Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/09/17 8:49 p.m.46 views

CVE-2020-0343

CVE-2020-0343 affects Android 11, specifically the NetworkStatsService. Root cause: a missing permission check allows access to protected data, enabling local information disclosure with no extra execution privileges. Exploitation prerequisites: none (user interaction not required). Impact (as st...

5.5CVSS5.7AI score0.00139EPSS
CVE
CVE
added 2020/09/17 8:58 p.m.46 views

CVE-2020-0362

CVE-2020-0362 affects Android 11 and targets the libstagefright component. The issue is a resource exhaustion vulnerability caused by improper input validation, leading to a remote denial of service. Exploitation requires user interaction and is delivered over a network, with the CVSS v3.1 vector...

6.5CVSS6.9AI score0.00724EPSS
CVE
CVE
added 2020/09/17 6:42 p.m.46 views

CVE-2020-0428

CVE-2020-0428 describes a race-condition in CamX code that enables a use-after-free vulnerability, leading to local escalation of privilege to SYSTEM level with no user interaction. Affected software is Android kernel camera components (CamX). The NVD entry lists CVSS2 as 4.4 (LOCAL, MEDIUM) and ...

6.4CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2020/12/15 3:53 p.m.46 views

CVE-2020-0474

CVE-2020-0474 affects Android 11 in the Media framework (HalCamera.cpp, HalCamera::requestNewFrame). It is a use-after-free due to a race condition, enabling local elevation of privilege with no extra execution privileges required. Exploitation is local and does not require user interaction. NVD ...

7CVSS7.5AI score0.00104EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.46 views

CVE-2020-0483

CVE-2020-0483 affects DrmManagerService in Android-11. The issue is a memory corruption via a use-after-free in the DrmManagerService destructor (DrmManagerService.cpp), enabling local elevation of privilege with System execution privileges required. User interaction is not needed. The descriptio...

6.7CVSS7.3AI score0.00141EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.46 views

CVE-2020-0486

CVE-2020-0486 affects Android 11 (ContactsProvider2.java) via openAssetFileListener, where an insecure default value enables a permission bypass. This can allow local escalation of privilege to modify contact data with no additional execution privileges and no user interaction. The issue is ackno...

7.8CVSS8.2AI score0.00134EPSS
CVE
CVE
added 2020/03/24 5:19 p.m.46 views

CVE-2020-10837

The CVE-2020-10837 vulnerability affects Samsung mobile devices running P(9.0) and Q(10.0) with TEEGRIS. The issue resides in the Esecomm Trustlet, enabling a stack overflow that can lead to arbitrary code execution. Affected software/component: Esecomm Trustlet within Samsung TEEGRIS on P9.0/Q10...

10CVSS9.8AI score0.00869EPSS
CVE
CVE
added 2020/03/24 5:22 p.m.46 views

CVE-2020-10840

Summary: CVE-2020-10840 describes a kernel pointer leak in the vipx driver affecting Samsung mobile devices with Exynos 9610 (P9.0 and Q10.0). The Samsung internal ID is SVE-2019-16293 (February 2020). The Red Hat entry reiterates the same description. What is affected: Samsung mobile devices wit...

7.1CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2020/03/24 5:29 p.m.46 views

CVE-2020-10846

CVE-2020-10846 affects Samsung mobile devices with P(9.x) and Q(10.x) software. The issue enables OEM unlock on KG-enrolled devices, potentially allowing download of unwanted binaries. Samsung ID: SVE-2019-16554. No explicit remediation or exploitation details are provided in the connected docume...

5.5CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2020/03/24 5:37 p.m.46 views

CVE-2020-10854

CVE-2020-10854 concerns information disclosure on Samsung mobile devices running O(8.x), P(9.0), or Q(10.0) software, where kernel stack addresses are leaked to userspace. The issue affects the kernel exposure path and is classified with a high impact in CVSS 3.1 (base score 7.5) and medium in CV...

