Lucene search
K
GoogleAndroid17.0

18 matches found

CVE
CVE
added 2026/06/17 5:53 a.m.3380 views

CVE-2025-48617

CVE-2025-48617 affects Android’s CarrierConfigLoader.java, specifically overrideConfig, enabling a permissions/UID check bypass that could cause local privilege escalation with no additional execution privileges required and no user interaction. The vulnerability is tied to a local attack vector ...

7.8CVSS5.5AI score0.00077EPSS
CVE
CVE
added 2026/06/17 7:24 a.m.25 views

CVE-2026-0063

CVE-2026-0063 affects the Android framework component PhoneInterfaceManager.java, where a logic error in setAllowedCarriers could disable carrier restrictions, enabling local privilege escalation with no additional privileges and no user interaction required. The issue is cataloged as an Elevatio...

10CVSS5.6AI score0.00155EPSS
CVE
CVE
added 2026/06/17 7:9 a.m.25 views

CVE-2026-0071

Summary: CVE-2026-0071 affects SettingsLib where a logic error may skip a permission check, enabling local escalation of privilege with no additional privileges or user interaction required. The vulnerability is described across NVD, ENISA EUVD, CVE records, and PT/security bulletins, all citing ...

10CVSS5.6AI score0.00155EPSS
CVE
CVE
added 2026/06/17 6:49 a.m.23 views

CVE-2026-0068

In Android, CVE-2026-0068 affects PackageInstallerService.java (createSessionInternal). The vulnerability enables a local attacker to remove a DPC app from a managed device without DO consent due to persistence desync, potentially causing local elevation of privilege if a malicious app is install...

10CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/06/17 5:53 a.m.22 views

CVE-2025-48640

CVE-2025-48640 is described across multiple connected sources as a remote elevation of privilege in Android components caused by a missing permission check during 3rd‑party passkey entry pairing approval. The impact is high (CVE notes adjacent/remote escalation with no user interaction) with a lo...

8CVSS5.7AI score0.00094EPSS
CVE
CVE
added 2026/06/17 7:12 a.m.19 views

CVE-2026-0081

CVE-2026-0081 concerns the Android NFC stack. The connected documents indicate a missing permission check in NFC that could allow spoofing an NFC event, enabling local escalation of privilege without any additional execution privileges and without user interaction. The exploitation details are no...

10CVSS5.6AI score0.00148EPSS
CVE
CVE
added 2026/06/17 7:15 a.m.19 views

CVE-2026-0083

Summary: CVE-2026-0083 describes a possible use-after-free in Nfc::eventCallback() within Nfc.h caused by a race condition, enabling local privilege escalation with no additional privileges and no user interaction required. Connected sources (NVD, EUVD, CIRCL, CVE lists) reproduce the same descri...

10CVSS5.6AI score0.00121EPSS
CVE
CVE
added 2026/06/17 7:19 a.m.19 views

CVE-2026-28576

In Android, the Contacts Provider is affected by CVE-2026-28576, caused by a SQL injection in the contacts database access path. This allows local information disclosure without extra execution privileges and without user interaction. The issue is described across CVE entries and ENISA/Android re...

10CVSS6AI score0.00148EPSS
CVE
CVE
added 2026/06/17 5:53 a.m.18 views

CVE-2025-48571

CVE-2025-48571 affects the btm_sec.cc code path and enables possible interception of SMS messages due to a logic error, leading to remote information disclosure with no extra privileges, requiring user interaction. The connected ENISA and NVD/NVD-derived entries corroborate this CVE as of Android...

4.3CVSS5.7AI score0.00191EPSS
CVE
CVE
added 2026/06/17 5:53 a.m.18 views

CVE-2025-48643

CVE-2025-48643 is an Android system-level issue described across multiple sources as a provisioning bypass caused by improper input validation, enabling local privilege escalation with no user interaction. The Android 17 security release notes classify it under System, with type EoP and a High se...

7.8CVSS5.6AI score0.00084EPSS
CVE
CVE
added 2026/06/17 6:59 a.m.18 views

CVE-2026-0064

CVE-2026-0064 is identified as a DoS vulnerability affecting Android Framework in Android 17 release notes. The issue describes a persistent denial of service due to resource exhaustion that can lead to local denial of service without user interaction. The NVD entry lists a base score of 5.5 (MED...

10CVSS5.6AI score0.00122EPSS
CVE
CVE
added 2026/06/17 7:13 a.m.18 views

CVE-2026-0082

CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...

10CVSS5.6AI score0.00165EPSS
CVE
CVE
added 2026/06/17 5:53 a.m.16 views

CVE-2026-0019

CVE-2026-0019 affects SettingsLib and enables a logic-error path that could disable system components, enabling local privilege escalation without extra privileges or user interaction. The issue is classified as Elevation of Privilege (High) in Android 17 release notes; patches are included in An...

7.8CVSS5.6AI score0.0008EPSS
CVE
CVE
added 2026/06/17 6:57 a.m.16 views

CVE-2026-0092

The CVE-2026-0092 entry is tied to the Android Package Manager and describes a device lock controller bypass caused by a missing permission check. The underlying issue enables local escalation of privilege with no extra execution privileges and requires no user interaction. The impact is describe...

10CVSS5.6AI score0.00218EPSS
CVE
CVE
added 2026/06/17 7:2 a.m.16 views

CVE-2026-28575

CVE-2026-28575 affects the Android framework in PackageInstaller.Session.transfer (frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java). The issue is described as a logic error causing memory exhaustion that can lead to a local denial of service without requiring...

10CVSS5.6AI score0.00125EPSS
CVE
CVE
added 2026/06/17 7:17 a.m.15 views

CVE-2026-28615

CVE-2026-28615 affects Telecomm and is described as a permissions bypass that could allow initiating an unauthorized phone call, leading to local elevation of privilege without any additional execution privileges or user interaction. Technical details across sources confirm the vulnerability is l...

10CVSS5.6AI score0.00123EPSS
CVE
CVE
added 2026/06/17 5:53 a.m.13 views

CVE-2026-0057

CVE-2026-0057 affects the Android Contacts Provider. A missing permission check can allow an attacker to read an incoming call’s phone number and related metadata, enabling local information disclosure without extra execution privileges, and exploitation does not require user interaction. The iss...

3.3CVSS5.6AI score0.00065EPSS
CVE
CVE
added 2026/06/17 7:21 a.m.13 views

CVE-2026-28587

CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...

10CVSS5.5AI score0.00115EPSS