8153 matches found
CVE-2018-9503
The CVE-2018-9503 entry describes an out-of-bounds read in rfc_process_mx_message() within rfc_ts_frames.cc, leading to remote information disclosure without requiring privileges or user interaction. Affected software includes Android versions 7.0 through 9.0. The vulnerability’s root cause is a ...
CVE-2018-9514
CVE-2018-9514 is a kernel vulnerability affecting Android devices, caused by a Use After Free in sdcardfs_open (file.c) that could enable local escalation of privilege without user interaction. The issue is within the Android kernel and is listed in the 2018-10 Android security bulletin; patch gu...
CVE-2018-9525
CVE-2018-9525 affects Android 9 Framework: an elevation of privilege via a permissions bypass in the AndroidManifest.xml SliceBroadcastReceiver for com.android.settings.slice.action.WIFI_CHANGED. This could allow a local attacker to change device settings with no additional privileges and no user...
CVE-2018-9542
CVE-2018-9542 concerns Android’s avrc_pars_vendor_rsp in avrc_pars_ct.cc, where a missing bounds check allows an out-of-bounds read. This could lead to remote information disclosure without extra execution privileges; no user interaction is required. Affected products/versions include Android 7.0...
CVE-2018-9566
CVE-2018-9566 affects Android devices via an out-of-bounds read in process_service_search_rsp located in sdp_discovery.c. The issue arises from a missing bounds check, enabling potential remote information disclosure when connected to a malicious Bluetooth device. Exploitation requires user inter...
CVE-2018-9584
CVE-2018-9584 affects Android 7.0–9 in the NFC subsystem. In nfc_ncif_set_config_status (nfc_ncif.cc), a missing bounds check enables an out-of-bounds write, leading to local elevation of privilege with no extra execution privileges and no user interaction required. The issue is addressed by Andr...
CVE-2019-11341
On Samsung P(9.0) devices, the vulnerability enables a physically proximate attacker to start a TCP dump via the Service Mode feature (accessible after entering the *#9900# check code) without user knowledge. The OTP that protects this feature is generated locally, and the password creation logic...
CVE-2019-2037
CVE-2019-2037 affects Android: the issue resides in l2cu_send_peer_config_rej in l2c_utils.cc, where an incorrect bounds check allows an out-of-bounds read, enabling remote information disclosure without extra privileges and without user interaction. Affected versions include Android 7.0, 7.1.1, ...
CVE-2019-20531
CVE-2019-20531 affects Samsung mobile devices running Android P (9.0) on Exynos chipsets, with a vulnerability in the Wi‑Fi kernel drivers that permits an out-of-bounds read. Related Samsung identifiers: SVE-2019-15692, SVE-2019-15693. CVSS data indicate a High impact on confidentiality and avail...
CVE-2019-20540
CVE-2019-20540 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) Exynos software. The issue is a buffer over-read in the core touch screen driver that can lead to a possible information leak. Connected sources corroborate the same description; no explicit patch/version details or ...
CVE-2019-20543
CVE-2019-20543 involves Samsung mobile devices running Android 9.0 (P) where Factory Reset Protection can be bypassed via SamsungPay mini. The entry is corroborated across multiple sources (NVD, Red Hat, CNVD, CVE List) with the Samsung ID SVE-2019-15090. The connected documents confirm the issue...
CVE-2019-20553
CVE-2019-20553 affects Samsung mobile devices running P9.0 on chipsets SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820. The issue allows arbitrary memory read and write operations in the RKP component, as described in multiple sources (Samsung ID SVE-2019-15143). Public refe...
CVE-2019-20559
CVE-2019-20559 affects Samsung mobile devices running Android P (9.0). The vulnerability is in the Gallery application, permitting viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019). The connected documents do not specify the exact root cause, vulnerable compone...
CVE-2019-20563
The CVE-2019-20563 entry concerns Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS, where the SEC_FR trustlet has an out-of-bounds write. Affected component: SEC_FR trustlet; root cause: out-of-bounds write vulnerability in trustlet code. Documented impact indicates high severity (CV...
