Lucene search
K

215 matches found

OSV
OSV
added 2021/04/09 6:15 p.m.4 views

CVE-2021-25373

Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O8.x, 2.4.03.0 in Android P9.0, 2.7.02.1 in Android Q10.0 and 2.9.01.1 in Android R11.0 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

7.8CVSS5.8AI score0.00213EPSS
Exploits0References2
OSV
OSV
added 2021/03/10 4:15 p.m.5 views

CVE-2021-0390

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User...

7.8CVSS7.2AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2021/03/04 10:15 p.m.3 views

CVE-2021-25343

Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 in Android O8.1 and below and 3.8.00.13 in Android P9.0 and above allows unauthorized actions including denial of service attack by hijacking the provider...

3.3CVSS5.8AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2021/02/10 5:15 p.m.8 views

CVE-2021-0341

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

7.5CVSS7.2AI score0.00877EPSS
Exploits0References1
OSV
OSV
added 2021/02/10 5:15 p.m.3 views

CVE-2021-0339

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Produc...

7.8CVSS7.2AI score0.00732EPSS
Exploits0References1
OSV
OSV
added 2021/02/10 5:15 p.m.2 views

CVE-2021-0325

In ih264dparsepslice of ih264dparsepslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...

8.8CVSS6.6AI score0.02046EPSS
Exploits0References1
OSV
OSV
added 2021/02/04 7:15 p.m.3 views

CVE-2021-0350

In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...

4.4CVSS5.9AI score0.00147EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/04 12:0 a.m.7 views

LG mobile with Android OS security vulnerability

LG mobile is a family of mobile devices from LG. A security vulnerability exists in LG Mobile devices Google Android OS 8.0, 8.1, 9.0, and 10 software that stems from improper handling of the default value for hostname validation in a preloaded application...

9.8CVSS7.3AI score0.00549EPSS
Exploits0References2
OSV
OSV
added 2021/02/03 12:15 a.m.4 views

CVE-2021-0354

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch...

6.7CVSS6.8AI score0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/02 12:0 a.m.6 views

Google Android 访问控制错误漏洞

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.1, 9, 10, and 11. An attacker could exploit the vulnerability would...

7.3CVSS7.1AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2021/01/11 10:15 p.m.4 views

CVE-2021-0318

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...

7.8CVSS6.7AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2021/01/11 10:15 p.m.4 views

CVE-2021-0317

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...

7.8CVSS6.7AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2021/01/11 10:15 p.m.4 views

CVE-2021-0312

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1,...

6.5CVSS6.7AI score0.01098EPSS
Exploits0References1
OSV
OSV
added 2021/01/11 9:15 p.m.3 views

CVE-2020-27059

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS7.2AI score0.0021EPSS
Exploits1References1
OSV
OSV
added 2021/01/05 6:15 p.m.6 views

CVE-2021-22492

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Broadcom Bluetooth chipsets software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 January 2021...

8.8CVSS7.8AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 a.m.5 views

CVE-2020-35554

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...

7.8CVSS7.1AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 a.m.4 views

CVE-2020-35552

An issue was discovered in the GPS daemon on Samsung mobile devices with O8.x, P9.0, and Q10.0 non-Qualcomm chipsets software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 December 2020...

5.3CVSS6.1AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 a.m.5 views

CVE-2020-35551

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 Decemb...

9.8CVSS6.9AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 a.m.4 views

CVE-2020-35550

An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. Attackers can bypass Factory Reset Protection FRP via StatusBar. The Samsung ID is SVE-2020-17888 December 2020...

9.8CVSS7.3AI score
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 a.m.3 views

CVE-2020-35549

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 December 2020...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder