8153 matches found
CVE-2017-18685
Summary (CVE-2017-18685): An issue in Samsung mobile devices running KK (4.4), L (5.0/5.1), and M (6.0) where the InputMethod application can crash the system via a malformed serializable object in an Intent. The Samsung internal reference is SVE-2016-7123 (February 2017). The Red Hat and CNVD en...
CVE-2017-6282
CVE-2017-6282 affects the NVIDIA Tegra kernel driver (NVMAP) where an attacker can write an arbitrary value to an arbitrary location, potentially causing privilege escalation. Documents confirm the vulnerability in the Tegra kernel driver and NVMAP component, with CVSS v3.0 scores (9.3 base, high...
CVE-2017-6290
CVE-2017-6290 affects NVIDIA TLK TrustZone in Tegra on SHIELD TV. It describes a potential local escalation of privilege via an out-of-bounds write caused by an integer overflow, with no user interaction required. NVIDIA’s bulletin redirects to Android patching: affected SHIELD TV platforms requi...
CVE-2017-8279
CVE-2017-8279 is described across multiple sources as a race-condition flaw in Android on MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The underlying issue is missing protection while updating the msg_mask table, which can cause a buffer over-read and may allow access ...
CVE-2017-9676
CVE-2017-9676 affects the Qualcomm File System in Qualcomm devices running CAF Android builds on the Linux kernel. The underlying issue is use-after-free scenarios and race conditions when accessing global static variables without proper locking. Public references in the connected documents ident...
CVE-2017-9685
The CVE-2017-9685 entry concerns Qualcomm WLAN driver race conditions in Android CAF builds using the Linux kernel, producing a Use-After-Free condition. Affected software is Qualcomm products with CAF Android releases, where the WLAN driver’s race condition can impact confidentiality, integrity,...
CVE-2017-9690
CVE-2017-9690 affects Qualcomm QBT1000 driver in Android devices (MSM/Linux kernel) via the qbt1000 ioctl handler. The vulnerability arises from an incorrect buffer size check that allows an integer overflow, which can lead to a buffer overflow and local elevation of privileges (EoP) within a pri...
CVE-2018-11297
CVE-2018-11297 affects Qualcomm WLAN Host in Android (CAF/Linux kernel-based builds such as Android for MSM) where the WMA NDP event handler can over-read due to missing validation of input value event_info received from firmware. This is described as a buffer over-read/overflow in the WLAN Host ...
CVE-2018-11842
CVE-2018-11842 describes a memory-management fault in Qualcomm CAF WLAN host driver used in Android CAF builds during WLAN association. When memory allocation fails, the driver frees memory that was not allocated, indicating a potential use-after-free/memory-corruption condition. The vulnerabilit...
CVE-2018-11964
CVE-2018-11964 affects Android builds (Android for MSM, Firefox OS for MSM, QRD Android) using CAF Linux kernels. Root cause: exposure of hashed content in /etc/passwd, enabling a local attacker to access credentials and potentially escalate privileges; impact described as complete confidentialit...
CVE-2018-14066
The CVE-2018-14066 issue concerns the content://wappush content provider in com.android.provider.telephony from some Android custom ROMs, which allows SQL injection. The underlying flaw enables an application without the READ_SMS permission to read SMS messages. Affected devices include Infinix X...
CVE-2018-21042
CVE-2018-21042 concerns Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The issue is that Dual Messenger can install an arbitrary APK, leading to privileged code execution. Affected component/feature: Dual Messenger on Samsung devices. Root cause: exploitation arises from ability to in...
CVE-2018-21073
The CVE-2018-21073 entry affects Samsung mobile devices running N(7.x) and O(8.0) on Galaxy S9+/S9/S8+/S8/Note 8. The root issue is access to clipboard content in the locked state via the Edge panel, enabling potential information disclosure without unlocking the device. If present in connected d...
CVE-2018-21074
CVE-2018-21074 affects Samsung mobile devices running M(6.x) software on Exynos or Qualcomm chipsets. The issue is information disclosure from a Trustlet via the debug log. The available documents do not specify affected device models, versions, or the exact root cause details beyond the trustlet...
CVE-2018-3567
CVE-2018-3567 is a WLAN buffer overflow affecting Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds leveraging CAF on Linux kernels before 2018-04-05. The vulnerability arises in WLAN when processing HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages (root cause:...
CVE-2018-5827
CVE-2018-5827 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF with Linux kernels older than the 2018-04-05 patch level. The issue is a WLAN buffer overflow occurring while processing an extscan hotlist event. Public references in the CVE indicate a high-seve...
CVE-2018-9357
CVE-2018-9357: In BNEP_Write of bnep_api.cc there is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with user privileges required and no user interaction. Affected Android versions span 6.0–8.1. The vulnerability is documented in the Android Securi...