7.5CVSS7.5AI score0.00413EPSS
CVE
CVE
added 2020/04/08 3:27 p.m.46 views

CVE-2020-11604

CVE-2020-11604 affects Samsung mobile devices running P (9.0) and Q (10.0) with TEEGRIS; the issue is an out-of-bounds read in the MLDAP Trustlet. Connected records confirm the vulnerability details and Samsung’s reference ID SVE-2019-16565. Impact details across sources indicate leakage of infor...

9.1CVSS9.1AI score0.00475EPSS
CVE
CVE
added 2020/07/07 1:32 p.m.46 views

CVE-2020-15578

The CVE-2020-15578 entry concerns Samsung mobile devices running O(8.x) software where the FactoryCamera component does not properly restrict runtime permissions. Affected software is described as Samsung devices with that Android/OS lineage; the root cause is the improper permission restriction ...

5.5CVSS5.6AI score0.00118EPSS
CVE
CVE
added 2020/07/07 1:23 p.m.46 views

CVE-2020-15581

CVE-2020-15581 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in the kernel logging feature, which can allow attackers to discover virtual addresses via vectors involving shared memory. The reported impact is partial disclosure of data (confidentiality impact) wi...

5.3CVSS5.1AI score0.0034EPSS
CVE
CVE
added 2020/07/07 1:23 p.m.46 views

CVE-2020-15582

Summary of CVE-2020-15582 : A BLE buffer overflow issue was reported on Samsung mobile devices running P (9.0) and Q (10.0) on Exynos 7885, leading to a deadlock or crash in the Bluetooth Low Energy component. The Samsung internal ID is SVE-2020-16870 (July 2020). Connected documents confirm the ...

5.5CVSS5.9AI score0.00268EPSS
CVE
CVE
added 2020/08/31 8:25 p.m.46 views

CVE-2020-25050

CVE-2020-25050 affects Samsung mobile devices running P(9.0) and Q(10.0). The issue is in the CMC service, which can allow attackers to obtain sensitive information. Affected component is the CMC service on Samsung Android builds; root cause details are not fully disclosed in the provided documen...

7.5CVSS7.4AI score0.00431EPSS
CVE
CVE
added 2020/08/31 8:24 p.m.46 views

CVE-2020-25056

CVE-2020-25056 affects Samsung mobile devices on Q(10.0) (Galaxy S20). Root cause: HAL version checks mishandled bootloading by the S.LSI NFC chipset. Impact: potential security impact described as improper checks; no exploit details provided in the documents. Affected component: HAL in Samsung A...

7.5CVSS7.6AI score0.00366EPSS
CVE
CVE
added 2020/08/31 8:46 p.m.46 views

CVE-2020-25062

CVE-2020-25062 describes a privilege-bypass in LGTelephonyProvider on LG Android devices (9/10). Affected product: LG mobile devices running Android 9–10; root cause: bypass of intended privilege restrictions in LGTelephonyProvider (LG internal ID LVE-SMP-200017). Impact is reported as high to cr...

9.8CVSS9.2AI score0.00455EPSS
CVE
CVE
added 2020/12/15 4:2 p.m.46 views

CVE-2020-27035

CVE-2020-27035 : In Android’s media stack, specifically in priorLinearAllocation() of C2AllocatorIon.cpp, there is a possible use-after-free caused by improper locking. This can lead to local information disclosure in the media codec without additional execution privileges. Affected: Android-11. ...

5.5CVSS5.8AI score0.00112EPSS
CVE
CVE
added 2020/12/15 4:3 p.m.46 views

CVE-2020-27038

CVE-2020-27038 affects Android 11 with a memory-leak in C2SoftVorbisDec.cpp that can exhaust memory and cause remote denial of service. Exploitation requires user interaction; no explicit exploit details are provided in the connected documents. The available sources confirm the DoS impact and the...

