8153 matches found
CVE-2018-9548
CVE-2018-9548 affects Android: multiple ContentProvider.java functions allow a permission bypass due to missing URI validation, enabling local information disclosure without user interaction. Vulnerable in Android 7.0–7.1.2, 8.0–8.1, and 9.0. Mitigation is to apply patches from the 2018-12-01/12-...
CVE-2018-9554
The CVE-2018-9554 issue affects Android's IMediaExtractor.cp, specifically in the dumpExtractors path, where a permissions bypass could allow disclosure of recently accessed media files. The underlying impact is local information disclosure without execution privileges, with no user interaction r...
CVE-2018-9570
CVE-2018-9570 affects Android 9 and involves an out-of-bounds write in impd_parse_drc_ext_v1 within impd_drc_dynamic_payload.c. The root cause is missing bounds checking in this function, which could allow remote code execution with a local attacker?no, this CVE entry states remote code execution...
CVE-2018-9592
CVE-2018-9592: In mca_ccb_hdl_rsp() of mca_cact.cc on Android 7.0–9.0, an out-of-bounds read due to a missing bounds check could allow remote information disclosure with no privileges and no user interaction required. The vulnerability affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1, and 9 as cited i...
CVE-2019-1996
CVE-2019-1996 affects Android Bluetooth processing. In avrc_pars_browse_rsp (avrc_pars_ct.cc), a missing bounds check can cause an out-of-bounds read, enabling remote information disclosure over Bluetooth with no extra privileges and no user interaction. Affects Android 8.0, 8.1, and 9. The issue...
CVE-2019-2038
CVE-2019-2038 corresponds to an Android vulnerability in rw_i93_process_sys_info (rw_i93.cc) where a missing bounds check allows an out-of-bounds read. The impact is local information disclosure without extra execution privileges, with exploitation requiring user interaction. Affected Android ver...
CVE-2019-20540
CVE-2019-20540 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) Exynos software. The issue is a buffer over-read in the core touch screen driver that can lead to a possible information leak. Connected sources corroborate the same description; no explicit patch/version details or ...
CVE-2019-20549
The vulnerability CVE-2019-20549 affects Samsung mobile devices (N7.x, O8.x, P9.0) with Broadcom Bluetooth, where a heap out-of-bounds access can occur during LE Packet reception. The issue is tracked under Samsung ID SVE-2019-15724. According to the provided metrics, the CVSS base scores indicat...
CVE-2019-20554
Technical details about CVE-2019-20554 are not publicly provided in the supplied documents. The collection notes FRP bypass on Samsung devices via an external keyboard, but no vendor/product/version specifics or remediation are given. Monitor for updates.
CVE-2019-20571
The CVE-2019-20571 entry describes a type confusion vulnerability in the WVDRM Trustlet on Samsung mobile devices running O(8.x) with TEEGRIS, allowing arbitrary code execution. Affected component: WVDRM Trustlet; root cause: type confusion. Impact: arbitrary code execution with high severity (pe...
CVE-2019-20577
CVE-2019-20577 affects Samsung mobile devices running P(9.0) on Exynos chipsets, where the Mali GPU driver can cause a kernel panic. The issue is documented across multiple sources (NVD, Red Hat RH:CVE-2019-20577, CVE records) with Samsung’s internal reference SVE-2019-14372 (August 2019). Public...
CVE-2019-20578
CVE-2019-20578 affects Samsung mobile devices running P 9.0 on Exynos 9820 chipsets. The root cause is a buffer overflow that occurs when loading the UH Partition during Secure Boot. Impact is high confidentiality, integrity, and availability concerns for Secure Boot processes on affected models....
CVE-2019-20597
CVE-2019-20597 affects Samsung mobile devices running N(7.1), O(8.x), and P(9.0). The vulnerability exists in the SPENgesture component, which can allow arbitrary applications to read or modify user-input logs. This impacts confidentiality and integrity (CVSSv3.1: 9.1, CRITICAL; CVSSv2: 6.4, MEDI...
CVE-2019-20600
CVE-2019-20600 affects Samsung mobile devices running O(8.0) and P(9.0) on Exynos8890 systems. The issue is a use-after-free in the MALI GPU driver. Affected component: Mali GPU driver in affected Samsung devices; root cause: use-after-free vulnerability. The provided documents do not specify the...
CVE-2019-20608
The CVE-2019-20608 entry concerns Samsung mobile devices running N(7.x), O(8.x), and P(9.0). The vulnerability is described as an issue where an attacker can use Emergency mode to disable features on these devices (Samsung IDs SVE-2018-13164, SVE-2018-13165). Connected sources (Red Hat, NVD, CVE ...
CVE-2019-20623
CVE-2019-20623 affects Samsung mobile devices running Android N (7.1), O (8.x), and P (9.0). The vulnerability is described as an uninitialized memory disclosure in Gallery, associated with Samsung ID SVE-2018-13060 (Feb 2019). Connected sources corroborate the issue across Red Hat and other CVE ...