CVE-2018-9427
CVE-2018-9427 affects Android 8.0 and 8.1, tied to the Media framework. The issue is an out-of-bounds write in CopyToOMX of OMXNodeInstance.cpp caused by an incorrect bounds check, leading to remote code execution. Exploitation details in the provided sources indicate the impact is high (RCE) wit...
CVE-2018-9474
CVE-2018-9474 is a local elevation-of-privilege in Android’s Media Framework, triggered by a serialization/deserialization mismatch in MediaPlayer.writeToParcel. Affected software includes Android 7.0–9; exploited via crafted media content with no user interaction. The issue is documented in the ...
CVE-2018-9510
CVE-2018-9510 describes a Bluetooth information-disclosure risk in Android. The root cause is a missing bounds check in smp_proc_enc_info (smp_act.cc), leading to an out-of-bounds read. Impact is remote information disclosure over Bluetooth without special privileges or user interaction, affected...
CVE-2018-9524
CVE-2018-9524 affects Android System UI where protections around overlay windows are insufficient, enabling local elevation of privilege. Affects Android 7.0–8.1; exploitation requires user interaction. The issue is documented in public CVE records (NVD/NVD 2018-9524) and is addressed in the Andr...
CVE-2018-9526
CVE-2018-9526 is a Framework information-disclosure issue affecting Android 7.0–9.x (patch levels 2019-06-01/2019-06-05). The root cause is an improperly configured setting in device configuration data that could allow remote disclosure of the device location without user interaction. The Android...
CVE-2018-9588
CVE-2018-9588 affects Android 7.0–9, specifically the avdt_scb_hdl_report path in avdt_scb_act.cc. The vulnerability involves an out-of-bounds read due to a missing bounds check, enabling remote information disclosure over Bluetooth without user interaction. Impact is limited to the reported Andr...
CVE-2018-9593
Technical details about CVE-2018-9593 are not publicly available in the provided connected documents. Monitor for updates from official sources.
CVE-2019-19273
The CVE-2019-19273 entry concerns Samsung devices with O(8.0)/P(9.0) and Exynos 8895 where RKP (Samsung Hypervisor EL2) permits arbitrary memory write operations. The affected component is the Samsung Hypervisor EL2 implementation (RKP) running on vulnerable Exynos-based Android variants. Underly...
CVE-2019-1994
CVE-2019-1994 affects Android 8.0–9 where DevelopmentTiles.java could leave development settings accessible due to an insecure default. This Elevation of Privilege vulnerability could grant access to development settings with no extra privileges; exploitation requires user interaction. Affected s...
CVE-2019-2028
CVE-2019-2028 affects Android via libmpeg2 where NEON registers aren’t preserved in multiple hand-crafted functions, enabling potential remote code execution with no privileges and requiring user interaction. Affected Android versions include 7.0–7.1.2, 8.0–8.1, and 9 (Android ID A-120644655). Pu...
CVE-2019-2033
CVE-2019-2033 affects Android 9; the issue is in dnssd_clientstub.c: create_hdr exposes a use-after-free, enabling local privilege escalation with no extra privileges and no user interaction needed. The Android bulletin lists this under the System component as CVE-2019-2033 with Elevation of Priv...
CVE-2019-20551
CVE-2019-20551 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The issue allows bypassing Factory Reset Protection (FRP) via a Class 0 Type Message, as noted with Samsung ID SVE-2019-14941 (October 2019). Connected Red Hat/Redundancy sources reiterate the same FRP bypass claim;...
CVE-2019-20574
CVE-2019-20574 : Local SQL injection in the Wi‑Fi history Content Provider on Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The affected component is the Wi‑Fi history Content Provider; root cause described as an SQL injection vulnerability. Exploitation details, affected app version...
CVE-2019-20774
CVE-2019-20774 affects LG mobile devices running Android 7.x–9.0. A system service allows local retrieval of the user’s password, creating a local-confidentiality risk. The vulnerability has been documented under LG ID LVE-SMP-190009 (August 2019). Connected sources corroborate the issue without ...
CVE-2019-20778
Summary: CVE-2019-20778 affects LG Android devices (versions 7.0–9.0) with the Backup subsystem failing to properly restrict operations or validate input. This leads to a potential impact on confidentiality, integrity, and availability as indicated by CVSS metrics (3.1: HIGH/HIGH/HIGH; 2.0: PARTI...
CVE-2019-2135
CVE-2019-2135 affects Android systems and is due to a missing bounds check in Mfc_Transceive of phNxpExtns_MifareStd.cpp, causing an out-of-bounds read. This could lead to local information disclosure with no extra execution privileges required; exploitation requires user interaction. Affected An...
