Lucene search

K
GoogleAndroid12.1

516 matches found

CVE
CVE
added 2022/03/30 4:15 p.m.70 views

CVE-2021-39755

In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed...

5.5CVSS5.4AI score0.00014EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.70 views

CVE-2023-21240

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00019EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.70 views

CVE-2024-31311

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.0004EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.70 views

CVE-2024-31322

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2022/05/10 9:15 p.m.69 views

CVE-2021-39738

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Andr...

7.8CVSS7.6AI score0.00022EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.68 views

CVE-2021-39739

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-1845251...

3.3CVSS4.2AI score0.00015EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.67 views

CVE-2021-39759

In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-180200830

7.8CVSS7.9AI score0.00015EPSS
CVE
CVE
added 2023/01/26 9:18 p.m.67 views

CVE-2023-20908

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 An...

5.5CVSS5.3AI score0.00037EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.67 views

CVE-2023-21243

In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5.5AI score0.00014EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.67 views

CVE-2023-40083

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00077EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.67 views

CVE-2024-34719

In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS6.9AI score0.00008EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.67 views

CVE-2024-34720

In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with ...

7.8CVSS7.5AI score0.00005EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.67 views

CVE-2024-40662

In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.00013EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.67 views

CVE-2024-43089

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.1AI score0.00009EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.66 views

CVE-2021-39752

In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-202756848

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.66 views

CVE-2024-34721

In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6AI score0.00012EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.66 views

CVE-2024-34740

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.0004EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.65 views

CVE-2021-39764

In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12L...

7.8CVSS7.8AI score0.00056EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.64 views

CVE-2021-39744

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploit...

5.5CVSS5.4AI score0.00014EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.64 views

CVE-2021-39751

In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.64 views

CVE-2021-39753

In DomainVerificationService, there is a possible way to access app domain verification information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

5.5CVSS5.5AI score0.00015EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.64 views

CVE-2021-39771

In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS7.9AI score0.00089EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.64 views

CVE-2022-20205

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.1AI score0.00017EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.64 views

CVE-2023-21247

In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2025/01/21 11:15 p.m.64 views

CVE-2024-34730

In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00011EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.64 views

CVE-2024-40652

In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploi...

7.8CVSS7.1AI score0.00008EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.63 views

CVE-2021-39790

In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:...

7.8CVSS7.8AI score0.00049EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.63 views

CVE-2024-40657

In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.0001EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.63 views

CVE-2024-43080

In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.2AI score0.00065EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.63 views

CVE-2024-43085

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.3AI score0.00009EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.62 views

CVE-2021-39768

In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersion...

7.8CVSS7.8AI score0.00015EPSS
CVE
CVE
added 2022/06/15 10:15 p.m.62 views

CVE-2022-20203

In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00015EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.62 views

CVE-2024-40661

In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.1AI score0.00008EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.62 views

CVE-2024-43084

In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6.5AI score0.0001EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.61 views

CVE-2024-43088

In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed....

8.4CVSS7.3AI score0.00029EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.61 views

CVE-2024-43090

In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.

5CVSS6.2AI score0.00037EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.60 views

CVE-2021-39789

In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906

7.8CVSS7.8AI score0.00014EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.60 views

CVE-2024-43082

In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.2AI score0.0001EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.59 views

CVE-2024-43083

In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6.7AI score0.00013EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.59 views

CVE-2024-43086

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

5.5CVSS6.5AI score0.00009EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.58 views

CVE-2021-39806

In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User intera...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.58 views

CVE-2024-43081

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.00013EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.58 views

CVE-2024-43087

In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges ne...

8.4CVSS7.4AI score0.00011EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.57 views

CVE-2022-20201

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...

6.7CVSS6.6AI score0.00012EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.57 views

CVE-2024-40654

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.2AI score0.00008EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.56 views

CVE-2021-39767

In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

7.8CVSS7.9AI score0.00015EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.56 views

CVE-2022-20195

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172...

5CVSS5AI score0.00015EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.55 views

CVE-2022-20196

In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148

5CVSS4.7AI score0.00017EPSS
CVE
CVE
added 2022/03/30 4:15 p.m.54 views

CVE-2021-1000

In createBluetoothDeviceSlice of ConnectedDevicesSliceProvider.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

7.8CVSS7.9AI score0.00014EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.54 views

CVE-2022-20204

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo...

7.8CVSS7.6AI score0.00014EPSS
Total number of security vulnerabilities516