CVE-2019-20775
CVE-2019-20775 relates to LG mobile devices running Android 9.0 on Qualcomm chipsets (SDM450/SDM845/SM6150/SM8150). The issue is described as weak encryption that enables local information disclosure. The root cause and impact are stated in all connected sources, with no details on affected appli...
CVE-2019-20782
CVE-2019-20782 describes a buffer overflow in LG Advanced Flash (LAF) on LG mobile devices running Android 7.x–8.1. The issue is tied to LG’s LAF component and 나타는 root cause is a buffer overflow. Documents specify affected versions and device scope but do not provide exploit details, affected pr...
CVE-2019-2202
CVE-2019-2202 occurs in Android’s CryptoPlugin.decrypt and describes a possible heap buffer overflow leading to local privilege escalation without user interaction. Affected software is Android 9 and Android 10 (Media/crypto plugin path). The issue is described as an out-of-bounds write in Crypto...
CVE-2019-9301
CVE-2019-9301 affects Android 10’s Media Framework (libAACdec). Description: an out-of-bounds write caused by an integer overflow could enable remote code execution with HIGH impact; exploitation requires user interaction. This entry is linked to Android 10 media framework issues and is cataloged...
CVE-2019-9360
CVE-2019-9360 affects Android 10 on the TEE, with an out-of-bounds read caused by a missing bounds check. This could enable local information disclosure with system-level privileges, without user interaction. Exploitation details are not provided in the documents; mitigations/patches are referenc...
CVE-2019-9377
CVE-2019-9377 affects Android 10: FingerprintService bypasses protections isolating user profiles due to a missing permission check, enabling local information disclosure of biometrics metadata for another user without additional execution privileges. Impact is limited to local information disclo...
CVE-2019-9407
CVE-2019-9407 affects the Android 10 Framework (notification management) and enables a local elevation of privilege by bypassing notification permissions, allowing a user-impacting privilege gain without user interaction. The issue is categorized as EoP with high impact (confidentiality, integrit...
CVE-2019-9434
CVE-2019-9434 is a Bluetooth information-disclosure vulnerability in Android 10. It involves an out-of-bounds read caused by a missing bounds check, enabling remote information disclosure with partial confidentiality impact and heap data potentially written to logs. Exploitation reportedly requir...
CVE-2020-0029
CVE-2020-0029 affects Android 10 WifiConfigManager by allowing storage of location history that can only be erased via a factory reset. The issue enables local information disclosure with System-level privileges and requires no user interaction. The vulnerability is tied to the WifiConfigManager c...
CVE-2020-0086
CVE-2020-0086 affects Android 10. In Parcel.cpp, readCString may perform an out-of-bounds write due to an integer overflow, potentially enabling arbitrary code execution if IntSan is not enabled (it is by default). The vulnerability requires no user interaction and can be exploited remotely over ...
CVE-2020-0092
CVE-2020-0092 affects Android 10 and is described as a local information-disclosure vulnerability in the NotificationStackScrollLayout (setHideSensitive). The root cause is a permissions bypass that could disclose sensitive notification content; exploitation requires user interaction. Impact is p...
CVE-2020-0151
CVE-2020-0151 affects Android 10 and is triggered in the avb_vbmeta_image_verify function of avb_vbmeta_image.c. The flaw is an out-of-bounds read due to a missing bounds check, leading to possible local information disclosure with system privileges (no user interaction required). Public details ...
CVE-2020-0158
CVE-2020-0158 affects Android 10 and is attributed to an out-of-bounds read in nfc_ncif_proc_t3t_polling_ntf within nfc_ncif.cc. The issue can lead to local information disclosure and, per the CVE entry, could enable System-level execution privileges without user interaction. The vulnerability is...
CVE-2020-0179
CVE-2020-0179 concerns a path traversal vulnerability in Android’s MtpServer.cpp (doSendObjectInfo) caused by insufficient input validation. The issue can enable local privilege escalation with no extra privileges required; exploitation requires user interaction. Affected product: Android 10. The...
CVE-2020-0193
CVE-2020-0193 is a vulnerability in Android 10 affecting the video codec path ihevc_intra_pred_chroma_mode_3_to_9_av8, described as an out-of-bounds read due to a heap buffer overflow. The issue could lead to remote information disclosure without additional execution privileges; exploitation requ...
CVE-2020-0205
Technical details for CVE-2020-0205 are not publicly available in the provided documents. Monitor for updates.
CVE-2020-0272
CVE-2020-0272 affects Android 11 components: libhwbinder. The bug is described as an information disclosure caused by uninitialized data in libhwbinder, enabling local information disclosure with system privileges; no user interaction is required. Connected sources (Red Hat, NVD, CVE lists, NCSC)...