CVE-2019-2140
CVE-2019-2140 affects libxaac in Android 10, stemming from uninitialized data that can cause information disclosure. Impact: partial confidentiality loss with no full compromise; exploitation requires user interaction. Affected component is libxaac in Android 10, with Android’s release notes indi...
CVE-2019-2195
The CVE-2019-2195 issue affects Android, described as an input-validation flaw in tokenize of sqlite3_android.cpp that allows an attacker-controlled INSERT statement. This leads to local elevation of privilege with no additional execution privileges required and no user interaction needed. Produc...
CVE-2019-2196
CVE-2019-2196 describes a SQL injection in Android's Download Provider, exploitable locally to disclose information without extra privileges. Affected: Android 8.0–10; vulnerability occurs in the query sort parameter, enabling information disclosure. Root cause: improper handling of sort paramete...
CVE-2019-2233
CVE-2019-2233 affects Android 10. In UserSwitcherController.java’s getUserCount/getCount, a logic error could allow creation of a new user, enabling local privilege escalation for an attacker with physical access and no extra execution privileges or user interaction required. CVSSv3.1 base score ...
CVE-2019-9253
CVE-2019-9253 affects Android 10 KeyStore: a missing strongbox flag allows symmetric keys to be stored in the TEE instead of the strongbox, enabling local information disclosure with System privileges required. No user interaction needed. Exploitation details are not provided in the supplied docu...
CVE-2019-9262
CVE-2019-9262 affects the MPEG4Extractor component in Android 10 media extraction. The issue is an out-of-bounds write caused by an integer overflow in MPEG4Extractor, potentially enabling remote code execution in the media extractor. Exploitation requires user interaction. Impact stated as RCE w...
CVE-2019-9375
CVE-2019-9375 affects Android 10 where hostapd may trigger an out-of-bounds write due to a race condition, enabling local privilege escalation with SYSTEM privileges and no user interaction. The issue is tied to the hostapd component; exploitation status and precise exploit paths are not detailed...
CVE-2019-9428
CVE-2019-9428 affects the Android Framework. The issue arises from BROWSEABLE intents that can allow remote disclosure of sensitive URLs, with exploitation requiring user interaction. Affected product/version: Android 10 (Android Framework). Root cause: abuse of BROWSEABLE intents enabling inform...
CVE-2020-0012
The CVE-2020-0012 issue affects the FPC Fingerprint TEE in Android. Root cause: an out-of-bounds write in fpc_ta_pn_get_unencrypted_image (fpc_ta_pn.c) due to a missing bounds check. Impact: local elevation of privilege to SYSTEM level; no user interaction required. Exploitation is local and coul...
CVE-2020-0038
CVE-2020-0038 affects Android devices (Android 8.0–10) due to a missing bounds check in rw_i93_sm_update_ndef of rw_i93.cc , which can cause a read of uninitialized data and lead to remote information disclosure without additional execution privileges or user interaction. The available documents ...
CVE-2020-0065
CVE-2020-0065 corresponds to an improper authorization in the receiver component of the Android Suite Daemon (MediaTek section, Android 2020-05-01/05 patch levels). According to NVD, it supports LOCAL access with LOW attack complexity but can affect confidentiality (HIGH) with no integrity/availa...
CVE-2020-0097
CVE-2020-0097 affects Android Framework (PackageManagerService.java). A missing condition for system apps permits a local privilege escalation from a User account with no user interaction required. Exploitation status is not detailed in the provided documents. The vulnerability is listed in Andro...
CVE-2020-0161
CVE-2020-0161 affects Android 10 (Android in the Pixel/Android Security Bulletin context) with a vulnerability in MPEG4Extractor.cpp (parseChunk). The underlying issue is resource exhaustion caused by improper input validation, leading to remote denial of service. Exploitation requires user inter...
CVE-2020-0202
The CVE-2020-0202 issue affects Android 11 and is tied to onHandleIntent in TraceService.java. The root cause is a missing permission check that bypasses developer settings requirements for capturing system traces, allowing local elevation of privilege. Exploitation requires user interaction; no ...
CVE-2020-0203
CVE-2020-0203 affects Android 10 Framework: a bug in freeIsolatedUidLocked within ProcessList.java can cause UID reuse from improper cleanup, enabling local privilege escalation between constrained processes with no extra privileges and no user interaction required. The Pixel Update Bulletin list...
CVE-2020-0264
CVE-2020-0264 affects Android 11, specifically libstagefright. It describes a possible out-of-bounds write caused by an integer overflow in the media framework, which could enable remote code execution. Exploitation requires user interaction. The issue is documented across multiple sources and is...
CVE-2020-0265
CVE-2020-0265 describes a local information-disclosure vulnerability in the Telephony component on Android 11, caused by missing permission checks that could leak sensitive data without user interaction. The NVD entry notes LOCAL attack vector, LOW attack complexity, and a PARTIAL confidentiality...