Lucene search

K

887 matches found

CVE
CVE
added 2022/12/13 4:15 p.m.124 views

CVE-2022-20472

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 ...

9.8CVSS9.2AI score0.48038EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.123 views

CVE-2022-20360

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android...

7.8CVSS7.6AI score0.00054EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.122 views

CVE-2022-20112

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...

5.5CVSS5.6AI score0.00012EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.122 views

CVE-2022-20143

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

5.5CVSS5.3AI score0.00046EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.122 views

CVE-2023-20943

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.7AI score0.00021EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.121 views

CVE-2022-20361

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

9.8CVSS9AI score0.02345EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.121 views

CVE-2022-20461

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7.6AI score0.00038EPSS
CVE
CVE
added 2019/10/11 7:15 p.m.120 views

CVE-2019-2185

In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Andr...

9.3CVSS8.7AI score0.0037EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.120 views

CVE-2021-39663

In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.119 views

CVE-2021-39674

In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12An...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.119 views

CVE-2022-20135

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndr...

7.8CVSS7.6AI score0.00057EPSS
CVE
CVE
added 2021/02/03 12:15 a.m.118 views

CVE-2021-0352

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809.

4.4CVSS4.8AI score0.00015EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.118 views

CVE-2021-39700

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/06/11 3:15 p.m.116 views

CVE-2020-0213

In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: And...

6.5CVSS6.5AI score0.0041EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.116 views

CVE-2021-39696

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-18...

7.8CVSS7.6AI score0.00018EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.116 views

CVE-2021-39809

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.5CVSS7AI score0.00289EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.116 views

CVE-2022-20138

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User ...

7.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.115 views

CVE-2022-20350

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not need...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.115 views

CVE-2023-20932

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.00013EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.114 views

CVE-2022-20453

In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.114 views

CVE-2022-20474

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.8AI score0.00158EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.113 views

CVE-2021-39691

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.3CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.113 views

CVE-2022-20224

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...

7.5CVSS7AI score0.00763EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.112 views

CVE-2021-0928

In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...

7.8CVSS7.7AI score0.00241EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.112 views

CVE-2022-20479

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.112 views

CVE-2022-20500

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-...

5.5CVSS5.3AI score0.0002EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.111 views

CVE-2022-20344

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7CVSS7AI score0.00015EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.111 views

CVE-2022-20441

In navigateUpTo of Task.java, there is a possible way to launch an unexported intent handler due to a logic error in the code. This could lead to local escalation of privilege if the targeted app has an intent trampoline, with no additional execution privileges needed. User interaction is not neede...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.111 views

CVE-2022-20490

In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...

7.8CVSS7.7AI score0.00023EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.110 views

CVE-2021-0318

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: A...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.110 views

CVE-2022-20442

In onCreate of ReviewPermissionsActivity.java, there is a possible way to grant permissions for a separate app with API level < 23 due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitati...

7.3CVSS7.1AI score0.00012EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.110 views

CVE-2023-20933

In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.109 views

CVE-2021-0339

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

9.3CVSS7.6AI score0.00086EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.109 views

CVE-2022-20223

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...

7.8CVSS7.7AI score0.00059EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.109 views

CVE-2022-20473

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 ...

9.8CVSS9.2AI score0.59728EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.109 views

CVE-2022-20485

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.109 views

CVE-2022-20611

In deletePackageVersionedInternal of DeletePackageHelper.java, there is a possible way to bypass carrier restrictions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/01/26 9:18 p.m.109 views

CVE-2023-20920

In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12...

7.8CVSS7.6AI score0.0003EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.108 views

CVE-2021-0481

In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersio...

9.3CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.108 views

CVE-2021-39808

In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is no...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2021/08/17 7:15 p.m.107 views

CVE-2021-0646

In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf into a privileged process's SQL with no additional execution privileges needed. User interaction is n...

7.8CVSS7.8AI score0.00031EPSS
CVE
CVE
added 2022/09/13 8:15 p.m.107 views

CVE-2022-20392

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges ne...

7.8CVSS7.6AI score0.00033EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.107 views

CVE-2022-20450

In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way to bypass user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/01/26 9:18 p.m.107 views

CVE-2023-20905

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10...

7.8CVSS7.7AI score0.00029EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.106 views

CVE-2021-0307

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional executio...

7.8CVSS7.7AI score0.00029EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.106 views

CVE-2021-0954

In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-14355...

7.3CVSS7.3AI score0.00011EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.106 views

CVE-2022-20448

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

5.5CVSS5.6AI score0.00003EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.106 views

CVE-2022-20469

In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...

8.8CVSS8.4AI score0.00024EPSS
CVE
CVE
added 2023/01/26 9:18 p.m.106 views

CVE-2023-20921

In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio...

7.3CVSS7.2AI score0.00075EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.105 views

CVE-2021-0313

In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Andr...

7.8CVSS7.4AI score0.03739EPSS
Total number of security vulnerabilities887