CVE-2020-0275
CVE-2020-0275 is a local elevation-of-privilege issue in Android 11 related to the MediaProvider. The root cause is a permissions bypass that allows an app to access ContentResolver and MediaStore entries it should not reach. Impact is a local elevation of privilege with no extra execution privil...
CVE-2020-0290
CVE-2020-0290 affects Android 11's PackageManager and stems from a missing permission check, enabling local information disclosure across users with no extra privileges and no user interaction. Exploitation details are not provided in the connected documents beyond the description. Remediation: a...
CVE-2020-0325
CVE-2020-0325 affects Android 11 with a vulnerability in the NFC subsystem where a missing bounds check can lead to local information disclosure and potential system execution privileges. The issue is triggered without user interaction and is exploitable with local access; impact is limited to in...
CVE-2020-0344
CVE-2020-0344 affects Android 11’s MediaProvider, where a SQL injection leads to local information disclosure without user interaction. The issue is documented across multiple sources (NVD, Red Hat, PRION, NCSC) and is listed under Android 11 vulnerability details. remediation is via Android 11 s...
CVE-2020-0473
CVE-2020-0473 is an Android 11-related issue in Bluetooth: in updateIncomingFileConfirmNotification of BluetoothOppNotification.java, a permissions bypass could allow a local escalation of privilege. With physical possession of the device, an attacker could transfer files over Bluetooth without a...
CVE-2020-0495
CVE-2020-0495 is an Android 11 vulnerability affecting the JBig2_SddProc.cpp decode_Huffman path, where an integer overflow can trigger an out-of-bounds write and potential information disclosure. Exploitation is described as local (no user interaction required) with no privileges escalation impl...
CVE-2020-10829
CVE-2020-10829 affects Samsung mobile devices running Android O–Q on Broadcom-based hardware. The root cause is a kernel driver heap overflow, enabling arbitrary code execution. Samsung’s internal tracker is SVE-2019-15880 (March 2020). Documented in multiple feeds; in CMP context, no exploit det...
CVE-2020-10833
CVE-2020-10833 affects Samsung mobile devices running Q(10.0). The issue is in the DeX Lockscreen, which can allow attackers to access the quick panel and notifications. The Samsung internal ID is SVE-2019-16532 (March 2020). No explicit exploitation details, affected versions, or fixes are provi...
CVE-2020-10843
Affected products: Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) on S.LSI chipsets. Issue: race conditions in the hdcp2 driver. Root cause details are limited to the presence of race conditions in the hdcp2 driver as described in multiple sources. Samsung internal ID: SVE-2019-16296 ...
CVE-2020-10845
CVE-2020-10845 describes a race condition that leads to a use-after-free in the MTP stack on Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) software. The Samsung internal identifier is SVE-2019-16520 (February 2020). The available documents do not provide concrete details on vulnerabl...
CVE-2020-10855
CVE-2020-10855 affects Samsung mobile devices running Android P (9.0). The vulnerability allows bypass of Factory Reset Protection (FRP) via AppTray, as described in multiple sources (Samsung FRP reference SVE-2019-16192). The core issue is FRP bypass through AppTray on Samsung firmware identifie...
CVE-2020-11606
The CVE-2020-11606 entry concerns Samsung mobile devices running Q (10.0). Affected component is information exposure within the Secure Folder’s application preview on a locked device, leading to partial confidentiality impact. The root cause and exact vulnerable code path are not detailed in the...
CVE-2020-12748
CVE-2020-12748 affects Samsung mobile devices running Q(10.0); attackers can bypass the locked-state protection to designate a different preferred SIM card. Root cause details are not provided in the documents. Remediation is indicated via Samsung security update SVE-2020-16594; apply the vendor-...
CVE-2020-12749
CVE-2020-12749 refers to a buffer overflow in Samsung mobile devices’ S.LSI Wi‑Fi drivers on Exynos-based devices running P9.0. The root cause is an overflow in the Wi‑Fi driver stack (S.LSI). Impact, per CVSS data in the provided documents: local access required with potentially high impact on c...
CVE-2020-25048
CVE-2020-25048 affects Samsung mobile devices running Q(10.0) with ONEUI 2.1. In the lockscreen state, the Quick Share feature can perform unauthenticated downloads, enabling file injection. This is tied to Samsung ID SVE-2020-17760 (Aug 2020). The NVD entry provides CVSS metrics (2.1/2.0) and a ...
CVE-2020-25061
CVE-2020-25061 affects LG mobile devices running Android 9–10 on Verizon’s network. The flaw resides in the lge_property mechanism, which allows property overwrites, revealing a root cause related to improper handling of property writes. Reported impact includes partial confidentiality, integrity...
CVE-2020-25063
CVE-2020-25063 affects LG mobile devices running Android OS 7.2, 8.0, 8.1, 9, and 10. The issue stems from incorrect application-level input validation in an LG component, causing an application crash (LG ID LVE-SMP-200018, July 2020). Documents do not provide additional technical details such as...