8153 matches found
CVE-2019-20601
CVE-2019-20601 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) with Exynos 7570/7580/7870/7880/8890, where RKP memory corruption results in an arbitrary write to protected memory. The issue, tracked under Samsung ID SVE-2019-13921-2 (May 2019), is documented across multiple sour...
CVE-2019-2142
The CVE-2019-2142 entry affects Android 10, specifically the libxaac library. The vulnerability is an information-disclosure flaw caused by a missing bounds check that could trigger an out-of-bounds read. Exploitation requires user interaction, and successful exploitation could disclose partial t...
CVE-2019-2190
CVE-2019-2190 affects LG's LAF component in the Android kernel, where a missing bounds check in a protected disk partition can cause local information disclosure via USB. Exploitation requires user privileges but not user interaction. The vulnerability is documented across multiple sources (NVD, ...
CVE-2019-2193
CVE-2019-2193 affects Android 8.0–10 where a partially provisioned Device Policy Client in WelcomeActivity.java could bypass permissions, enabling local escalation of privilege and leaving an Admin app installed without user notification. Exploitation is described as local with no user interactio...
CVE-2019-2202
CVE-2019-2202 occurs in Android’s CryptoPlugin.decrypt and describes a possible heap buffer overflow leading to local privilege escalation without user interaction. Affected software is Android 9 and Android 10 (Media/crypto plugin path). The issue is described as an out-of-bounds write in Crypto...
CVE-2019-9235
CVE-2019-9235 affects Android 10 NFC functionality. The issue is an out-of-bounds read caused by a missing bounds check in NFC, enabling local information disclosure with user interaction required for exploitation. Impact is described as partial confidentiality loss with no privilege escalation. ...
CVE-2019-9305
CVE-2019-9305 affects libAACdec in Android 10 (Android-10). The root cause is an integer overflow causing an out-of-bounds write, enabling remote code execution. Exploitation requires user interaction; no additional privileges are needed beyond the targeted device. Documented under Android 10 rel...
CVE-2019-9319
CVE-2019-9319 affects Android 10 media stack (libavc) where a missing variable initialization in the library can lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The Android 10 security release notes state these issues are addressed...
CVE-2019-9382
CVE-2019-9382 affects Android 10 via the libeffects component, where a missing bounds check allows an out-of-bounds write. This could enable remote code execution with the attacker leveraging a vulnerable path in the media stack. Exploitation details in the source documents indicate the issue may...
CVE-2019-9415
CVE-2019-9415 affects Android 10 via the libstagefright component. The issue is an information-disclosure vulnerability caused by uninitialized data, enabling remote information leakage without extra execution privileges. Exploitation requires user interaction. Public details originate from Andro...
CVE-2019-9467
CVE-2019-9467 affects Google's Android Bootloader (Bootloader/Android kernel component). The issue is a kernel command injection caused by missing command sanitization in the Bootloader, which can enable local privilege escalation to SYSTEM. Exploitation requires local access with high privileges...
CVE-2020-0091
CVE-2020-0091 affects the MediaTek mnld component; description in the initial docs notes an incorrect configuration in driver_cfg of mnld for meta factory mode. The entry is listed under Android/Microsoft 2020-05 release details as a High severity issue for the MediaTek mnld in the 2020-05-01 sec...
CVE-2020-0132
CVE-2020-0132 affects Android 10 via BnAAudioService::onTransact in IAAudioService.cpp, where unsafe deserialization can trigger an out-of-bounds read. The underlying bug permits local information disclosure without extra privileges or user interaction. Publicly documented references in the Pixel...
CVE-2020-0138
CVE-2020-0138 affects Android 10 with the flaw in get_element_attr_rsp of btif_rc.cc, where a missing bounds check allows an out-of-bounds write. This could enable remote code execution without additional privileges and without user interaction, typically via Bluetooth usage (though Bluetooth is ...
CVE-2020-0140
CVE-2020-0140 relates to Android 10 and is described in multiple sources as an information-disclosure vulnerability due to a missing bounds check in rw_i93_sm_detect_ndef of rw_i93.c. The underlying issue can enable remote information disclosure without extra execution privileges and without user...
CVE-2020-0205
Technical details for CVE-2020-0205 are not publicly available in the provided documents. Monitor for updates.
CVE-2020-0273
CVE-2020-0273 describes an out-of-bounds write in hwservicemanager that may allow local privilege escalation without user interaction on Android 11. The root cause is freeing a wild pointer. Documented impact is local elevation of privilege with partial confidentiality/integrity/availability impa...
