Lucene search

K

647 matches found

CVE
CVE
added 2021/03/10 5:15 p.m.33 views

CVE-2021-0386

In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173421110

7.8CVSS7.6AI score0.00049EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.33 views

CVE-2021-0456

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174769...

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.33 views

CVE-2021-0457

In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...

6.7CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.33 views

CVE-2021-0529

In memory management driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195268

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.33 views

CVE-2021-0536

In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11And...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.33 views

CVE-2021-0546

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11And...

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.33 views

CVE-2021-0548

In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android I...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2021/06/22 11:15 a.m.33 views

CVE-2021-0568

In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.33 views

CVE-2021-0610

In memory management driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05411456.

7.8CVSS7.8AI score0.00016EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.33 views

CVE-2021-0611

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425810.

7.8CVSS7.8AI score0.00017EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.33 views

CVE-2021-0615

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.33 views

CVE-2021-0624

In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594988; Issue ID: ALPS05594988.

5.5CVSS5.2AI score0.00012EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.33 views

CVE-2021-0628

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.

6.7CVSS6.8AI score0.00017EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.33 views

CVE-2021-0665

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672113; Issue ID: ALPS05672113.

4.4CVSS4.2AI score0.00016EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.33 views

CVE-2021-0894

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.33 views

CVE-2021-0899

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.

6.7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.33 views

CVE-2021-0993

In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-19384...

6.5CVSS6.4AI score0.00345EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.33 views

CVE-2021-1005

In getDeviceIdWithFeature of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User inte...

5.5CVSS4.9AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.33 views

CVE-2021-1039

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android...

7.8CVSS7.6AI score0.00034EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.33 views

CVE-2021-1045

Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A

7.5CVSS7.4AI score0.00123EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.33 views

CVE-2021-25409

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.

2.4CVSS4.2AI score0.00018EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.33 views

CVE-2021-25411

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.

4.4CVSS4.5AI score0.00034EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.33 views

CVE-2021-25451

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

4.3CVSS4.1AI score0.00057EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.33 views

CVE-2021-25452

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.

5.5CVSS5.5AI score0.0002EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.33 views

CVE-2021-25454

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

5.5CVSS5.6AI score0.00087EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.33 views

CVE-2021-25472

An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

4CVSS4.1AI score0.00018EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.33 views

CVE-2021-25482

SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

5.9CVSS5.6AI score0.00047EPSS
CVE
CVE
added 2021/11/05 3:15 a.m.33 views

CVE-2021-25501

An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.

5.7CVSS4.1AI score0.00018EPSS
CVE
CVE
added 2021/12/08 3:15 p.m.33 views

CVE-2021-25513

An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.

2.4CVSS4AI score0.00019EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.33 views

CVE-2021-30161

An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April 2021).

5.5CVSS5.6AI score0.00018EPSS
CVE
CVE
added 2021/01/26 6:15 p.m.32 views

CVE-2020-0236

In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android-1...

7.5CVSS7.2AI score0.00312EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.32 views

CVE-2021-0419

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.

5.5CVSS5.4AI score0.00018EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.32 views

CVE-2021-0449

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1751...

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.32 views

CVE-2021-0453

In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1751...

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.32 views

CVE-2021-0463

In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Androi...

5.5CVSS5.1AI score0.00017EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.32 views

CVE-2021-0530

In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1851961...

7.8CVSS7.7AI score0.00016EPSS
CVE
CVE
added 2021/06/21 5:15 p.m.32 views

CVE-2021-0531

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195272

7.8CVSS7.8AI score0.00019EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.32 views

CVE-2021-0542

In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Andro...

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.32 views

CVE-2021-0545

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.32 views

CVE-2021-0607

In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidV...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.32 views

CVE-2021-0613

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05489178.

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.32 views

CVE-2021-0616

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561389; Issue ID: ALPS05561389.

5.5CVSS5.2AI score0.00012EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.32 views

CVE-2021-0625

In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996.

7.2CVSS6.8AI score0.00032EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.32 views

CVE-2021-0626

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.

6.7CVSS6.7AI score0.00019EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.32 views

CVE-2021-0896

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.32 views

CVE-2021-0902

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.

4.4CVSS4.2AI score0.00016EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.32 views

CVE-2021-0939

In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid I...

4.4CVSS4.3AI score0.00018EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.32 views

CVE-2021-0978

In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Use...

3.3CVSS3.5AI score0.00012EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.32 views

CVE-2021-0984

In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.32 views

CVE-2021-1026

In startRanging of RttServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ne...

5.5CVSS4.9AI score0.00014EPSS
Total number of security vulnerabilities647