Lucene search

K
GoogleAndroid

604 matches found

CVE
CVE
added 2011/05/16 5:55 p.m.711 views

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allow...

4.3CVSS7.7AI score0.50389EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.411 views

CVE-2019-9453

In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.5AI score0.00207EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.360 views

CVE-2019-2219

In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interactio...

4.7CVSS4.9AI score0.00012EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.284 views

CVE-2019-9449

In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.277 views

CVE-2021-0605

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

4.9CVSS4.9AI score0.00046EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.261 views

CVE-2019-9445

In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.9AI score0.00241EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.247 views

CVE-2019-9245

In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.2AI score0.00047EPSS
CVE
CVE
added 2022/05/10 8:15 p.m.239 views

CVE-2022-20008

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploi...

4.6CVSS5AI score0.00041EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.235 views

CVE-2019-9452

In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2020/04/17 7:15 p.m.220 views

CVE-2020-0067

In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android...

4.4CVSS5AI score0.00092EPSS
CVE
CVE
added 2019/09/06 10:15 p.m.212 views

CVE-2019-9444

In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.6AI score0.00088EPSS
CVE
CVE
added 2020/12/15 4:15 p.m.204 views

CVE-2020-0499

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Andr...

4.3CVSS4.6AI score0.0177EPSS
CVE
CVE
added 2019/12/06 11:15 p.m.165 views

CVE-2019-2231

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: ...

4.4CVSS4.3AI score0.00024EPSS
CVE
CVE
added 2022/11/08 10:15 p.m.156 views

CVE-2022-20465

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita...

4.6CVSS5AI score0.00023EPSS
CVE
CVE
added 2017/04/24 7:59 p.m.146 views

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

4.3CVSS4.3AI score0.00261EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.137 views

CVE-2022-20498

In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 A...

4.4CVSS4.3AI score0.00971EPSS
CVE
CVE
added 2020/04/17 7:15 p.m.132 views

CVE-2020-0068

In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions: Android kernel. And...

4.4CVSS5AI score0.00035EPSS
CVE
CVE
added 2020/04/17 7:15 p.m.130 views

CVE-2020-0075

In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAnd...

4.4CVSS4.3AI score0.00044EPSS
CVE
CVE
added 2020/04/17 7:15 p.m.129 views

CVE-2020-0077

In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelA...

4.4CVSS4.3AI score0.00044EPSS
CVE
CVE
added 2022/06/15 1:15 p.m.129 views

CVE-2022-20132

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interac...

4.9CVSS5.3AI score0.00065EPSS
CVE
CVE
added 2022/10/11 8:15 p.m.123 views

CVE-2022-20423

In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

4.6CVSS5.8AI score0.00046EPSS
CVE
CVE
added 2023/06/15 7:15 p.m.120 views

CVE-2023-21095

In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...

4.7CVSS4.8AI score0.00003EPSS
CVE
CVE
added 2021/02/03 12:15 a.m.118 views

CVE-2021-0352

In RT regmap driver, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05453809.

4.4CVSS4.8AI score0.00015EPSS
CVE
CVE
added 2023/03/24 8:15 p.m.112 views

CVE-2023-20956

In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android...

4.4CVSS4.3AI score0.0001EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.111 views

CVE-2022-20497

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscree...

4.6CVSS4.2AI score0.00024EPSS
CVE
CVE
added 2025/01/17 11:15 p.m.105 views

CVE-2018-9383

In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS7.6AI score0.00025EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.102 views

CVE-2021-39711

In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-...

4.4CVSS4.9AI score0.00051EPSS
CVE
CVE
added 2025/01/17 11:15 p.m.100 views

CVE-2018-9384

In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS6AI score0.00012EPSS
CVE
CVE
added 2022/12/13 4:15 p.m.99 views

CVE-2022-20449

In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

4.4CVSS4.6AI score0.00014EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.97 views

CVE-2022-22266

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

4CVSS4AI score0.00018EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.91 views

CVE-2021-39715

In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAn...

4.4CVSS4AI score0.00018EPSS
CVE
CVE
added 2021/01/11 10:15 p.m.90 views

CVE-2021-0320

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n...

4.7CVSS4.4AI score0.00013EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.89 views

CVE-2015-6644

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

4.3CVSS3.4AI score0.00184EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.88 views

CVE-2022-22272

Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

4CVSS4.1AI score0.00018EPSS
CVE
CVE
added 2022/03/10 5:46 p.m.88 views

CVE-2022-24932

Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.

4.6CVSS4.5AI score0.00022EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.87 views

CVE-2021-0961

In quota_proc_write of xt_quota2.c, there is a possible way to read kernel memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A...

4.4CVSS4.2AI score0.00047EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.87 views

CVE-2022-20033

In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862973; Issue ID: ALPS05862973.

4.4CVSS4.2AI score0.00016EPSS
CVE
CVE
added 2022/06/06 6:15 p.m.87 views

CVE-2022-21755

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464.

4.4CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.85 views

CVE-2021-39717

In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ...

4.4CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2016/03/12 9:59 p.m.84 views

CVE-2016-0823

The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

4CVSS5.3AI score0.00015EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.82 views

CVE-2022-20032

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822.

4.1CVSS4.2AI score0.00011EPSS
CVE
CVE
added 2022/04/11 8:15 p.m.80 views

CVE-2022-20079

In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289.

4.4CVSS4.2AI score0.00015EPSS
CVE
CVE
added 2022/05/03 9:15 p.m.80 views

CVE-2022-20103

In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684.

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2022/03/10 5:47 p.m.79 views

CVE-2022-25817

Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.

4CVSS4.2AI score0.00019EPSS
CVE
CVE
added 2022/03/10 5:47 p.m.78 views

CVE-2022-25820

A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.

4.6CVSS4.5AI score0.00025EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.77 views

CVE-2015-5310

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) vi...

4.3CVSS5.3AI score0.00304EPSS
CVE
CVE
added 2022/04/11 8:15 p.m.77 views

CVE-2022-27575

Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.

4.3CVSS3.9AI score0.00057EPSS
CVE
CVE
added 2022/03/16 3:15 p.m.76 views

CVE-2021-39724

In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

4.4CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2022/02/09 11:15 p.m.76 views

CVE-2022-20029

In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150.

4.4CVSS4.2AI score0.00016EPSS
CVE
CVE
added 2022/05/03 9:15 p.m.76 views

CVE-2022-20107

In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.

4.9CVSS4.7AI score0.00051EPSS
Total number of security vulnerabilities604