Lucene search

K

596 matches found

CVE
CVE
added 2022/12/13 4:15 p.m.92 views

CVE-2022-20480

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.92 views

CVE-2022-20486

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.92 views

CVE-2022-20488

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.92 views

CVE-2023-21118

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

6.2CVSS5.2AI score0.00048EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.92 views

CVE-2023-21136

In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS5.3AI score0.00009EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.92 views

CVE-2023-21137

In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ...

5.5CVSS5.3AI score0.00026EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.92 views

CVE-2023-35658

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.8AI score0.00026EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.92 views

CVE-2023-35687

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00015EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.92 views

CVE-2023-40096

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00067EPSS
CVE
CVE
added 2024/03/11 5:15 p.m.92 views

CVE-2024-0053

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS6AI score0.00023EPSS
CVE
CVE
added 2025/01/03 1:15 a.m.92 views

CVE-2024-43097

In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.00031EPSS
CVE
CVE
added 2023/02/28 5:15 p.m.91 views

CVE-2023-20939

In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.91 views

CVE-2023-20955

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interactio...

7.8CVSS7.7AI score0.00005EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.91 views

CVE-2023-20967

In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.91 views

CVE-2023-35675

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User intera...

5.5CVSS5.1AI score0.00019EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.91 views

CVE-2023-35682

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.91 views

CVE-2023-35683

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.5AI score0.00017EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.91 views

CVE-2023-35684

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.7AI score0.00026EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.91 views

CVE-2023-40134

In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.91 views

CVE-2023-40137

In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2024/03/11 5:15 p.m.91 views

CVE-2024-0046

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7AI score0.00003EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.91 views

CVE-2024-31313

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.00041EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.91 views

CVE-2024-31327

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7CVSS6.9AI score0.00023EPSS
CVE
CVE
added 2025/01/21 11:15 p.m.91 views

CVE-2024-43763

In build_read_multi_rsp of gatt_sr.cc, there is a possible denial of service due to a logic error in the code. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.6AI score0.0003EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.90 views

CVE-2021-39631

In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...

5.5CVSS5.1AI score0.00033EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.90 views

CVE-2023-20964

In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVe...

7.8CVSS7.6AI score0.00011EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.90 views

CVE-2023-21122

In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.90 views

CVE-2023-21394

In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.2AI score0.00029EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.90 views

CVE-2023-35676

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.90 views

CVE-2024-0024

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7AI score0.00032EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.89 views

CVE-2021-0968

In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 ...

8.8CVSS8.5AI score0.00481EPSS
CVE
CVE
added 2022/02/11 6:15 p.m.89 views

CVE-2021-39666

In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12A...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2022/08/10 8:15 p.m.89 views

CVE-2022-20356

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...

7.8CVSS7.7AI score0.00046EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.89 views

CVE-2022-20414

In setImpl of AlarmManagerService.java, there is a possible way to put a device into a boot loop due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

5.5CVSS5.3AI score0.0002EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.89 views

CVE-2023-21271

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00022EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.89 views

CVE-2023-21283

In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5.2AI score0.00021EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.89 views

CVE-2023-35664

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.0002EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.89 views

CVE-2024-0025

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7AI score0.00041EPSS
CVE
CVE
added 2024/03/11 5:15 p.m.89 views

CVE-2024-0045

In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.4AI score0.00131EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.88 views

CVE-2021-0967

In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-...

9.3CVSS7.6AI score0.00502EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.88 views

CVE-2021-39630

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

7.8CVSS7.7AI score0.0001EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.88 views

CVE-2022-20468

In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

6.5CVSS5.9AI score0.00032EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.88 views

CVE-2022-20487

In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.88 views

CVE-2023-20926

In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges n...

6.8CVSS6.6AI score0.00005EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.88 views

CVE-2023-21145

In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00005EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.88 views

CVE-2023-40081

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00029EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.87 views

CVE-2022-20416

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 A...

7.8CVSS7.7AI score0.00042EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.87 views

CVE-2023-45774

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.86 views

CVE-2021-0959

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-2002...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.86 views

CVE-2021-39632

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Andr...

7.8CVSS7.7AI score0.00013EPSS
Total number of security vulnerabilities596