Lucene search

K

848 matches found

CVE
CVE
added 2021/06/21 5:15 p.m.79 views

CVE-2021-0511

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 And...

7.8CVSS7.6AI score0.00035EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.79 views

CVE-2021-0600

In onCreate of DeviceAdminAdd.java, there is a possible way to mislead a user to activate a device admin app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: Androi...

7.8CVSS7.6AI score0.00049EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.79 views

CVE-2021-0965

In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A...

8.8CVSS8.1AI score0.00037EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.79 views

CVE-2023-21144

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.5CVSS7.4AI score0.18862EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.79 views

CVE-2023-21253

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00058EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.79 views

CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00089EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.78 views

CVE-2020-0398

In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.78 views

CVE-2020-0471

In reassemble_and_dispatch of packet_fragmenter.cc, there is a possible way to inject packets into an encrypted Bluetooth connection due to improper input validation. This could lead to remote escalation of privilege between two Bluetooth devices by a proximal attacker, with no additional execution...

9.8CVSS9AI score0.02455EPSS
CVE
CVE
added 2021/04/13 7:15 p.m.78 views

CVE-2021-0427

In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS7.8AI score0.00016EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.78 views

CVE-2021-0684

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 A...

7.8CVSS7.7AI score0.00025EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.78 views

CVE-2021-39625

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for explo...

7.3CVSS7.4AI score0.00013EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.78 views

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.78 views

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00054EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.77 views

CVE-2020-0394

In onCreate of BluetoothPairingDialog.java, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege and untrusted devices accessing contact lists with no additional execution privileges needed. User interaction is needed for exploitat...

7.8CVSS7.7AI score0.00025EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.77 views

CVE-2020-0412

In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

3.3CVSS3.6AI score0.00011EPSS
CVE
CVE
added 2020/11/10 1:15 p.m.77 views

CVE-2020-0442

In Message and toBundle of Notification.java, there is a possible UI slowdown or crash due to improper input validation. This could lead to remote denial of service if a malicious contact file is received, with no additional execution privileges needed. User interaction is not needed for exploitati...

7.8CVSS7.4AI score0.00805EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.77 views

CVE-2021-0327

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

7.8CVSS7.7AI score0.00008EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.77 views

CVE-2021-0513

In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not...

7.8CVSS7.7AI score0.00007EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.77 views

CVE-2021-0520

In several functions of MemoryFileSystem.cpp and related files, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr...

7CVSS7AI score0.00029EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.77 views

CVE-2021-0653

In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P...

5.5CVSS5.1AI score0.00032EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.77 views

CVE-2021-0964

In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.1CVSS6.4AI score0.00366EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.77 views

CVE-2021-0971

In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Androi...

6.5CVSS6.2AI score0.00244EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.76 views

CVE-2020-0385

In Parse_insh of eas_mdls.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote information disclosure in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Androi...

5.5CVSS5.3AI score0.00136EPSS
CVE
CVE
added 2021/10/22 2:15 p.m.76 views

CVE-2021-0483

In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-1533...

7.8CVSS7.4AI score0.00014EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.76 views

CVE-2021-0604

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidV...

5.5CVSS5AI score0.00029EPSS
CVE
CVE
added 2021/10/22 2:15 p.m.76 views

CVE-2021-0708

In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

7.8CVSS7.3AI score0.00034EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.76 views

CVE-2021-0956

In NfcTag::discoverTechnologies (activation) of NfcTag.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additionalSystem execution privileges needed. User interaction is not needed for exploitation.Product: Andr...

10CVSS8.7AI score0.0081EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.76 views

CVE-2021-39659

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed for...

5.5CVSS5.3AI score0.00015EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.76 views

CVE-2021-39677

In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028

7.5CVSS7.5AI score0.00153EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.76 views

CVE-2023-21086

In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceController.java, there is a possible way to enable NFC from a secondary account due to a permissions bypass. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User i...

7.8CVSS7.6AI score0.00003EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.76 views

CVE-2023-21238

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00029EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.75 views

CVE-2021-0682

In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

5.5CVSS5AI score0.00026EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.75 views

CVE-2021-0689

In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 An...

5.5CVSS5AI score0.0004EPSS
CVE
CVE
added 2021/10/06 3:15 p.m.75 views

CVE-2021-0692

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.75 views

CVE-2021-0704

In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges nee...

5.5CVSS5.2AI score0.00009EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.75 views

CVE-2021-0963

In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: Androi...

7.1CVSS7AI score0.0001EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.75 views

CVE-2023-35668

In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00028EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.75 views

CVE-2023-40090

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.6AI score0.00022EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.75 views

CVE-2023-40092

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00054EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.74 views

CVE-2020-0400

In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 A...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/10/14 2:15 p.m.74 views

CVE-2020-0414

In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: And...

6.5CVSS6.3AI score0.00253EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.74 views

CVE-2021-0314

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersi...

7.3CVSS7.2AI score0.00032EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.74 views

CVE-2021-0434

In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional execut...

7.3CVSS7.1AI score0.0003EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.74 views

CVE-2021-0517

In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution...

7.5CVSS7.3AI score0.00276EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.74 views

CVE-2021-0522

In ConnectionHandler::SdpCb of connection_handler.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

7.5CVSS7AI score0.02159EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.74 views

CVE-2021-39620

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12An...

7.8CVSS7.6AI score0.00015EPSS
CVE
CVE
added 2020/09/17 4:15 p.m.73 views

CVE-2020-0383

In Parse_ins of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure in the media extractor process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: An...

5.5CVSS5.3AI score0.00136EPSS
CVE
CVE
added 2021/02/10 5:15 p.m.73 views

CVE-2021-0329

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product...

7.8CVSS7.7AI score0.00027EPSS
CVE
CVE
added 2021/07/14 2:15 p.m.73 views

CVE-2021-0486

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.73 views

CVE-2021-0505

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID...

7.8CVSS7.6AI score0.00012EPSS
Total number of security vulnerabilities848