8153 matches found
CVE-2019-2191
CVE-2019-2191 affects LG’s LAF component, exposing information from a protected disk partition due to a missing bounds check. This permits local information disclosure via USB with no user interaction; exploitation requires user privileges and is possible without user action. The related Red Hat/...
CVE-2019-2199
CVE-2019-2199 affects Android 10, where in PackageInstallerService.java’s createSessionInternal a permissions bypass could enable local elevation of privilege to System level. No exploitation details are provided beyond that; impact is local and requires no user interaction. The Android Security ...
CVE-2019-9249
CVE-2019-9249 refers to a Bluetooth vulnerability in Android 10 where an out-of-bounds read could lead to local information disclosure without privileges or user interaction. The issue arises from a missing bounds check in Bluetooth handling. Impact per sources: potential exposure of partial info...
CVE-2019-9252
CVE-2019-9252 affects Android 10, where the libavc component suffers an out-of-bounds read caused by uninitialized data. This leads to remote information disclosure without additional execution privileges; exploitation requires user interaction. Multiple sources (NVD, Red Hat, CVE lists) consiste...
CVE-2019-9293
CVE-2019-9293 affects Android 10, describing an out-of-bounds read in libstagefright due to a missing bounds check. This could allow remote information disclosure with no execution privileges, though exploitation requires user interaction. The vulnerability is documented across multiple sources (...
CVE-2019-9294
CVE-2019-9294 affects the Android 10 libstagefright component, describing an out-of-bounds read due to a missing bounds check. This vulnerability can lead to remote information disclosure with user interaction required for exploitation; no explicit in-the-wild exploit details are provided in the ...
CVE-2019-9296
CVE-2019-9296 affects Android 10 and is described as an NFC-related out-of-bounds read that can disclose information locally without execution privileges. The root cause is a missing bounds check in NFC handling, with exploitation requiring user interaction. Impact is information disclosure (conf...
CVE-2019-9319
CVE-2019-9319 affects Android 10 media stack (libavc) where a missing variable initialization in the library can lead to remote information disclosure without extra execution privileges. Exploitation requires user interaction. The Android 10 security release notes state these issues are addressed...
CVE-2019-9328
CVE-2019-9328 affects the Android 10 Bluetooth stack, with an out-of-bounds read caused by a missing bounds check. This can lead to remote information disclosure without privileges and without user interaction. The entries consistently describe the issue as part of Android 10 and reference the An...
CVE-2019-9352
CVE-2019-9352 affects the Android Media framework (libstagefright) on Android 10, where a missing bounds check can cause resource exhaustion and remote denial of service. The issue requires user interaction to exploit and is reported as a DoS with an impact to availability. Root cause: insufficie...
CVE-2019-9414
CVE-2019-9414 affects wpa_supplicant on Android 10. The root cause is improper input validation of the basicConstraints field in intermediary certificates, enabling a remote information disclosure via a man‑in‑the‑middle scenario with no user interaction. Impact is partial confidentiality loss; n...
CVE-2019-9470
CVE-2019-9470 is an Android kernel vulnerability affecting the dma_sblk_start path in abc-pcie.c. The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with system execution privileges required; no user interaction is needed. Publicly documen...
CVE-2020-0089
CVE-2020-0089 is a localElevation of privilege issue in Android 11, caused by a missing permission check in the audio server. The vulnerability allows escalation of privileges to modify audio settings without extra execution privileges or user interaction. Affected software/module: Android 11 aud...
CVE-2020-0134
The CVE-2020-0134 entry concerns Android 10 where in BnDrm::onTransact of IDrm.cpp there is information disclosure due to uninitialized data. This can lead to local information disclosure without extra privileges and without user interaction. Public references include NVD and Red Hat advisories, ...
CVE-2020-0135
CVE-2020-0135 affects Android 10, where in RollbackManagerServiceImpl.java a missing permission check can cause backup metadata exposure, enabling local information disclosure with System privileges (no user interaction required). The issue is documented across multiple sources (NVD/Red Hat/PRION...
CVE-2020-0136
CVE-2020-0136 affects Android 10, with an out-of-bounds write in Parcel.cpp caused by an integer overflow, enabling local privilege escalation in the system server without extra execution privileges or user interaction. Documents consistently describe the issue as a local elevation of privilege v...
CVE-2020-0141
CVE-2020-0141 is an Android 10 vulnerability described as a race-condition in OutputBuffersArray::realloc within CCodecBuffers.cpp that can cause a heap disclosure, enabling potential information exposure with System privileges. The vulnerability is associated with remote information disclosure a...
CVE-2020-0143
CVE-2020-0143 affects Android 10 with a flaw in the NFC stack: in nfa_dm_ndef_find_next_handler (nfa_dm_ndef.c) there is a missing bounds check that allows an out-of-bounds read. This can lead to local information disclosure of heap data when the device firmware is compromised and System executio...