CVE-2020-0321
CVE-2020-0321 affects Android 11, involving the MP3 extractor in the Media Framework where an out-of-bounds write due to uninitialized data can lead to remote code execution. Exploitation requires user interaction and is conveyed as a high-severity issue (Android 11 Security Release Notes; CVSS d...
CVE-2020-0322
CVE-2020-0322 affects Android 11, specifically the apexd component. The vulnerability is an out-of-bounds read caused by a missing bounds check in apexd, which could lead to local information disclosure and, with system privileges, potential execution. Exploitation requires no user interaction an...
CVE-2020-0345
CVE-2020-0345 affects Android 11 DocumentsUI, enabling a local elevation of privilege via a permission bypass (confused deputy). Impact: partial/full escalation on affected builds; CVSS v3.1: LOCAL, LOW complexity, UI REQUIRED, with HIGH confidentiality, integrity, and availability impacts. Root ...
CVE-2020-0363
CVE-2020-0363 affects Android 11 libmedia and can cause resource exhaustion leading to remote DoS. Exploitation requires user interaction (per CVSS3.1); CVSS2 indicates network access with partial availability impact. Public documents identify the issue as improper input validation in libmedia. A...
CVE-2020-0490
CVE-2020-0490 affects Android 11. The issue is in floor1_info_unpack of floor1.c and stems from a missing bounds check, causing an out-of-bounds read that can disclose information. Exploitation requires user interaction. The impact is information disclosure with no additional execution privileges...
CVE-2020-25282
Technical details about CVE-2020-25282 are not publicly available in the provided connected documents. No specifics on affected products, components, root cause, impact, or fixes are present. Monitor for updates from the cited sources.
CVE-2020-35549
Technical details about CVE-2020-35549 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2020-35555
The CVE-2020-35555 entry concerns LG mobile devices running Android 10 with dual-screen support. The issue is that, when a call is disconnected while the cover is closed, the device does not lock as expected, potentially leaving the device accessible without authentication. The details specify th...
CVE-2021-0357
Technical details about CVE-2021-0357 are not publicly available in the provided Connected documents. The descriptions reiterate an out-of-bounds write in netdiag affecting Android 10/11 with local privilege escalation. Monitor for updates.
CVE-2021-0370
The CVE-2021-0370 entry concerns Android 11 with a vulnerability in NxpMfcReader.cc where an out-of-bounds write occurs due to a missing bounds check. This can lead to local escalation of privilege on the NFC server with System execution privileges required; exploitation does not require user int...
CVE-2021-0375
CVE-2021-0375 affects Android 11 and is tied to VoiceInteractionManagerService.java: onPackageModified could change default apps due to an insecure default value, enabling local elevation of privilege without extra privileges. Exploitation is described as requiring no user interaction. The issue ...
CVE-2021-0377
CVE-2021-0377 affects Android 11 (DeltaPerformer::Write in delta_performer.cc). Improper input validation allows a local elevation of privilege bypassing defense-in-depth protections with no user interaction. Exploitation details are not provided in the documents. The Pixel/Android bulletin indic...
CVE-2021-0388
CVE-2021-0388 affects Android 11 and is tied to the ImsPhoneCallTracker.java onReceive path, where a misappropriation of data usage can occur due to an incorrect broadcast handler. This can enable local escalation of privilege by attributing video‑call data to the wrong app, without requiring any...
CVE-2021-0450
CVE-2021-0450 affects the Titan M component in Google's Pixel devices. The Titan M firmware disclosure arises from uninitialized data leading to possible stack memory disclosure, enabling local information disclosure with system privileges without user interaction. Reported across multiple source...
CVE-2021-0489
CVE-2021-0489: In Android’s memory management driver, a missing bounds check enables an out-of-bounds write. This could allow local escalation of privilege without user interaction. Affected products/versions are tied to Android SoCs; the vulnerability is listed in the Android May 2021 security b...
CVE-2021-0496
CVE-2021-0496 is an Android memory management driver vulnerability caused by a use-after-free leading to local privilege escalation. Affected: Android devices with the memory management driver. Impact: local code execution with high integrity/availability impact; attacker requires local access, n...
CVE-2021-0656
CVE-2021-0656 affects the edma driver and is characterized by a use-after-free memory corruption leading to local escalation of privilege with System execution privileges required. Public descriptions consistently note no user interaction is needed for exploitation. The issue is tied to the edma ...
