Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/12/18 8:46 a.m.47 views

CVE-2020-35548

CVE-2020-35548 affects Finder on Samsung mobile devices running Q(10.0). The issue arises from calling a non-existent provider, which allows an attacker to cause a denial of service. Connected sources corroborate the same description; no explicit remediation or patch details are provided in the s...

5.5CVSS5.5AI score0.00138EPSS
CVE
CVE
added 2021/02/04 5:10 p.m.47 views

CVE-2021-0347

The CVE-2021-0347 entry concerns the Android subsystem component “ccu,” where a missing bounds check enables an out-of-bounds read. This could permit local information disclosure with System privileges required, and would require user interaction to exploit. Affected products/versions explicitly ...

4.4CVSS4.2AI score0.00155EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.47 views

CVE-2021-0361

Technical details about CVE-2021-0361 are not publicly available in the provided connected documents. Monitor for updates; current sources reiterate the same vulnerable description without additional specifics.

6.7CVSS6.6AI score0.00148EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.47 views

CVE-2021-0410

CVE-2021-0410 affects MediaTek’s flv extractor. A faulty bounds check enables an out-of-bounds read that can disclose local information without extra privileges; user interaction is not required. The entry lists patch ALPS05561360 (Issue ALPS05561360). Connected records confirm the issue across m...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.47 views

CVE-2021-0413

This CVE refers to the MediaTek flv extractor with an out-of-bounds read caused by a missing bounds check. The result is local information disclosure without requiring user interaction. No exploitation details are provided beyond this disclosure risk. A patch/ID is listed as ALPS05561379 (Issue I...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.47 views

CVE-2021-0491

CVE-2021-0491 affects Android devices via a vulnerability in the memory management driver, specifically in the MTK/Multi-SoC ecosystem referenced in the 2021 Android security landscape. The issue is a missing permission check in the memory management driver, enabling local elevation of privilege ...

7.8CVSS7.7AI score0.00121EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.47 views

CVE-2021-0525

CVE-2021-0525 affects the Android memory management driver. The underlying issue is a use-after-free that enables an out-of-bounds write, leading to local escalation of privilege with no additional execution privileges required and no user interaction. Exploitation status is not detailed in the p...

7.8CVSS7.7AI score0.00118EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.47 views

CVE-2021-0529

CVE-2021-0529 affects MediaTek devices via the MTK memory management driver. The root cause is improper locking, leading to memory corruption and local escalation of privilege with no extra user interaction. Impact is described as local EoP with high severity (per CVSS metrics in sources). The co...

7.8CVSS7.8AI score0.00092EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.47 views

CVE-2021-0532

CVE-2021-0532 affects the Android memory management driver and is caused by a race condition that can lead to memory corruption and local escalation of privilege with no additional privileges or user interaction required. The description is consistent across multiple sources (NVD, Red Hat, CVE li...

7CVSS7.1AI score0.00085EPSS
CVE
CVE
added 2021/09/27 11:20 a.m.47 views

CVE-2021-0611

CVE-2021-0611 affects the Mediatek m4u component, where a memory corruption due to a use-after-free condition can cause local escalation of privilege to SYSTEM, with no user interaction required. The entry notes a patch ID ALPS05403499 and an issue ID ALPS05425810 as fixes. Connected documents re...

7.8CVSS7.8AI score0.00112EPSS
CVE
CVE
added 2021/08/18 2:44 p.m.47 views

CVE-2021-0626

CVE-2021-0626 describes a possible out-of-bounds write in ged due to a missing bounds check, potentially enabling local escalation of privilege to System level without user interaction. Multiple connected sources (NVD, Red Hat, CVE lists) confirm the same issue and reference Patch ID ALPS05687510...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2021/10/25 1:18 p.m.47 views

CVE-2021-0662

The CVE-2021-0662 entry concerns MediaTek audio DSP with a local privilege-escalation flaw caused by an out-of-bounds write from an incorrect bounds check. Connected documents specify the affected MediaTek audio DSP hardware and firmware, including chip family (MT6779, MT6781, MT6785, MT68xx, MT6...

