The Android Open Source Project

100 exploits Active since May 2014
CVE-2020-0453 GITLAB MEDIUM WRITEUP
Android 8.0-9 - Local Information Disclosure via Unsafe PendingIntent in BeamTransferManager
In updateNotification of BeamTransferManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-8.0 Android-8.1Android ID: A-159060474
CVSS 5.5
CVE-2020-0463 GITLAB HIGH WRITEUP
Android - Out-of-bounds Read in Bluetooth SDP Server
In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531
CVSS 7.5
CVE-2020-0245 GITLAB HIGH WRITEUP
Android - Out-of-bounds Write in DecodeFrameCombinedMode
In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152496149
CVSS 8.8
CVE-2020-0242 GITLAB HIGH WRITEUP
Android - Use-After-Free in NuPlayerDriver.cpp
In reset of NuPlayerDriver.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151643722
CVSS 7.8
CVE-2025-26417 NOMISEC MEDIUM STUB
Android - Local Information Disclosure via DownloadProvider Confused Deputy
In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 4.0
CVE-2024-34739 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via UsbProfileGroupSettingsManager Logic Error
In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVSS 7.8
CVE-2024-34741 NOMISEC HIGH STUB
Android - Local Privilege Escalation via Lock Screen Visibility Logic Error
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2024-40662 NOMISEC HIGH STUB
Android - Local Privilege Escalation via Malformed Uri Object
In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2024-0023 NOMISEC HIGH WRITEUP
Android - Out-of-bounds Write in ConvertRGBToPlanarYUV
In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.8
CVE-2024-0040 NOMISEC HIGH STUB
Android - Heap-based Buffer Overflow in MtpPacket.cpp setParameter
In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 7.5
CVE-2023-40127 NOMISEC LOW WRITEUP
Android - Local Information Disclosure via Confused Deputy in Screenshot Access
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 3.3
CVE-2023-40127 NOMISEC LOW WRITEUP
Android - Local Information Disclosure via Confused Deputy in Screenshot Access
In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS 3.3
CVE-2021-39696 NOMISEC HIGH WRITEUP
Android 10-12 - Local Privilege Escalation via Task.java Confused Deputy
In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717
CVSS 7.8
CVE-2021-39704 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via NotificationManagerService Permissions Bypass
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481
CVSS 7.8
CVE-2021-39692 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via Tapjacking Overlay Attack
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539
CVSS 7.8
CVE-2021-0507 NOMISEC HIGH WRITEUP
Android - Remote Code Execution via Bluetooth Out-of-bounds Write in btif_rc.cc
In handle_rc_metamsg_cmd of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181860042
CVSS 8.8
CVE-2021-0476 NOMISEC HIGH WRITEUP
Android - Use-After-Free via Race Condition in FindOrCreatePeer
In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-169252501
CVSS 7.0
CVE-2021-0466 NOMISEC HIGH WRITEUP
Android 10 - Remote Information Disclosure via ClientModeImpl Identifier Tracking
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734
CVSS 7.5
CVE-2021-0437 NOMISEC HIGH WRITEUP
Android - Double Free in DrmPlugin.cpp
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
CVSS 7.8
CVE-2021-0435 NOMISEC HIGH WRITEUP
Android - Remote Information Disclosure via Uninitialized Data in avrc_proc_vendor_command
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
CVSS 7.5
CVE-2021-0435 NOMISEC HIGH WRITEUP
Android - Remote Information Disclosure via Uninitialized Data in avrc_proc_vendor_command
In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174150451
CVSS 7.5
CVE-2021-0431 NOMISEC HIGH WRITEUP
Android - Out-of-bounds Read in avrc_msg_cback
In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174149901
CVSS 7.5
CVE-2021-0954 NOMISEC HIGH WORKING POC
Android - Tapjacking/Overlay Attack in ResolverActivity
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-143559931
CVSS 7.3
CVE-2021-0683 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation
In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-185398942
CVSS 7.8
CVE-2021-0586 NOMISEC HIGH WRITEUP
Android - Tapjacking/Overlay Attack via DevicePickerFragment
In onCreate of DevicePickerFragment.java, there is a possible way to trick the user to select an unwanted bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-182584940
CVSS 7.8