CVE-2020-0153
CVE-2020-0153 is an Android elevation-of-privilege issue caused by a missing bounds check in phNxpNciHal_ext.cc, specifically in phNxpNciHal_write_ext. The out-of-bounds write could grant local SYSTEM-level execution without user interaction. The vulnerability affects Android-10; exploitation sta...
CVE-2020-0155
CVE-2020-0155 affects Android 10, specifically in the NFC HAL code path: phNxpNciHal_send_ese_hal_cmd in phNxpNciHal_ext.cc. The root cause is a missing bounds check that enables an out-of-bounds write. Impact per the description is local elevation of privilege with user privileges required; expl...
CVE-2020-0160
Concretely affected: Android 10 devices vulnerable through the Media/SampleTable path in SampleTable.cpp (setSyncSampleParams). The root cause is a missing bounds check that can trigger resource exhaustion, leading to remote denial of service. Exploitation requires user interaction, and the impac...
CVE-2020-0163
CVE-2020-0163 targets MPEG4Extractor.cpp (parseSampleAuxiliaryInformationSizes) and can cause resource exhaustion leading to remote DoS on Android 10. Documents confirm a vulnerability in the Android Media Framework with input validation weaknesses; CVSS2/3 metrics indicate network access with no...
CVE-2020-0166
CVE-2020-0166 affects Android 10, where in multiple functions of URI.java a missing validation during parceling of URI information can lead to local privilege escalation. The Android Security Bulletin (Pixel Update Bulletin) lists CVE-2020-0166 under the Android runtime with Updated AOSP version ...
CVE-2020-0179
CVE-2020-0179 concerns a path traversal vulnerability in Android’s MtpServer.cpp (doSendObjectInfo) caused by insufficient input validation. The issue can enable local privilege escalation with no extra privileges required; exploitation requires user interaction. Affected product: Android 10. The...
CVE-2020-0196
CVE-2020-0196 affects Android 10 in the Bluetooth stack. In RegisterNotificationResponse::GetEvent, improper input validation can cause an abort, resulting in remote denial of service over Bluetooth with no extra privileges and no user interaction required. This is described in Android Pixel secu...
CVE-2020-0209
CVE-2020-0209 affects Android 10 Framework (AccountManager.java). Description: permissions bypass in multiple AccountManager functions could enable local elevation of privilege without additional execution privileges required; exploitation requires no user interaction. Evidence across documents s...
CVE-2020-0210
CVE-2020-0210 affects Android 10 Framework code (removeSharedAccountAsUser in AccountManager.java), enabling a local elevation of privilege due to a permissions bypass (confused deputy). Exploitation requires no user interaction; local access suffices. The Pixel security bulletin lists this issue...
CVE-2020-0223
CVE-2020-0223 is an Android kernel vulnerability (kernel audio component) described as an unbounded write into kernel global memory via a user-controlled buffer size. Affects Android kernel with Audio subcomponent; root cause is uncontrolled buffer handling that can lead to elevation of privilege...
CVE-2020-0277
Summary (CVE-2020-0277) : The vulnerability affects Android 11 in the NetworkPolicyManagerService . It arises from a missing permission check , allowing a local attacker to perform a permissions bypass and achieve local elevation of privilege to modify the device’s data plan without any extra exe...
CVE-2020-0288
CVE-2020-0288 concerns Android 11’s PackageManager, where a missing permission check could enable local information disclosure across user boundaries without any user interaction. The issue is tied to the Android 11 platform and is documented in the Android 11 Security Release Notes; Red Hat and ...
CVE-2020-0302
CVE-2020-0302 affects Android 11 in Settings, where an unsafe PendingIntent enables a permission bypass leading to local information disclosure. Exploitation requires no user interaction, with user privileges required. Root cause: unsafe PendingIntent in Settings. Impact: partial disclosure of da...
CVE-2020-0311
In CVE-2020-0311, the issue concerns Android 11's InputManagerService where an unsafe PendingIntent enables a permission bypass, causing local information disclosure. Exploitation is possible with LOCAL access and does not require user interaction, but certain user/EOS privileges are indicated as...
CVE-2020-0336
CVE-2020-0336 pertains to Android 11 SurfaceFlinger where memory corruption arises from a type confusion issue. The vulnerability enables local escalation of privilege with system-level execution privileges required, and exploitation does not require user interaction. Affected component: SurfaceF...
CVE-2020-0343
CVE-2020-0343 affects Android 11, specifically the NetworkStatsService. Root cause: a missing permission check allows access to protected data, enabling local information disclosure with no extra execution privileges. Exploitation prerequisites: none (user interaction not required). Impact (as st...