6.5CVSS6.8AI score0.00694EPSS
CVE
CVE
added 2020/12/15 4:6 p.m.46 views

CVE-2020-27051

CVE-2020-27051 is an out-of-bounds write caused by an integer overflow in NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc. Affects Android 11; the privilege impact is local with partial confidentiality/integrity/availability, and exploitation requires user interaction. CVSSv3.1 base score 7.8 (HIGH...

7.8CVSS8.2AI score0.00405EPSS
CVE
CVE
added 2021/01/22 7:15 p.m.46 views

CVE-2020-27097

CVE-2020-27097 affects Android 11. The vulnerability exists in UriGrantsManagerService.java (checkGrantUriPermission), enabling a local information disclosure without additional exploitation privileges or user interaction. Concrete impact documented as a permissions bypass that could expose parti...

5.5CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2021/02/04 5:10 p.m.46 views

CVE-2021-0348

The CVE-2021-0348 issue affects Android’s vpu as reported in multiple sources. A missing bounds check enables an out-of-bounds write, leading to local escalation of privilege with System execution privileges required. Impact is noted for Android-9, Android-10, and Android-11. No user interaction ...

7.2CVSS6.7AI score0.00166EPSS
CVE
CVE
added 2021/02/04 5:10 p.m.46 views

CVE-2021-0349

The CVE-2021-0349 entry concerns the Android display driver. A use-after-free in the display driver could cause memory corruption, enabling local privilege escalation with System privileges required for exploitation. No user interaction is needed. Affected products/versions include Android 9–11. ...

7.2CVSS6.8AI score0.00163EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.46 views

CVE-2021-0353

CVE-2021-0353 affects Android 11 via a heap buffer overflow in the kisd component, causing a memory corruption vulnerability. The root cause is heap-based memory corruption leading to local escalation of privilege, requiring system-level privileges for impact; exploitation is described as not req...

6.7CVSS6.9AI score0.00158EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.46 views

CVE-2021-0358

In netdiag, a command-injection flaw exists due to improper input validation. This could enable local escalation to System privileges on Android devices (Android-10/Android-11) with no user interaction required. The issue is described across multiple sources (e.g., NVD/Red Hat) and is associated ...

6.7CVSS6.9AI score0.00325EPSS
CVE
CVE
added 2021/03/10 4:11 p.m.46 views

CVE-2021-0386

CVE-2021-0386 affects Android 11 in the UsbConfirmActivity onCreate, enabling a tapjacking vector due to an insecure default value. The vulnerability could allow local escalation of privilege with user interaction required for exploitation (ATT&CK: Local, UI: Required). The issue is documented ac...

7.8CVSS7.6AI score0.00347EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.46 views

CVE-2021-0414

The CVE-2021-0414 entry relates to MediaTek’s flv extractor, where a heap buffer overflow can cause an out-of-bounds read. This may lead to local information disclosure without requiring user interaction. The available patch/issue identifiers are ALPS05561384 (Patch ID) and ALPS05561384 (Issue ID...

5.5CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2021/03/10 4:13 p.m.46 views

CVE-2021-0449

CVE-2021-0449 : In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data, leading to local information disclosure with System execution privileges required. The vulnerability affects the Titan M component as listed in Android kernel contexts; exploita...

4.4CVSS4.3AI score0.00124EPSS
CVE
CVE
added 2021/03/10 4:14 p.m.46 views

CVE-2021-0452

The CVE-2021-0452 entry concerns the Titan M chip firmware. It describes a stack memory disclosure due to uninitialized data, enabling local information disclosure with system privileges required. Exploitation is described as local with no user interaction needed. The issue is tied to Android ker...

4.4CVSS4.3AI score0.00124EPSS
CVE
CVE
added 2021/03/10 4:18 p.m.46 views

CVE-2021-0463

CVE-2021-0463 concerns Google Android’s kernel component where in convertToHidl (convert.cpp) an out-of-bounds read can occur due to uninitialized data from ReturnFrameworkMessage. This issue may disclose local information without extra execution privileges and requires user interaction to exploi...

