Lucene search

K

647 matches found

CVE
CVE
added 2021/03/10 4:15 p.m.30 views

CVE-2021-0378

In getNbits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1540...

6.5CVSS6.3AI score0.0041EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.30 views

CVE-2021-0385

In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.30 views

CVE-2021-0415

In memory management driver, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336692.

5.5CVSS5.1AI score0.00016EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.30 views

CVE-2021-0424

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787.

5.5CVSS5.4AI score0.00013EPSS
CVE
CVE
added 2021/06/11 5:15 p.m.30 views

CVE-2021-0495

In memory management driver, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-1834590...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.30 views

CVE-2021-0543

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11And...

6.7CVSS6.7AI score0.00028EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.30 views

CVE-2021-0553

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID...

7.3CVSS7.3AI score0.00042EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.30 views

CVE-2021-0622

In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561388.

5.5CVSS5.2AI score0.00012EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.30 views

CVE-2021-0655

In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05673424; Issue ID: ALPS05673424.

6.7CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.30 views

CVE-2021-0658

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672107.

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.30 views

CVE-2021-0670

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05654663; Issue ID: ALPS05654663.

7.2CVSS6.8AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-0976

In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600

6.5CVSS6.1AI score0.00244EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-0982

In getOrganizationNameForUser of DevicePolicyManagerService.java, there is a possible organization name disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...

3.3CVSS3.6AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-0995

In registerSuggestionConnectionStatusListener of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges nee...

3.3CVSS3.5AI score0.00013EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-0997

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android...

5.5CVSS4.9AI score0.00017EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-1006

In several functions of DatabaseManager.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

4.4CVSS4.1AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-1021

In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Pr...

7.3CVSS7.3AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-1028

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Androi...

7.8CVSS7.7AI score0.00018EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-1034

In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is n...

3.3CVSS4AI score0.00013EPSS
CVE
CVE
added 2021/01/05 6:15 p.m.30 views

CVE-2021-22495

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).

7.1CVSS5.6AI score0.00053EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.30 views

CVE-2021-25386

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

9.8CVSS9.6AI score0.00187EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.30 views

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.

5.5CVSS5.3AI score0.00041EPSS
CVE
CVE
added 2021/12/08 3:15 p.m.30 views

CVE-2021-25518

An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.

6.7CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-39638

In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ...

6.7CVSS6.7AI score0.00017EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-39645

Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A

10CVSS9AI score0.00129EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.30 views

CVE-2021-39652

In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-...

6.7CVSS6.7AI score0.00015EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.29 views

CVE-2021-0369

In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACT_ACROSS_PROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User in...

7.8CVSS7.6AI score0.00016EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.29 views

CVE-2021-0371

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android I...

6.7CVSS6.6AI score0.00015EPSS
CVE
CVE
added 2021/08/18 3:15 p.m.29 views

CVE-2021-0407

In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659.

6.7CVSS6.7AI score0.00019EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.29 views

CVE-2021-0425

In memory management driver, there is a possible side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05400059.

5.5CVSS4.9AI score0.00034EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.29 views

CVE-2021-0455

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175116...

7.2CVSS6.7AI score0.00014EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.29 views

CVE-2021-0465

In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.29 views

CVE-2021-0537

In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersion...

7.3CVSS7.2AI score0.00014EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.29 views

CVE-2021-0539

In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi...

7.8CVSS7.6AI score0.00014EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.29 views

CVE-2021-0541

In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: An...

4.4CVSS4.2AI score0.00014EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.29 views

CVE-2021-0612

In m4u, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05425834.

7.8CVSS7.8AI score0.00017EPSS
CVE
CVE
added 2021/11/18 3:15 p.m.29 views

CVE-2021-0621

In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561383.

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2021/10/25 2:15 p.m.29 views

CVE-2021-0634

In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594994; Issue ID: ALPS05594994.

7.2CVSS6.8AI score0.00013EPSS
CVE
CVE
added 2021/09/27 12:15 p.m.29 views

CVE-2021-0660

In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145.

4.9CVSS4.8AI score0.00273EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-0988

In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution pr...

3.3CVSS3.5AI score0.00013EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-0989

In hasManageOngoingCallsPermission of TelecomServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. Use...

3.3CVSS3.5AI score0.00013EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-0991

In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitat...

2.7CVSS3.2AI score0.00021EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1008

In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...

4.4CVSS4.5AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1009

In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User ...

5.5CVSS4.9AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1011

In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-188219307

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1022

In btif_in_hf_client_generic_evt of btif_hf_client.cc, there is a possible Bluetooth service crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andro...

7.5CVSS7.3AI score0.00581EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1029

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Androi...

7.8CVSS7.7AI score0.00018EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1030

In setNotificationsShownFromListener of NotificationManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges n...

5.5CVSS4.9AI score0.00014EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1038

In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-1...

5.5CVSS5.3AI score0.0005EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.29 views

CVE-2021-1046

In lwis_dpm_update_clock of lwis_device_dpm.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAn...

4.4CVSS4.3AI score0.00016EPSS
Total number of security vulnerabilities647