297 matches found
SUSE CVE-2020-0093
In exifdatasavedataentry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...
多款MediaTek产品缓冲区错误漏洞
MediaTek chips are a variety of chips from MediaTek, a division of China's MediaTek. A security vulnerability exists in various MediaTek products, which stems from an integer overflow that may cause an application to crash and can be exploited by an attacker to cause a local denial of service. Th...
MediaTek 芯片安全漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in the MediaTek chips, which can be exploited by attackers to cause a local privilege escalation. The following products and versions are affected: chips, MT6580, MT6735, MT6737, MT673...
CVE-2022-23998
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R11, 10.5.03.77 in Android Q10 and 9.0.6.68 in Android P9 allows untrusted applications to take a picture in screenlock status...
CVE-2022-23998
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R11, 10.5.03.77 in Android Q10 and 9.0.6.68 in Android P9 allows untrusted applications to take a picture in screenlock status...
CVE-2021-39627
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
PT-2022-9144 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue concerns a broadcast sent by DevicePickerFragment when a new device is paired, lacking permission checks. This allows any app to register and listen for the broadcast, enabling them to trac...
PT-2022-10931 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-9 through Android-12 Description: The issue is related to an incorrect bounds check in the doRead function of SimpleDecodingSource.cpp, which could lead to a possible out of bounds write. This might result in remote...
CVE-2021-1038
In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-0968
In osimalloc and osicalloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11...
CVE-2021-0971
In MPEG4Source::read of MPEG4Extractor.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10...
CVE-2021-0965
In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-0926
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
CVE-2021-0653
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
CVE-2021-0434
In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the user in the consent dialog. This could lead to local escalation of privilege with no additional...
PT-2021-13358 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-9 through Android-11 Description: The issue is related to a parcel serialization/deserialization mismatch in the createFromParcel method of OutputConfiguration.java due to improper input validation. This could lead to...
PT-2021-13362 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue is related to improper input validation in the onCreate method of certain activities, allowing HTML tags to interfere with a consent dialog. This could lead to remote escalation of privileg...
CVE-2021-0708
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2021-0870
In RWSetActivatedTagType of rwmain.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11...
CVE-2021-0583
In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...