5.5CVSS5.1AI score0.00136EPSS
CVE
CVE
added 2021/03/10 4:18 p.m.46 views

CVE-2021-0464

CVE-2021-0464 affects the Android kernel component sound_trigger_event_alloc in platform.h, with a heap buffer overflow causing an out-of-bounds write that could lead to local privilege escalation without user interaction. The linked Red Hat/NVD entries confirm the issue and classify it as Elevat...

7.8CVSS7.8AI score0.00131EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.46 views

CVE-2021-0614

The CVE-2021-0614 entry concerns MediaTek’s asf extractor, where an out-of-bounds read results from an incorrect bounds check. This vulnerability may lead to local information disclosure without requiring user interaction or additional execution privileges. Affected reality is supported by source...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/10/25 1:17 p.m.46 views

CVE-2021-0630

CVE-2021-0630 affects MediaTek WiFi driver components. The flaw is a missing bounds check in the wifi driver that can cause a system crash, enabling remote denial of service with no additional privileges or user interaction required. Several connected sources (NVD, Red Hat advisories, CVE registr...

7.5CVSS7.3AI score0.00857EPSS
CVE
CVE
added 2021/10/25 1:17 p.m.46 views

CVE-2021-0632

CVE-2021-0632 describes an out-of-bounds read in the Mediatek wifi driver caused by a missing bounds check. The affected component is the wifi driver (Mediatek). Exploitation could enable remote information disclosure to a proximal attacker under certain build conditions, with no user interaction...

6.5CVSS6.1AI score0.00288EPSS
CVE
CVE
added 2021/11/18 2:58 p.m.46 views

CVE-2021-0668

The CVE-2021-0668 entry refers to a memory corruption issue in the apusys component caused by incorrect error handling, enabling local privilege escalation to System level with no user interaction required. Patch ALPS05670521 (Issue ALPS05670521) is noted as a fix. Connected documents (e.g., Red ...

7.2CVSS6.8AI score0.0012EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.46 views

CVE-2021-0894

In CVE-2021-0894, the apusys component contains an out-of-bounds write due to a missing bounds check. This can enable local escalation of privilege to SYSTEM with no user interaction required. Patch ID ALPS05672107 and Issue ID ALPS05672038 are associated remediation details. Exploitation status ...

6.7CVSS6.7AI score0.00115EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.46 views

CVE-2021-25388

Samsung Knox Core CVE-2021-25388 is described as an improper caller check vulnerability that, in Knox Core prior to SMR MAY-2021 Release 1, could let a local attacker install arbitrary third‑party apps. Connected sources (NVD, Red Hat, CNNCVD/CVE lists) corroborate: local access, low complexity, ...

7.1CVSS7.3AI score0.00088EPSS
CVE
CVE
added 2021/06/11 2:33 p.m.46 views

CVE-2021-25414

CVE-2021-25414 affects Samsung Contacts prior to SMR JUN-2021 Release 1. The underlying issue is improper sanitization of an incoming intent in Samsung Contacts, which enables a local attacker to copy or overwrite arbitrary files using Samsung Contacts privileges. The vulnerability implies local,...

7.8CVSS7.4AI score0.00183EPSS
CVE
CVE
added 2021/09/09 6:3 p.m.46 views

CVE-2021-25450

CVE-2021-25450 describes a path traversal vulnerability in FactoryAirCommnadManger present before Samsung SMR Sep-2021 Release 1. An attacker could write files as the system UID via a remote socket by exploiting the vulnerable path handling in the component, leading to potential unauthorized file...

