Lucene search

K

848 matches found

CVE
CVE
added 2020/10/14 2:15 p.m.128 views

CVE-2020-0411

In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Andr...

6.5CVSS6.2AI score0.00244EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.128 views

CVE-2022-20133

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

7.8CVSS7.7AI score0.00006EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.127 views

CVE-2022-20130

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Andr...

10CVSS9.5AI score0.55497EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.126 views

CVE-2021-39623

In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 And...

10CVSS9.1AI score0.02519EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.126 views

CVE-2022-20126

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: ...

7.3CVSS7.2AI score0.00018EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.126 views

CVE-2022-20462

In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.126 views

CVE-2023-40116

In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.126 views

CVE-2023-40139

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00023EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.125 views

CVE-2021-0316

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: And...

10CVSS9.3AI score0.0505EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.125 views

CVE-2021-0341

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

7.5CVSS6.9AI score0.01569EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.125 views

CVE-2022-20129

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5.3AI score0.00048EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.124 views

CVE-2021-39667

In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

6.5CVSS6.4AI score0.0038EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.124 views

CVE-2022-20005

In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.124 views

CVE-2022-20230

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: And...

5.5CVSS5.1AI score0.00021EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.124 views

CVE-2022-20347

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr...

8.8CVSS8.6AI score0.00034EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.124 views

CVE-2022-20472

In toLanguageTag of LocaleListCache.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 ...

9.8CVSS9.2AI score0.48038EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.124 views

CVE-2023-40138

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.123 views

CVE-2022-20360

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android...

7.8CVSS7.6AI score0.00054EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.123 views

CVE-2023-21116

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for expl...

6.7CVSS6.6AI score0.00013EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.123 views

CVE-2023-40125

In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.122 views

CVE-2022-20112

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...

5.5CVSS5.6AI score0.00012EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.122 views

CVE-2022-20143

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...

5.5CVSS5.3AI score0.00046EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.122 views

CVE-2023-20943

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.7AI score0.00021EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.121 views

CVE-2022-20361

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

9.8CVSS9AI score0.02345EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.121 views

CVE-2022-20461

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7.6AI score0.00038EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.121 views

CVE-2023-20909

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS5.4AI score0.00062EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.121 views

CVE-2023-21111

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

6.2CVSS5.3AI score0.00015EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.119 views

CVE-2021-39674

In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12An...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.119 views

CVE-2022-20135

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndr...

7.8CVSS7.6AI score0.00057EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.119 views

CVE-2023-21252

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2021/02/03 12:15 a.m.118 views

CVE-2021-0352

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809.

4.4CVSS4.8AI score0.00015EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.118 views

CVE-2021-39662

In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitatio...

7.8CVSS7.8AI score0.00012EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.118 views

CVE-2021-39700

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.118 views

CVE-2023-21250

In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.5AI score0.00631EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.117 views

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 ...

5.5CVSS5.3AI score0.00031EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.117 views

CVE-2023-40117

In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00005EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.116 views

CVE-2021-39696

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-18...

7.8CVSS7.6AI score0.00018EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.116 views

CVE-2021-39809

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.5CVSS7AI score0.00289EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.116 views

CVE-2022-20138

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User ...

7.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.115 views

CVE-2022-20350

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not need...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.115 views

CVE-2023-20932

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.00013EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.115 views

CVE-2023-20950

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...

7.8CVSS7.6AI score0.00003EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.115 views

CVE-2023-40135

In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.114 views

CVE-2021-39804

In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android...

6.5CVSS6.4AI score0.00127EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.114 views

CVE-2022-20453

In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.114 views

CVE-2022-20474

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.8AI score0.00158EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.114 views

CVE-2023-21107

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 An...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.114 views

CVE-2023-21115

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

8.8CVSS8.6AI score0.00015EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.114 views

CVE-2023-40077

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS8.2AI score0.09958EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.113 views

CVE-2021-39691

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.3CVSS7.2AI score0.00053EPSS
Total number of security vulnerabilities848