7.2CVSS6.9AI score0.00573EPSS
CVE
CVE
added 2021/11/18 2:58 p.m.47 views

CVE-2021-0665

CVE-2021-0665 concerns the apusys subsystem. Affected component: apusys (likely MediaTek-based). Root cause: an out-of-bounds read caused by an incorrect bounds check. Impact: local information disclosure with system execution privileges required; no user interaction needed. Exploitation status i...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/11/18 2:58 p.m.47 views

CVE-2021-0671

CVE-2021-0671 affects the apusys component, where a missing bounds check can cause memory corruption leading to local escalation of privilege with System execution privileges. Exploitation details are not provided in the documents; user interaction is not required. A patch is identified as ALPS05...

7.2CVSS6.8AI score0.0012EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.47 views

CVE-2021-25385

The CVE-2021-25385 entry concerns an input-validation flaw in the libsdffextractor library, specifically in the sdfffd_parse_chunk_PROP() function, which can lead to remote arbitrary code execution on the mediaextractor process. Connected sources confirm the issue affects SamsungLibsdffextractor ...

9.8CVSS9.6AI score0.00634EPSS
CVE
CVE
added 2021/06/11 2:33 p.m.47 views

CVE-2021-25417

CVE-2021-25417 affects the SDP SDK prior to Samsung SMR JUN-2021 Release 1, where improper authorization allows access to internal storage. The vulnerability is documented across multiple sources (NVD entry; Red Hat advisory; PRION; CVE listing; CNNVD) with CVSS v3.1 base score 7.5 (Network, Low ...

7.5CVSS7.4AI score0.0039EPSS
CVE
CVE
added 2021/07/08 1:45 p.m.47 views

CVE-2021-25430

CVE-2021-25430 is an improper access control vulnerability in a Bluetooth application, allowing untrusted apps to access Bluetooth information. Root cause: access-control failure in the Bluetooth component. Impact: confidentiality exposure at a LOW level (C:L) per CVSS3.1 (AV:A, AC:L, PR:N, UI:N,...

4.3CVSS4.5AI score0.00159EPSS
CVE
CVE
added 2021/09/09 6:4 p.m.47 views

CVE-2021-25453

CVE-2021-25453 affects Samsung devices due to improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1. The vulnerability allows untrusted applications to obtain Bluetooth information. Connected sources indicate the issue originates from Bluetooth API access controls, with mitiga...

5.5CVSS5.5AI score0.00106EPSS
CVE
CVE
added 2021/09/09 6:4 p.m.47 views

CVE-2021-25457

The CVE-2021-25457 report concerns a vulnerability in Samsung’s DSP driver prior to the SMR September 2021 Release 1. The issue is an improper input validation that allows a local attacker to obtain a limited amount of kernel memory information, affecting kernel memory confidentiality. Affected c...

5.9CVSS3.9AI score0.00099EPSS
CVE
CVE
added 2021/10/06 5:8 p.m.47 views

CVE-2021-25474

Summary (CVE-2021-25474): Samsung SystemUI prior to SMR Oct-2021 Release 1 contains an improper exception handling for the multi_sim_bar_show_on_qspanel value, enabling a user‑device denial of service once a shell privilege is gained. The issue is triggered in SystemUI and results in a permanent ...

4.9CVSS4.8AI score0.00101EPSS
CVE
CVE
added 2021/10/06 5:10 p.m.47 views

CVE-2021-25486

CVE-2021-25486 concerns an information-disclosure vulnerability in the Samsung ipcdump module, present before SMR Oct-2021 Release 1. The issue allows an attacker to detect device information by analyzing log-packet data. Documents describe vulnerable component (ipcdump) and impact as information...

3.3CVSS4AI score0.00095EPSS
CVE
CVE
added 2021/11/05 2:3 a.m.47 views

CVE-2021-25502

CVE-2021-25502 relates to Samsung SMR (System Management Release) before the Nov-2021 Release 1, where sensitive data was stored insecurely in Property Settings, allowing a local attacker to read the ESN value without privileges. Affected product scope is Samsung SMR updates for Android/mobile de...

7.9CVSS5.2AI score0.00066EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.47 views

CVE-2022-26460

The CVE-2022-26460 issue affects the vow component (MediaTek vow) and arises from an incorrect bounds check that enables an out-of-bounds write. This could lead to local privilege escalation with system execution privileges required; no user interaction is needed for exploitation. The entry refer...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.47 views

CVE-2022-32648

The CVE-2022-32648 entry describes a use-after-free due to a race condition in the disp component, enabling local privilege escalation with SYSTEM privileges and no user interaction. Multiple sources (NVD/Red Hat/PRION/CVE records) confirm the issue and the same patch identifier: ALPS06535964 (Is...

