Lucene search

K

887 matches found

CVE
CVE
added 2020/08/11 8:15 p.m.66 views

CVE-2020-0248

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android I...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/08/11 8:15 p.m.66 views

CVE-2020-0249

In postInstantAppNotif of InstantAppNotifier.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.66 views

CVE-2020-0390

In the app zygote SE Policy, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157598026

5.5CVSS5AI score0.00013EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.66 views

CVE-2020-0392

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Androi...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.66 views

CVE-2020-0410

In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.66 views

CVE-2020-0413

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.5CVSS7AI score0.01617EPSS
CVE
CVE
added 2020/12/14 10:15 p.m.66 views

CVE-2020-0467

In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue. This could lead to local information disclosure of secure network traffic over a non-VPN link with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.66 views

CVE-2021-0328

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ...

7.8CVSS7.6AI score0.00022EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.66 views

CVE-2021-0331

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.Product: Andro...

7.3CVSS7.2AI score0.00035EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.66 views

CVE-2021-0392

In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730

7.8CVSS7.8AI score0.00029EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.66 views

CVE-2021-0595

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.8CVSS7.7AI score0.00023EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.66 views

CVE-2021-0596

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

7.8CVSS7AI score0.00884EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.66 views

CVE-2021-0644

In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Prod...

5.5CVSS5.1AI score0.00036EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.65 views

CVE-2019-9401

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115375248

7.5CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2020/03/10 9:15 p.m.65 views

CVE-2020-0047

In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311

3.3CVSS5AI score0.00031EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.65 views

CVE-2020-0393

In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 A...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.65 views

CVE-2020-0396

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 And...

5.5CVSS5AI score0.00014EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.65 views

CVE-2020-0421

In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 ...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2020/11/10 1:15 p.m.65 views

CVE-2020-0438

In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

7.8CVSS7.9AI score0.00015EPSS
CVE
CVE
added 2020/11/10 1:15 p.m.65 views

CVE-2020-0451

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Androi...

9.3CVSS8.9AI score0.02865EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.65 views

CVE-2021-0390

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interacti...

7.8CVSS7.6AI score0.00067EPSS
CVE
CVE
added 2021/04/13 7:15 p.m.65 views

CVE-2021-0436

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android...

5.5CVSS5AI score0.00029EPSS
CVE
CVE
added 2021/04/13 7:15 p.m.65 views

CVE-2021-0443

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation...

4.7CVSS4.3AI score0.00025EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.65 views

CVE-2021-0686

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is ...

5.5CVSS5AI score0.00033EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9243

In wpa_supplicant_8, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120905706

5.5CVSS5.6AI score0.00017EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9398

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115745406

7.5CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9412

In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.64 views

CVE-2019-9432

In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Androi...

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2020/06/10 6:15 p.m.64 views

CVE-2020-0117

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Andr...

10CVSS9.2AI score0.00873EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.64 views

CVE-2020-0377

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7AI score0.02028EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.64 views

CVE-2021-0466

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

7.5CVSS7.1AI score0.00576EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.64 views

CVE-2021-0650

In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.1CVSS6.1AI score0.00467EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9247

In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9303

In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112661057

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9338

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762686

6.5CVSS6.1AI score0.00279EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.63 views

CVE-2019-9396

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747155

7.5CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-2086

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-114735603

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-9233

In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122529021

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-9239

In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121263487

5CVSS5.3AI score0.00017EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-9297

In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112890242

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.62 views

CVE-2019-9349

In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124330204

7.1CVSS6.8AI score0.00346EPSS
CVE
CVE
added 2021/04/13 7:15 p.m.62 views

CVE-2021-0431

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

7.5CVSS7AI score0.01559EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.62 views

CVE-2021-0927

In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.61 views

CVE-2019-2065

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118143575

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.61 views

CVE-2019-9237

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-121325979

6.5CVSS6.4AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.61 views

CVE-2019-9322

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111128067

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2019/09/27 7:15 p.m.61 views

CVE-2019-9421

In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250

5CVSS5.3AI score0.00017EPSS
CVE
CVE
added 2020/01/08 7:15 p.m.61 views

CVE-2020-0007

In flattenString8 of Sensor.cpp, there is a possible information disclosure of heap memory due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8...

5.5CVSS5.1AI score0.00017EPSS
CVE
CVE
added 2020/05/14 9:15 p.m.61 views

CVE-2020-0103

In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Andro...

10CVSS9.2AI score0.0301EPSS
CVE
CVE
added 2020/06/11 3:15 p.m.61 views

CVE-2020-0187

In engineSetMode of BaseBlockCipher.java, there is a possible incorrect cryptographic algorithm chosen due to an incomplete comparison. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

5.5CVSS5.8AI score0.00033EPSS
Total number of security vulnerabilities887