Lucene search

K

596 matches found

CVE
CVE
added 2022/07/13 7:15 p.m.122 views

CVE-2022-20222

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid I...

10CVSS9.3AI score0.01562EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.122 views

CVE-2023-20943

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.7AI score0.00021EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.121 views

CVE-2022-20361

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

9.8CVSS9AI score0.02345EPSS
CVE
CVE
added 2023/01/26 9:15 p.m.121 views

CVE-2022-20461

In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7.6AI score0.00038EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.121 views

CVE-2023-20909

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11...

5.5CVSS5.4AI score0.00062EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.121 views

CVE-2023-21111

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

6.2CVSS5.3AI score0.00015EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.120 views

CVE-2021-39709

In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.120 views

CVE-2022-20220

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid I...

7.8CVSS7.7AI score0.00007EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.120 views

CVE-2024-31320

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00722EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.119 views

CVE-2021-39664

In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersio...

5.5CVSS5AI score0.00018EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.119 views

CVE-2021-39674

In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12An...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.119 views

CVE-2022-20135

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndr...

7.8CVSS7.6AI score0.00057EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.119 views

CVE-2023-21252

In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.118 views

CVE-2021-39662

In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitatio...

7.8CVSS7.8AI score0.00012EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.118 views

CVE-2021-39700

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.118 views

CVE-2022-20116

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 And...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.118 views

CVE-2022-20357

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-...

5.5CVSS5.1AI score0.00024EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.118 views

CVE-2023-21250

In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS9.5AI score0.00631EPSS
CVE
CVE
added 2025/01/28 8:15 p.m.118 views

CVE-2024-40672

In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS7.4AI score0.00009EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.117 views

CVE-2023-21103

In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 ...

5.5CVSS5.3AI score0.00031EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.117 views

CVE-2023-40117

In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00005EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.116 views

CVE-2021-39671

In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID...

6.5CVSS6.2AI score0.00196EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.116 views

CVE-2021-39696

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-18...

7.8CVSS7.6AI score0.00018EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.116 views

CVE-2021-39809

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.5CVSS7AI score0.00289EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.116 views

CVE-2022-20138

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User ...

7.8CVSS7.6AI score0.00023EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.115 views

CVE-2021-39670

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12...

5.5CVSS5.3AI score0.00024EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.115 views

CVE-2022-20350

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not need...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.115 views

CVE-2023-20932

In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

3.3CVSS3.6AI score0.00013EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.115 views

CVE-2023-20950

In AlarmManagerActivity of AlarmManagerActivity.java, there is a possible way to bypass background activity launch restrictions via a pendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...

7.8CVSS7.6AI score0.00003EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.115 views

CVE-2023-40135

In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.114 views

CVE-2021-39798

In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-...

7.8CVSS7.9AI score0.00013EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.114 views

CVE-2021-39804

In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android...

6.5CVSS6.4AI score0.00127EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.114 views

CVE-2022-20352

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not neede...

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.114 views

CVE-2022-20453

In update of MmsProvider.java, there is a possible constriction of directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.114 views

CVE-2022-20474

In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.8AI score0.00158EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.114 views

CVE-2023-21107

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 An...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.114 views

CVE-2023-21115

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

8.8CVSS8.6AI score0.00015EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.114 views

CVE-2023-40077

In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS8.2AI score0.09958EPSS
CVE
CVE
added 2024/03/11 5:15 p.m.114 views

CVE-2024-0050

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.7AI score0.00021EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.114 views

CVE-2024-23713

In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi...

7.8CVSS7AI score0.00025EPSS
CVE
CVE
added 2025/01/21 11:15 p.m.114 views

CVE-2024-43770

In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.2AI score0.00008EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.113 views

CVE-2021-39691

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.3CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.113 views

CVE-2021-39797

In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.113 views

CVE-2022-20224

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure in the Bluetooth stack with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...

7.5CVSS7AI score0.00763EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.113 views

CVE-2022-20228

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12L...

6.5CVSS6.4AI score0.00265EPSS
CVE
CVE
added 2023/08/14 9:15 p.m.113 views

CVE-2023-21267

In multiple functions of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00005EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.113 views

CVE-2024-31316

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.00041EPSS
CVE
CVE
added 2022/04/12 5:15 p.m.112 views

CVE-2021-39805

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

6.5CVSS6.1AI score0.00084EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.112 views

CVE-2022-20479

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.112 views

CVE-2022-20500

In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-...

5.5CVSS5.3AI score0.0002EPSS
Total number of security vulnerabilities596