6.4CVSS6.6AI score0.00121EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.47 views

CVE-2022-36842

CVE-2022-36842 involves a heap-based overflow in the prepareRecogLibrary function of libSDKRecognitionText.spensdk.samsung.so on Samsung devices. Affected: libSDKRecognitionText.spensdk.samsung.so (pre-SMR Sep-2022 Release 1). Impact: memory access fault. Root cause: heap overflow in prepareRecog...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.47 views

CVE-2022-39089

CVE-2022-39089 affects the mlog service, where a missing bounds check allows an out-of-bounds read. This can lead to local denial of service with SYSTEM privileges required. The public documents consistently describe the issue in the mlog service and the resulting impact, but do not provide concr...

4.4CVSS4.7AI score0.00113EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.47 views

CVE-2022-39092

CVE-2022-39092 concerns a missing permission check in the power management service. The vulnerability allows a local attacker with LOW privileges and NO user interaction to set up the power management service without additional execution privileges, yielding HIGH impact to confidentiality, integr...

7.8CVSS7.5AI score0.00109EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.47 views

CVE-2022-39116

The CVE-2022-39116 entry affects the sprd_sysdump driver, where a missing bounds check leads to an out-of-bounds write. The underlying issue can cause local denial of service in the kernel. Multiple sources (NVD, Red Hat, CVE listing) confirm the same description; exploitation details or in-the-w...

5.5CVSS5.4AI score0.00105EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.47 views

CVE-2022-39855

CVE-2022-39855 is a local-improper access-control vulnerability in the FACM application prior to Samsung SMR Oct-2022 Release 1. The issue allows a local attacker to connect to arbitrary AP and Bluetooth devices due to insufficient access controls in FACM. Affected context: Samsung mobile devices...

5.1CVSS4.6AI score0.00086EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.47 views

CVE-2022-39882

CVE-2022-39882 is a heap overflow in the sflacf_fal_bytes_peek function of the libsmat.so library, prior to Samsung SMR Nov-2022 Release 1. The vulnerability allows a local attacker to execute arbitrary code. Affected component is the libsmat.so library; the root cause is a heap overflow in the s...

8CVSS7.8AI score0.00106EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.47 views

CVE-2022-42764

The CVE-2022-42764 entry concerns a missing bounds check in the wlan driver, causing a local denial of service in wlan services. Connected sources corroborate the issue as affecting the UNISOC WLAN driver/ chipset with similar wording. The available documents specify the vulnerability but do not ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.47 views

CVE-2022-42781

CVE-2022-42781 concerns a missing bounds check in the WLAN driver, leading to local denial of service in WLAN services. The connected records identify the affected component as the WLAN driver (often referenced in UNISOC/UNISOC chipset contexts) and describe the vulnerability as an out-of-bounds ...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.47 views

CVE-2022-47479

CVE-2022-47479 affects the telephony service. The root cause is a missing permission check, enabling local information disclosure without requiring additional privileges. CVSSv3.1 metrics indicate Local attack vector, Low attack complexity, Low privileges required, and Confidentiality impact High...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.47 views

CVE-2022-48240

The CVE-2022-48240 entry concerns the UNISOC camera driver. Affected component: camera driver in UNISOC chipsets. Root cause: missing bounds check causing an out-of-bounds write. Impact: local denial of service with System execution privileges required; confidentiality/integrity are not affected ...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.47 views

CVE-2022-48444

The CVE-2022-48444 entry concerns the telephony service with a missing permission check that could allow a local attacker to cause denial of service without additional execution privileges. This is supported by NVD and Red Hat records, which describe a local, low-privilege, unprivileged-access vu...

5.9CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/06/06 5:13 a.m.47 views

CVE-2022-48448

CVE-2022-48448 affects the telephony service and is associated with a missing permission check that could allow a local denial of service without elevating privileges. Across the provided sources (NVD, RH, CVE list, PRION, CNNVD, etc.), the core described impact is local DoS with no additional ex...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.47 views

CVE-2022-48451

CVE-2022-48451 affects Unisoc Bluetooth service. The issue is a race-condition leading to an out-of-bounds write, enabling local denial of service with System execution privileges. Documents consistently describe the vulnerability as a local issue in the Bluetooth service, without publicly disclo...