CVE-2019-20567
The CVE-2019-20567 issue affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) on Exynos chipsets. The root cause is a heap overflow in up_parm, which leads to code execution in the bootloader. Documented impact is high/severe (bootloader code execution possible). Exploitation details...
CVE-2019-20569
CVE-2019-20569 affects Samsung mobile devices running Android P (9.0). The vulnerability enables bypassing Factory Reset Protection (FRP) via manipulation of the status bar, as described in Red Hat and NVD references (Samsung ID SVE-2019-15089). Public details consistently state the issue as an F...
CVE-2019-2058
CVE-2019-2058 concerns a vulnerability in the Android 10 library component libAACdec where an out-of-bounds read can lead to remote information disclosure . The entry states that exploitation requires user interaction and that the affected product is Android 10. Connected sources corroborate the ...
CVE-2019-20581
CVE-2019-20581 describes a stack overflow in the HDCP Trustlet on Samsung mobile devices with Exynos chipsets (N7.x, O8.x, P9.0), leading to arbitrary code execution. Affected component is the HDCP Trustlet; root cause is a stack overflow. Impact is rated high to critical in CVSS terms (in the pr...
CVE-2019-20603
Summary: CVE-2019-20603 concerns a NULL pointer dereference in the ESECOMM Trustlet on Samsung mobile devices running N(7.x), O(8.0), and P(9.0) on Qualcomm chipsets. The issue originates in the Trustlet and is documented with Samsung ID SVE-2019-13950. The CVSS metrics indicate a network-exposed...
CVE-2019-20606
CVE-2019-20606 affects Samsung mobile devices with software prior to May 2019. A phishing attack against the OMACP service can change network and internet settings (Samsung ID SVE-2019-14073). The NVD entries show CVSSv3.1 base score 9.3 (NETWORK, UI REQUIRED, I:H, A:H) and CVSSv2.0 base 5.8 (I:P...
CVE-2019-20616
Technical details (affected component, root cause, version-specific impact, or fixes) are not publicly provided in the connected documents. Monitor for updates from Samsung and security advisories.
CVE-2019-2159
CVE-2019-2159 affects the Android 10 libxaac library, with an out-of-bounds write due to a missing bounds check. The vulnerability could allow remote code execution and requires user interaction to exploit. Exploitation details (such as vectors) are not provided in the connected documents, and a ...
CVE-2019-2165
CVE-2019-2165 affects the Android libxaac library in Android 10, where an out-of-bounds read can occur due to a missing bounds check. This could lead to information disclosure without executing code, with user interaction required for exploitation. The provided documents consistently describe the...
CVE-2019-2167
The CVE-2019-2167 entry concerns Google Android 10’s libxaac, where information disclosure can occur due to uninitialized data. Affected component/file: libxaac within Android 10. Root cause: uninitialized data leads to partial confidentiality impact (information disclosure) without executing cod...
CVE-2019-2203
CVE-2019-2203 is a local elevation-of-privilege in Android’s CryptoPlugin.decrypt due to a heap-buffer overflow causing an out-of-bounds write. Affected: Android 8.0–10. Impact: local privilege escalation with no user interaction (per CVE description). The Red Hat and NVD records corroborate the ...
CVE-2019-2216
CVE-2019-2216 affects Android 10 and is described across multiple sources as a local elevation of privilege due to improper input validation in overlay notifications. The vulnerability could allow a malicious overlaying app to gain high privileges without notifying the user, with exploitation req...
CVE-2019-9234
CVE-2019-9234 affects wpa_supplicant_8 on Android 10. The issue is an out-of-bounds read caused by a missing bounds check, enabling remote information disclosure over the network without user interaction. Exploitation details are not provided in the supplied documents. Mitigation/patch informatio...
CVE-2019-9240
CVE-2019-9240 affects Android 10 NFC: an out-of-bounds read caused by a missing bounds check could disclose local information. Exploitation requires user interaction; no exploit details or patch information are provided in the connected documents.
