Lucene search

K

596 matches found

CVE
CVE
added 2022/08/10 8:15 p.m.369 views

CVE-2022-20345

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

8.8CVSS8.8AI score0.01046EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.360 views

CVE-2023-21282

In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS8.9AI score0.00804EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.352 views

CVE-2023-21265

In multiple locations, there are root CA certificates which need to be disabled. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS7.2AI score0.00152EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.345 views

CVE-2024-31317

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.3AI score0.07032EPSS
CVE
CVE
added 2025/01/28 8:15 p.m.281 views

CVE-2024-40673

In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitatio...

6.5CVSS8.7AI score0.00072EPSS
CVE
CVE
added 2025/01/28 8:15 p.m.277 views

CVE-2024-40676

In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat...

7.7CVSS7.5AI score0.00066EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.271 views

CVE-2023-21085

In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

8.8CVSS8.7AI score0.00032EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.268 views

CVE-2023-20951

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-...

9.8CVSS9.2AI score0.01122EPSS
CVE
CVE
added 2025/01/28 8:15 p.m.247 views

CVE-2024-40675

In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.9AI score0.00037EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.239 views

CVE-2023-20918

In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9AI score0.00709EPSS
CVE
CVE
added 2024/11/13 6:15 p.m.222 views

CVE-2024-43093

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User i...

7.8CVSS7.4AI score0.00017EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.217 views

CVE-2021-0957

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.202 views

CVE-2022-20229

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

10CVSS9.3AI score0.05399EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.193 views

CVE-2021-39665

In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID:...

6.5CVSS6.3AI score0.0038EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.187 views

CVE-2022-20127

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Androi...

10CVSS9.3AI score0.30827EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.185 views

CVE-2021-39692

In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVer...

9.3CVSS7.6AI score0.00052EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.181 views

CVE-2023-20954

In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Androi...

9.8CVSS9.2AI score0.01518EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.177 views

CVE-2023-40088

In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS8.8AI score0.00391EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.166 views

CVE-2021-39704

In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2025/01/21 11:15 p.m.165 views

CVE-2024-49747

In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.5AI score0.00275EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.162 views

CVE-2023-20906

In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privil...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.162 views

CVE-2023-20944

In run of ChooseTypeAndAccountActivity.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

7.8CVSS7.7AI score0.00022EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.161 views

CVE-2023-35671

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional...

5.5CVSS5AI score0.0025EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.160 views

CVE-2021-39807

In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed f...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.160 views

CVE-2022-20353

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.159 views

CVE-2021-39803

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 And...

6.5CVSS6.1AI score0.00265EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.158 views

CVE-2021-39701

In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User inter...

9.3CVSS7.6AI score0.00038EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.156 views

CVE-2022-20465

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...

4.6CVSS5AI score0.00023EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.155 views

CVE-2022-20114

In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ...

7.8CVSS7.7AI score0.0001EPSS
CVE
CVE
added 2025/01/21 11:15 p.m.155 views

CVE-2024-49749

In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.9AI score0.00108EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.152 views

CVE-2021-39708

In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

10CVSS9.1AI score0.00632EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.149 views

CVE-2021-39697

In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploi...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.149 views

CVE-2021-39706

In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVe...

9.3CVSS7.6AI score0.00062EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.148 views

CVE-2021-39707

In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android...

7.8CVSS7.6AI score0.00029EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.147 views

CVE-2022-20346

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVer...

6.5CVSS6.1AI score0.00273EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.146 views

CVE-2023-21096

In OnWakelockReleased of attribution_processor.cc, there is a use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-254774758

9.8CVSS9.3AI score0.01909EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.145 views

CVE-2021-39796

In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Prod...

7.3CVSS7.2AI score0.00012EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.144 views

CVE-2022-20456

In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.6AI score0.00021EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.144 views

CVE-2022-20489

In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.143 views

CVE-2021-39794

In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed f...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.143 views

CVE-2022-20355

In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 And...

5.5CVSS5.3AI score0.00019EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.140 views

CVE-2021-39624

In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndr...

5.5CVSS5.3AI score0.0003EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.140 views

CVE-2022-20134

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...

7.8CVSS7.7AI score0.00031EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.140 views

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.2AI score0.00004EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.139 views

CVE-2023-40129

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.8AI score0.00052EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.138 views

CVE-2022-20004

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

7.8CVSS7.7AI score0.00025EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.138 views

CVE-2022-20481

In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Androi...

5.5CVSS5AI score0.00014EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.138 views

CVE-2023-20966

In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12...

7.8CVSS7.8AI score0.00012EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.138 views

CVE-2023-21081

In multiple functions of PackageInstallerService.java and related files, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n...

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.138 views

CVE-2023-40127

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.7AI score0.00023EPSS
Total number of security vulnerabilities596