CVE-2021-0679
CVE-2021-0679 affects MediaTek’s apusys. The issue is a memory corruption caused by a missing bounds check in apusys that could lead to local privilege escalation with System execution privileges required; exploitation is possible without user interaction. A patch is referenced (ALPS05672107; ALP...
CVE-2021-0903
CVE-2021-0903 concerns the MediaTek Apusys component, where a missing bounds check can trigger an out-of-bounds write. The condition enables local escalation of privilege with SYSTEM execution rights and does not require user interaction. Affected material mentions Apusys; Red Hat and other sourc...
CVE-2021-1039
CVE-2021-1039 affects Android Platform apps: NotificationAccessActivity in AndroidManifest.xml can enable a local elevation of privilege via a tapjacking/overlay trick. Affected: Android 9–12. Root cause: overlay/tapjacking allows bypass of user interaction requirements to gain higher privileges ...
CVE-2021-25409
CVE-2021-25409 describes an improper access in the Notification setting prior to Samsung SMR June‑2021 Release 1, allowing physically proximate attackers to set arbitrary notifications by physically configuring the device. The NVD entry indicates a low overall impact (CVSS v2: AV:L/AC:L/Au:N/I:P/...
CVE-2021-25443
CVE-2021-25443 is a use-after-free vulnerability in the Samsung conn_gadget driver prior to SMR AUG-2021 Release 1. Affected component: conn_gadget driver in Samsung mobile software. Root cause per records: use-after-free leading to potential malicious action by an attacker. Impact is described a...
CVE-2021-25454
CVE-2021-25454 corresponds to an OOB read in the libsaacextractor.so library, vulnerability class affecting Samsung SMR components prior to the September 2021 Release 1. The flaw enables remote DoS via a crafted AAC file, as described across multiple sources (NVD/Red Hat/CVE records). Technical c...
CVE-2022-20020
CVE-2022-20020 affects the libvcodecdrv component (noted in multiple sources, including Red Hat and CVE listings) where a missing bounds check can cause local information disclosure without requiring privileges or user interaction. Impact is confirmed as information disclosure; no exploitation ve...
CVE-2022-20022
CVE-2022-20022 concerns Bluetooth: a link disconnection can occur when a connection attempt comes from a host with the same BD_ADDR as the currently connected BT host. Documents consistently state this could enable a remote denial of service without extra privileges and with no user interaction r...
CVE-2022-30714
CVE-2022-30714 affects Samsung Mobile’s SemIWCMonitor prior to SMR Jun-2022 Release 1. The vulnerability is an information-disclosure flaw that allows local attackers to obtain MAC address information. No exploit details are provided in the available documents. The issue has been associated with ...
CVE-2022-36844
Summary (concrete details from connected docs): CVE-2022-36844 is a heap-based overflow in HWR::EngJudgeModel::Construct() within the Samsung libSDKRecognitionText.spensdk.samsung.so library. Vulnerable component: libSDKRecognitionText.spensdk.samsung.so prior to SMR Sep-2022 Release 1. Impact de...
CVE-2022-38697
CVE-2022-38697 affects the messaging service with a missing permission check that could allow a local attacker to access an unexpected provider in the contacts service without extra execution privileges. The NVD entry lists a CVSSv3.1 base score of 5.5 (HIGH confidentiality impact, LOCAL access, ...
CVE-2022-39080
CVE-2022-39080 concerns a missing permission check in the messaging service that could allow elevation of privilege in the contacts service without extra execution privileges. Connected documents reference the issue in UNISOC chipset contexts (SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612...
CVE-2022-39084
CVE-2022-39084 relates to UNISOC chipset network service with a missing permission check, enabling local privilege escalation requiring system execution privileges. CVSS details show Local access, high impact on confidentiality, integrity, and availability (score 6.7). Concrete affected-entity: U...
CVE-2022-39119
CVE-2022-39119 describes a missing permission check in a network service that could allow local escalation of privilege without extra execution privileges. Multiple connected sources reference Unisoc chipsets/networks as the affected context, noting the issue stems from inadequate privilege valid...
CVE-2022-42764
The CVE-2022-42764 entry concerns a missing bounds check in the wlan driver, causing a local denial of service in wlan services. Connected sources corroborate the issue as affecting the UNISOC WLAN driver/ chipset with similar wording. The available documents specify the vulnerability but do not ...
CVE-2022-42766
The CVE-2022-42766 entry concerns the wlan driver where a missing permission check could allow local information disclosure. Connected sources consistently describe this as a local-privilege issue affecting the wlan driver, with impact on confidentiality (high) and limited attack complexity (low)...