Lucene search

K

848 matches found

CVE
CVE
added 2023/04/19 8:15 p.m.85 views

CVE-2023-21099

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...

7.8CVSS7.6AI score0.00021EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.85 views

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 And...

5.5CVSS5AI score0.00012EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.85 views

CVE-2023-21244

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.85 views

CVE-2023-21292

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.85 views

CVE-2023-35679

In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5AI score0.00031EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.85 views

CVE-2023-40087

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.7AI score0.00079EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.85 views

CVE-2023-40097

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.7AI score0.00029EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.84 views

CVE-2020-0408

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8....

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2020/11/10 1:15 p.m.84 views

CVE-2020-0424

In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.84 views

CVE-2021-39627

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

7.8CVSS7.7AI score0.00009EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.84 views

CVE-2021-39676

In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.84 views

CVE-2022-20225

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A...

5.5CVSS5AI score0.00036EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.84 views

CVE-2023-21142

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

5.5CVSS5.1AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.84 views

CVE-2023-21275

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.83 views

CVE-2021-0312

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-...

7.1CVSS6.2AI score0.00198EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.83 views

CVE-2021-0336

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User interaction is not needed for exploitation.Product: ...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.83 views

CVE-2021-0476

In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10An...

7CVSS7AI score0.00028EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.83 views

CVE-2021-0510

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 And...

7.8CVSS7.7AI score0.00027EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.83 views

CVE-2021-0514

In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

9.3CVSS8.3AI score0.02006EPSS
CVE
CVE
added 2021/10/22 2:15 p.m.83 views

CVE-2021-0651

In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVe...

5.5CVSS5.5AI score0.00028EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.83 views

CVE-2021-0688

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 ...

7CVSS6.9AI score0.00006EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.83 views

CVE-2021-39628

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

3.3CVSS3.6AI score0.00054EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.83 views

CVE-2023-20957

In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.83 views

CVE-2023-40130

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.82 views

CVE-2020-0245

In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11...

9.3CVSS8.1AI score0.041EPSS
CVE
CVE
added 2021/04/13 7:15 p.m.82 views

CVE-2021-0433

In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges needed. User interacti...

8CVSS7.8AI score0.00008EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.82 views

CVE-2021-0690

In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Andro...

6.5CVSS6.4AI score0.00888EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.82 views

CVE-2021-0953

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for ex...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.82 views

CVE-2022-20142

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.9AI score0.00037EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.82 views

CVE-2023-20993

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.82 views

CVE-2023-21087

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

5.5CVSS5.3AI score0.00032EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.82 views

CVE-2023-35666

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.82 views

CVE-2023-40095

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.82 views

CVE-2023-40136

In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.81 views

CVE-2021-0325

In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-...

9.3CVSS8.9AI score0.041EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.81 views

CVE-2021-0599

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5.1AI score0.00031EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.81 views

CVE-2021-39622

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 A...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.81 views

CVE-2021-39629

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 And...

7CVSS7AI score0.0003EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.81 views

CVE-2023-21109

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.81 views

CVE-2023-35665

In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.81 views

CVE-2023-40075

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for expl...

5.5CVSS5.3AI score0.00066EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.80 views

CVE-2021-0333

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting. This could lead to local escalation of privilege with User execution privileges needed. User inte...

7.3CVSS7.2AI score0.00009EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.80 views

CVE-2021-0396

In Builtins::Generate_ArgumentsAdaptorTrampoline of builtins-arm.cc and related files, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is no...

9.8CVSS9.3AI score0.06242EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.80 views

CVE-2021-0970

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 ...

7.8CVSS7.6AI score0.00021EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.80 views

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

5.5CVSS5.1AI score0.00003EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.80 views

CVE-2023-21246

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.80 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5.4AI score0.00015EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.80 views

CVE-2023-40091

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.79 views

CVE-2020-0381

In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.5CVSS7.1AI score0.01617EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.79 views

CVE-2021-0480

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

5.5CVSS5AI score0.00069EPSS
Total number of security vulnerabilities848