215 matches found
CVE-2021-25373
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O8.x, 2.4.03.0 in Android P9.0, 2.7.02.1 in Android Q10.0 and 2.9.01.1 in Android R11.0 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...
CVE-2021-0390
In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User...
CVE-2021-25343
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 in Android O8.1 and below and 3.8.00.13 in Android P9.0 and above allows unauthorized actions including denial of service attack by hijacking the provider...
CVE-2021-0341
In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...
CVE-2021-0339
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Produc...
CVE-2021-0325
In ih264dparsepslice of ih264dparsepslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9...
CVE-2021-0350
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID:...
LG mobile with Android OS security vulnerability
LG mobile is a family of mobile devices from LG. A security vulnerability exists in LG Mobile devices Google Android OS 8.0, 8.1, 9.0, and 10 software that stems from improper handling of the default value for hostname validation in a preloaded application...
CVE-2021-0354
In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch...
Google Android 访问控制错误漏洞
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An elevation of privilege vulnerability exists in the Framework component of Google Android 8.1, 9, 10, and 11. An attacker could exploit the vulnerability would...
CVE-2021-0318
In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions:...
CVE-2021-0317
In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10...
CVE-2021-0312
In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1,...
CVE-2020-27059
In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2021-22492
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Broadcom Bluetooth chipsets software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 January 2021...
CVE-2020-35554
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 December 2020...
CVE-2020-35552
An issue was discovered in the GPS daemon on Samsung mobile devices with O8.x, P9.0, and Q10.0 non-Qualcomm chipsets software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 December 2020...
CVE-2020-35551
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 Decemb...
CVE-2020-35550
An issue was discovered on Samsung mobile devices with O8.x, P9.0, Q10.0, and R11.0 software. Attackers can bypass Factory Reset Protection FRP via StatusBar. The Samsung ID is SVE-2020-17888 December 2020...
CVE-2020-35549
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 December 2020...