Lucene search

K

596 matches found

CVE
CVE
added 2023/04/19 8:15 p.m.85 views

CVE-2023-21099

In multiple methods of PackageInstallerSession.java, there is a possible way to start foreground services from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...

7.8CVSS7.6AI score0.00021EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.85 views

CVE-2023-21105

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 And...

5.5CVSS5AI score0.00012EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.85 views

CVE-2023-21244

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

6.7CVSS6.7AI score0.00009EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.85 views

CVE-2023-21262

In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.

3.1CVSS4AI score0.0004EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.85 views

CVE-2023-21292

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00018EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.85 views

CVE-2023-35679

In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS5AI score0.00031EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.85 views

CVE-2023-40087

In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS8.7AI score0.00079EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.85 views

CVE-2023-40097

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7.7AI score0.00029EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.85 views

CVE-2023-40098

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00052EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.84 views

CVE-2021-39627

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

7.8CVSS7.7AI score0.00009EPSS
CVE
CVE
added 2022/07/13 7:15 p.m.84 views

CVE-2022-20225

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A...

5.5CVSS5AI score0.00036EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.84 views

CVE-2022-20417

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 A...

7.8CVSS7.7AI score0.00017EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.84 views

CVE-2023-21142

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

5.5CVSS5.1AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.84 views

CVE-2023-21275

In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivity.java, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/08/14 10:15 p.m.84 views

CVE-2023-21280

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00019EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.83 views

CVE-2023-20957

In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.8CVSS7.7AI score0.00003EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.83 views

CVE-2023-40130

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00004EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.82 views

CVE-2021-0953

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for ex...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2022/06/15 2:15 p.m.82 views

CVE-2022-20142

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.9AI score0.00037EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.82 views

CVE-2023-20993

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/04/19 8:15 p.m.82 views

CVE-2023-21087

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. This could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 An...

5.5CVSS5.3AI score0.00032EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.82 views

CVE-2023-35666

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.82 views

CVE-2023-40095

In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2023/10/27 9:15 p.m.82 views

CVE-2023-40136

In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS3.6AI score0.00021EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.82 views

CVE-2024-31324

In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed fo...

7.8CVSS6.8AI score0.00008EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.82 views

CVE-2024-40656

In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS6.3AI score0.00009EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.81 views

CVE-2021-39622

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 A...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.81 views

CVE-2021-39629

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 And...

7CVSS7AI score0.0003EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.81 views

CVE-2023-21109

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS7.6AI score0.00012EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.81 views

CVE-2023-35665

In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.81 views

CVE-2023-40075

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for expl...

5.5CVSS5.3AI score0.00066EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.81 views

CVE-2024-34731

In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.7CVSS7AI score0.00011EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.80 views

CVE-2021-0970

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 ...

7.8CVSS7.6AI score0.00021EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.80 views

CVE-2023-20971

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

7.8CVSS7.7AI score0.00009EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.80 views

CVE-2023-21141

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

5.5CVSS5.1AI score0.00003EPSS
CVE
CVE
added 2023/07/13 12:15 a.m.80 views

CVE-2023-21246

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

3.3CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.80 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitat...

5.5CVSS5.4AI score0.00015EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.80 views

CVE-2023-40091

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00038EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.80 views

CVE-2024-31315

In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti...

7.8CVSS6.8AI score0.0002EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.79 views

CVE-2021-0965

In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: A...

8.8CVSS8.1AI score0.00037EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.79 views

CVE-2023-21144

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

7.5CVSS7.4AI score0.18862EPSS
CVE
CVE
added 2023/10/06 7:15 p.m.79 views

CVE-2023-21253

In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00058EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.79 views

CVE-2023-40074

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.4AI score0.00089EPSS
CVE
CVE
added 2024/05/07 9:15 p.m.79 views

CVE-2024-0043

In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS7AI score0.00048EPSS
CVE
CVE
added 2022/01/14 8:15 p.m.78 views

CVE-2021-39625

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for explo...

7.3CVSS7.4AI score0.00013EPSS
CVE
CVE
added 2023/09/11 9:15 p.m.78 views

CVE-2023-35667

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp...

7.8CVSS7.7AI score0.00011EPSS
CVE
CVE
added 2023/12/04 11:15 p.m.78 views

CVE-2023-40073

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00054EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.78 views

CVE-2024-34722

In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.8CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2024/08/15 10:15 p.m.78 views

CVE-2024-34739

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS6.8AI score0.00075EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.77 views

CVE-2021-0964

In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.1CVSS6.4AI score0.00366EPSS
Total number of security vulnerabilities596