CVE-2020-0362
CVE-2020-0362 affects Android 11 and targets the libstagefright component. The issue is a resource exhaustion vulnerability caused by improper input validation, leading to a remote denial of service. Exploitation requires user interaction and is delivered over a network, with the CVSS v3.1 vector...
CVE-2020-0428
CVE-2020-0428 describes a race-condition in CamX code that enables a use-after-free vulnerability, leading to local escalation of privilege to SYSTEM level with no user interaction. Affected software is Android kernel camera components (CamX). The NVD entry lists CVSS2 as 4.4 (LOCAL, MEDIUM) and ...
CVE-2020-0474
CVE-2020-0474 affects Android 11 in the Media framework (HalCamera.cpp, HalCamera::requestNewFrame). It is a use-after-free due to a race condition, enabling local elevation of privilege with no extra execution privileges required. Exploitation is local and does not require user interaction. NVD ...
CVE-2020-0483
CVE-2020-0483 affects DrmManagerService in Android-11. The issue is a memory corruption via a use-after-free in the DrmManagerService destructor (DrmManagerService.cpp), enabling local elevation of privilege with System execution privileges required. User interaction is not needed. The descriptio...
CVE-2020-0486
CVE-2020-0486 affects Android 11 (ContactsProvider2.java) via openAssetFileListener, where an insecure default value enables a permission bypass. This can allow local escalation of privilege to modify contact data with no additional execution privileges and no user interaction. The issue is ackno...
CVE-2020-10837
The CVE-2020-10837 vulnerability affects Samsung mobile devices running P(9.0) and Q(10.0) with TEEGRIS. The issue resides in the Esecomm Trustlet, enabling a stack overflow that can lead to arbitrary code execution. Affected software/component: Esecomm Trustlet within Samsung TEEGRIS on P9.0/Q10...
CVE-2020-10840
Summary: CVE-2020-10840 describes a kernel pointer leak in the vipx driver affecting Samsung mobile devices with Exynos 9610 (P9.0 and Q10.0). The Samsung internal ID is SVE-2019-16293 (February 2020). The Red Hat entry reiterates the same description. What is affected: Samsung mobile devices wit...
CVE-2020-10846
CVE-2020-10846 affects Samsung mobile devices with P(9.x) and Q(10.x) software. The issue enables OEM unlock on KG-enrolled devices, potentially allowing download of unwanted binaries. Samsung ID: SVE-2019-16554. No explicit remediation or exploitation details are provided in the connected docume...
CVE-2020-10854
CVE-2020-10854 concerns information disclosure on Samsung mobile devices running O(8.x), P(9.0), or Q(10.0) software, where kernel stack addresses are leaked to userspace. The issue affects the kernel exposure path and is classified with a high impact in CVSS 3.1 (base score 7.5) and medium in CV...
CVE-2020-11604
CVE-2020-11604 affects Samsung mobile devices running P (9.0) and Q (10.0) with TEEGRIS; the issue is an out-of-bounds read in the MLDAP Trustlet. Connected records confirm the vulnerability details and Samsung’s reference ID SVE-2019-16565. Impact details across sources indicate leakage of infor...
CVE-2020-15578
The CVE-2020-15578 entry concerns Samsung mobile devices running O(8.x) software where the FactoryCamera component does not properly restrict runtime permissions. Affected software is described as Samsung devices with that Android/OS lineage; the root cause is the improper permission restriction ...
CVE-2020-15581
CVE-2020-15581 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in the kernel logging feature, which can allow attackers to discover virtual addresses via vectors involving shared memory. The reported impact is partial disclosure of data (confidentiality impact) wi...
CVE-2020-15582
Summary of CVE-2020-15582 : A BLE buffer overflow issue was reported on Samsung mobile devices running P (9.0) and Q (10.0) on Exynos 7885, leading to a deadlock or crash in the Bluetooth Low Energy component. The Samsung internal ID is SVE-2020-16870 (July 2020). Connected documents confirm the ...
CVE-2020-25050
CVE-2020-25050 affects Samsung mobile devices running P(9.0) and Q(10.0). The issue is in the CMC service, which can allow attackers to obtain sensitive information. Affected component is the CMC service on Samsung Android builds; root cause details are not fully disclosed in the provided documen...
CVE-2020-25056
CVE-2020-25056 affects Samsung mobile devices on Q(10.0) (Galaxy S20). Root cause: HAL version checks mishandled bootloading by the S.LSI NFC chipset. Impact: potential security impact described as improper checks; no exploit details provided in the documents. Affected component: HAL in Samsung A...
CVE-2020-25062
CVE-2020-25062 describes a privilege-bypass in LGTelephonyProvider on LG Android devices (9/10). Affected product: LG mobile devices running Android 9–10; root cause: bypass of intended privilege restrictions in LGTelephonyProvider (LG internal ID LVE-SMP-200017). Impact is reported as high to cr...