4.1CVSS4.5AI score0.00065EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.47 views

CVE-2023-20670

The CVE-2023-20670 entry describes a local out-of-bounds write in audio caused by a missing bounds check, enabling local escalation to System execution privileges without user interaction. The vulnerability is associated with MediaTek audio components and is tied to patch ALPS07648710 (Issue ALPS...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.47 views

CVE-2023-20680

The connected documents confirm CVE-2023-20680 affects the adsp component and describes an out-of-bounds write caused by improper input validation. This can enable local escalation of privilege with system execution privileges, and exploitation does not require user interaction. The public fix re...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.47 views

CVE-2023-20693

Summary (CVE-2023-20693) In MediaTek wlan firmware, an uncaught exception can cause a system crash, leading to a remote denial of service without user interaction. The NVD entry lists a network exploit vector with no privileges required and no user interaction, and a high impact to availability. ...

7.5CVSS7.4AI score0.00445EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.47 views

CVE-2023-20787

MediaTek thermal module vulnerability CVE-2023-20787 is a use-after-free caused by a race condition in the thermal management code. It could allow local escalation to SYSTEM privileges without user interaction. Patch ALPS07648734 is noted; no exploitation details are provided in the sources. Refs...

6.4CVSS6.6AI score0.00065EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.47 views

CVE-2023-20808

CVE-2023-20808 affects OPTEE on MediaTek chipsets. The vulnerability is an out-of-bounds write caused by a missing bounds check in OPTEE, enabling local escalation of privileges with System execution privileges required and no user interaction needed. Exploitation status is not detailed in the pr...

6.7CVSS6.7AI score0.00085EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.47 views

CVE-2023-20825

In duraspeed, a missing permission check enables local information disclosure without extra execution privileges or user interaction. Affected component/feature is unspecified in the provided details, and the vulnerability is linked to patch ALPS07951402 (Issue ALPS07951413). Exploitation is desc...

5.5CVSS5.1AI score0.00078EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.47 views

CVE-2023-21340

The CVE-2023-21340 entry describes an information-disclosure vulnerability in the Telecomm component of Android, caused by a missing permission check that allows local access to the call state without extra privileges or user interaction. Exploitation is local and does not require user action; CV...

5.5CVSS5.7AI score0.00099EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.47 views

CVE-2023-33889

CVE-2023-33889 describes a missing permission check in the telephony service that permits local information disclosure with no extra privileges. The NVD entry reports a CVSS v3.1 base score of 5.5 (LOCAL, LOW attack complexity, LOW privileges required, no user interaction, HIGH confidentiality im...

5.5CVSS5.2AI score0.00099EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.47 views

CVE-2023-33903

CVE-2023-33903 affects the FM service and is caused by a missing parameter check, enabling local denial of service with system execution privileges needed. Multiple connected sources corroborate a local impact and privilege requirement, with exploitation details not provided in the supplied docum...

4.4CVSS4.7AI score0.00112EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.47 views

CVE-2023-38468

CVE-2023-38468 documents a vulnerability in the urild service where a missing bounds check enables an out-of-bounds write. The consequence is local denial of service with System execution privileges needed. Public sources describe similar terms across multiple feeds (NVD/Red Hat/CVE records). Aff...

4.4CVSS4.8AI score0.00086EPSS
CVE
CVE
added 2023/10/08 3:35 a.m.47 views

CVE-2023-40634

The CVE-2023-40634 entry describes a local privilege escalation in phasechecksercer/phasecheckserver due to a missing permission check. The impact is local with no additional execution privileges required, but the provided documents do not specify affected products, versions, exploit details, or ...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.47 views

CVE-2023-40643

CVE-2023-40643 affects the Messaging component. The root cause is a missing permission check, which could allow local information disclosure without requiring additional execution privileges. The CVSS details indicate a Local attack vector, Low attack complexity, Privileges required: Low, with Co...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.47 views

CVE-2023-40650

CVE-2023-40650 affects the Telecom service and is caused by a missing permission check that can allow local information disclosure without requiring additional execution privileges. Public information in connected sources confirms the issue and its impact, but does not provide product/version spe...

5.5CVSS5.2AI score0.00078EPSS
Total number of security vulnerabilities8153