with no additional execution privileges needed. User interaction...

3.3CVSS3.5AI score0.00014EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.86 views

CVE-2021-0314

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersi...

7.3CVSS7.2AI score0.00032EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.86 views

CVE-2021-0486

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.86 views

CVE-2021-0522

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

7.5CVSS7AI score0.02159EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.86 views

CVE-2021-0692

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.86 views

CVE-2022-20036

In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689.

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2022/03/10 5:47 p.m.86 views

CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.

7.1CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2022/03/10 5:47 p.m.86 views

CVE-2022-25822

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.

6.2CVSS6.2AI score0.00016EPSS
CVE
CVE
added 2022/09/06 6:15 p.m.86 views

CVE-2022-26447

In BT firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784478; Issue ID: ALPS06784478.

9.8CVSS9.2AI score0.02749EPSS
CVE
CVE
added 2023/03/07 9:15 p.m.86 views

CVE-2023-20623

In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778.

6.4CVSS6.6AI score0.00016EPSS
CVE
CVE
added 2020/08/11 8:15 p.m.85 views

CVE-2020-0238

In updatePreferenceIntents of AccountTypePreferenceLoader, there is a possible confused deputy attack due to a race condition. This could lead to local escalation of privilege and launching privileged activities with no additional execution privileges needed. User interaction is not needed for expl...

7CVSS6.9AI score0.00007EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.85 views

CVE-2020-0383

In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: An...

5.5CVSS5.3AI score0.00136EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.85 views

CVE-2020-0400

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 A...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/12/14 10:15 p.m.85 views

CVE-2020-0464

In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure. This could lead to local information disclosure of accessed web resources with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

5.5CVSS4.9AI score0.00017EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.85 views

CVE-2021-0329

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product...

7.8CVSS7.7AI score0.00027EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.85 views

CVE-2021-0434

In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execut...

7.3CVSS7.1AI score0.0003EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.85 views

CVE-2021-0590

In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interac...

4.9CVSS4.2AI score0.00014EPSS
CVE
CVE
added 2022/12/06 7:15 a.m.85 views

CVE-2022-42755

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2022/12/06 7:15 a.m.85 views

CVE-2022-42771

In wlan driver, there is a race condition, This could lead to local denial of service in wlan services.

4.7CVSS4.6AI score0.00023EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.85 views

CVE-2022-44425

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.85 views

CVE-2022-44429

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.85 views

CVE-2022-44437

In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS
CVE
CVE
added 2023/03/10 9:15 p.m.85 views

CVE-2022-47459

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2020/08/11 8:15 p.m.84 views

CVE-2020-0243

In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

7.8CVSS7.7AI score0.00028EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.84 views

CVE-2020-0422

In constructImportFailureNotification of NotificationImportExportListener.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitati...

3.3CVSS3.6AI score0.00013EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.84 views

CVE-2021-0305

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 A...

9.3CVSS7.7AI score0.00057EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.84 views

CVE-2021-0334

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.84 views

CVE-2021-39621

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

7.8CVSS7.7AI score0.00009EPSS
CVE
CVE
added 2022/05/03 9:15 p.m.84 views

CVE-2022-20105

In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.

6.7CVSS6.8AI score0.00017EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.84 views

CVE-2022-44432

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2020/01/08 7:15 p.m.83 views

CVE-2020-0002

In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-...

9.3CVSS8.8AI score0.00288EPSS
CVE
CVE
added 2020/03/10 9:15 p.m.83 views

CVE-2020-0045

In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-1412...

6.9CVSS7.1AI score0.00026EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.83 views

CVE-2020-0384

In Parse_art of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5.3AI score0.00136EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.83 views

CVE-2020-0388

In createEmergencyLocationUserNotification of GnssVisibilityControl.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: An...

7.8CVSS7.7AI score0.0001EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.83 views

CVE-2021-0338

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

5.5CVSS5.3AI score0.00012EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.83 views

CVE-2021-0477

In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.83 views

CVE-2021-0586

In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS7.6AI score0.00028EPSS
Total number of security vulnerabilities1835