Lucene search

K

647 matches found

CVE
CVE
added 2021/09/09 7:15 p.m.32 views

CVE-2021-25453

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

5.5CVSS5.5AI score0.00019EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.32 views

CVE-2021-25458

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

5.5CVSS5.4AI score0.00017EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.32 views

CVE-2021-25468

A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

4.4CVSS4.7AI score0.00021EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.32 views

CVE-2021-25470

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.

7.9CVSS7.6AI score0.00054EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.32 views

CVE-2021-25473

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

4.9CVSS4.7AI score0.00049EPSS
CVE
CVE
added 2021/12/08 3:15 p.m.32 views

CVE-2021-25514

An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.

6.5CVSS6.4AI score0.00069EPSS
CVE
CVE
added 2021/12/08 3:15 p.m.32 views

CVE-2021-25515

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.

4CVSS4.1AI score0.00018EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.32 views

CVE-2021-39637

In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

4.4CVSS4.2AI score0.00016EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.32 views

CVE-2021-39641

Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A

9.8CVSS9AI score0.00173EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.32 views

CVE-2021-39650

In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-169763055Referenc...

6.7CVSS6.7AI score0.00016EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.31 views

CVE-2021-0387

In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169421...

6.9CVSS6.5AI score0.00011EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.31 views

CVE-2021-0389

In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168039904

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.31 views

CVE-2021-0411

In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.31 views

CVE-2021-0418

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336706.

5.5CVSS5.4AI score0.00018EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.31 views

CVE-2021-0422

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.31 views

CVE-2021-0452

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1751...

4.4CVSS4.3AI score0.00016EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.31 views

CVE-2021-0458

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-15...

4.4CVSS4.2AI score0.00018EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.31 views

CVE-2021-0461

In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ker...

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2021/04/15 1:15 p.m.31 views

CVE-2021-0488

In pb_write of pb_encode.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-17875478...

7.2CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.31 views

CVE-2021-0497

In memory management driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461320

7.8CVSS7.8AI score0.00016EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.31 views

CVE-2021-0498

In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321

7.8CVSS7.8AI score0.00014EPSS
CVE
CVE
added 2021/06/22 11:15 a.m.31 views

CVE-2021-0554

In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162

5.5CVSS5.1AI score0.00015EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.31 views

CVE-2021-0617

In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561391; Issue ID: ALPS05561391.

5.5CVSS5.2AI score0.00012EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.31 views

CVE-2021-0620

In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.

5.5CVSS5.2AI score0.00012EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.31 views

CVE-2021-0664

In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158.

6.7CVSS6.8AI score0.00041EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.31 views

CVE-2021-0667

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581.

6.7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.31 views

CVE-2021-0669

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05681550; Issue ID: ALPS05681550.

7.2CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.31 views

CVE-2021-0901

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.

6.7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.31 views

CVE-2021-0940

In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171315276Refe...

7.2CVSS6.6AI score0.00012EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-0973

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVe...

5CVSS4.8AI score0.00017EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-0985

In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-0992

In onCreate of PaymentDefaultDialog.java, there is a possible way to change a default payment app without user consent due to tapjack overlay. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: Androi...

3.3CVSS4.4AI score0.00017EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-1016

In onCreate of UsbPermissionActivity.java, there is a possible way to grant an app access to USB without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Prod...

7.3CVSS7.2AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-1020

In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Prod...

7.3CVSS7.3AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-1024

In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID:...

6.7CVSS6.6AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-1044

In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2021/01/05 6:15 p.m.31 views

CVE-2021-22492

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).

8.8CVSS8.8AI score0.0004EPSS
CVE
CVE
added 2021/04/23 3:15 p.m.31 views

CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

6.1CVSS5.5AI score0.00041EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.31 views

CVE-2021-25390

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

4CVSS5.7AI score0.00019EPSS
CVE
CVE
added 2021/07/08 2:15 p.m.31 views

CVE-2021-25426

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.

7.5CVSS7.4AI score0.00123EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.31 views

CVE-2021-25462

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

5.5CVSS5.4AI score0.00017EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.31 views

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

7.2CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.31 views

CVE-2021-25469

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

6.7CVSS7AI score0.0002EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.31 views

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.

6.7CVSS6.3AI score0.00016EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.31 views

CVE-2021-25483

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

6.5CVSS6.5AI score0.00062EPSS
CVE
CVE
added 2021/11/05 3:15 a.m.31 views

CVE-2021-25503

Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.

6.7CVSS6.9AI score0.00018EPSS
CVE
CVE
added 2021/12/08 3:15 p.m.31 views

CVE-2021-25512

An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.

7.8CVSS7.5AI score0.00016EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.31 views

CVE-2021-39651

In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.30 views

CVE-2021-0372

In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11An...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.30 views

CVE-2021-0374

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: An...

4.4CVSS4.2AI score0.00014EPSS
Total number of security vulnerabilities647