6.5CVSS6.5AI score0.00165EPSS
CVE
CVE
added 2021/09/09 6:4 p.m.46 views

CVE-2021-25455

Summary: CVE-2021-25455 is an OOB read vulnerability in the libsaviextractor.so library, reported to affect the pre-SMR Sep-2021 Release 1. The available descriptions state that an attacker could access an arbitrary memory address via a forged AVI file, via a crafted input, with a local attack ve...

4.3CVSS4.2AI score0.00193EPSS
CVE
CVE
added 2021/10/06 5:9 p.m.46 views

CVE-2021-25481

The CVE-2021-25481 entry concerns Samsung Exynos CPU (Exynos CP) booting driver. It reports improper error handling that allows local attackers to bypass the Secure Memory Protector of Exynos CP Memory prior to SMR Oct-2021 Release 1. Public references in the provided documents corroborate the ex...

6.7CVSS6.3AI score0.00094EPSS
CVE
CVE
added 2021/10/06 5:9 p.m.46 views

CVE-2021-25482

CVE-2021-25482 refers to a SQL injection vulnerability in the CMFA framework, prior to Samsung SMR Oct-2021 Release 1. According to connected sources (NVD, Red Hat, CVE listings, PRION, CNNVD, and others), the issue allows an untrusted application to overwrite some CMFA framework information. The...

5.9CVSS5.6AI score0.00127EPSS
CVE
CVE
added 2021/11/05 2:3 a.m.46 views

CVE-2021-25501

CVE-2021-25501 involves an improper access control flaw in SCloudBnRReceiver within the SecTelephonyProvider. The root cause allows an untrusted application to call some protected providers, with impact described as limited integrity impact and no confidentiality/availability impact per CVSS metr...

5.7CVSS4.1AI score0.00093EPSS
CVE
CVE
added 2021/12/08 2:19 p.m.46 views

CVE-2021-25511

The CVE-2021-25511 issue affects Samsung FilterProvider prior to SMR Dec-2021 Release 1 and is described as an improper validation/path traversal vulnerability that enables an attacker to write arbitrary files. Documents consistently tie this to a path traversal flaw and do not provide exploit co...

7.8CVSS7.5AI score0.00112EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.46 views

CVE-2022-32644

CVE-2022-32644 concerns a race-condition-induced use-after-free in vow, leading to local escalation of privilege with System privileges required. Public documentation consistently describes the vulnerability as local, with no user interaction needed for exploitation. The primary impact is the pot...

6.4CVSS6.6AI score0.00121EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.46 views

CVE-2022-38688

CVE-2022-38688 : The telephony service contains a missing permission check that enables local information disclosure without additional execution privileges. The NVD entry assigns a CVSS v3.1 base score of 5.5 (Local exploit, Low complexity, Low privileges required; Confidentiality impact: High)....

5.5CVSS5.2AI score0.00101EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.46 views

CVE-2022-39122

The CVE-2022-39122 entry describes a vulnerability in a sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service in the kernel. Connected sources reference Unisoc chipsets (e.g., SC9863A/SC9832E/SC7731E and related Android versions) and reite...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.46 views

CVE-2022-44420

The CVE-2022-44420 entry describes a vulnerability in the UNISOC modem module where there is a missing verification of the HashMME value in the Security Mode Command, enabling local denial of service with no additional privileges. This is a local-access issue with impact on availability (HIGH) an...

5.5CVSS5.5AI score0.00071EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.46 views

CVE-2022-44422

CVE-2022-44422 affects the music service via a missing permission check, enabling local denial of service in the contacts service. The vulnerability is exploitable with local access and low privileges (UI:N, C:N, I:N, A:H; S:U). No public details on affected product versions or fixes are provided...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.46 views

CVE-2022-47485

CVE-2022-47485 involves a possibly out-of-bounds write in the modem control device due to a missing bounds check. Public details consistently reference local denial of service with system execution privileges required. Affected component is the modem control device in UNISOC chipsets; exact affec...

4.4CVSS4.7AI score0.00096EPSS
Total number of security vulnerabilities8153