CVE-2019-9244
CVE-2019-9244 affects Android 10 devices via the NFC component, where a missing bounds check enables an out-of-bounds read and local information disclosure. The issue requires user interaction to exploit and has a Media/Confidentiality impact (C/H) per the CVE details, with CVSSv3.1 base score 5....
CVE-2019-9260
CVE-2019-9260 affects Android 10 and is a Bluetooth information-disclosure vulnerability caused by an out-of-bounds read from an incorrect bounds check. Exploitation is possible remotely over a network with no user interaction, potentially leading to partial confidentiality loss. NVD metrics show...
CVE-2019-9313
CVE-2019-9313 affects the Android 10 media framework (libstagefright). The issue is a missing variable initialization in the media path, enabling a remote information disclosure when exploited against the library’s media handling. Exploitation requires user interaction. Impact is information disc...
CVE-2019-9314
CVE-2019-9314 affects Android 10 in the libavc component, where a missing variable initialization leads to remote information disclosure. The issue can be exploited without privileges via a network vector, but requires user interaction to trigger. The exploit details, affected versions beyond And...
CVE-2019-9364
CVE-2019-9364 affects Android 10 via AudioService. The issue is a permissions bypass that can trigger background user audio, leading to local information disclosure without additional privileges. Exploitation details are not provided beyond the described local disclosure; no explicit on-device ex...
CVE-2019-9381
CVE-2019-9381 affects Android’s netd, with an out-of-bounds read caused by a use-after-free. This leads to remote information disclosure without additional privileges or user interaction on Android 10. The available documents confirm the vulnerable component and the impact but do not provide expl...
CVE-2019-9405
CVE-2019-9405 affects libAACdec in Android 10’s Media framework, with an out-of-bounds write caused by an integer overflow. This could permit remote code execution with the attacker needing only user interaction (no additional privileges). The Android 10 security release notes list CVE-2019-9405 ...
CVE-2019-9462
Technical details about CVE-2019-9462 are not available in the provided connected documents. The initial description confirms a Bluetooth out-of-bounds read causing DoS on Android 10, but no product/version specifics or exploitation details are disclosed here. Monitor for updates.
CVE-2019-9471
CVE-2019-9471 affects Android kernel code abc-pcie.c, specifically in set_outbound_iatu, where a missing bounds check can cause an out-of-bounds write. This leads to local elevation of privilege with system execution privileges required; exploitation does not require user interaction. Public refe...
CVE-2020-0011
CVE-2020-0011 affects the FPC Fingerprint TEE in Android kernels. The description in multiple sources states an out-of-bounds write in get_auth_result of fpc_ta_hw_auth.c due to a missing bounds check, enabling local elevation of privilege with System-level privileges required. Exploitation is de...
CVE-2020-0021
CVE-2020-0021 affects Android 10 in the PackageManagerService.removeUnusedPackagesLPw path, where a missing package dependency test can cause a permanent denial-of-service. The vulnerability description states that remote DoS is possible with user privileges and no user interaction required. Conn...
CVE-2020-0125
CVE-2020-0125 affects Android 11 media framework (mediadrm). The issue is a missing bounds check causing an out-of-bounds read that can disclose local information without extra privileges and without user interaction. Multiple sources corroborate this, listing mediadrm as the vulnerable component...
CVE-2020-0127
CVE-2020-0127 affects Android 10 via the Media/Audio framework: an out-of-bounds read in AudioStream::decode (AudioGroup.cpp) caused by a missing bounds check. This can lead to information disclosure in the phone process without extra execution privileges; exploitation reportedly requires user in...
CVE-2020-0130
CVE-2020-0130 affects Android 11 screencap. The issue is command injection due to improper input validation in screencap, enabling local elevation of privilege with User-level privileges and no user interaction required. Impact is local, affecting system processes; exploitation would require acce...
CVE-2020-0146
CVE-2020-0146 affects Android 10 in the btu_hcif hardware path (btu_hcif.cc). The issue is a missing bounds check that enables an out-of-bounds read, potentially allowing local information disclosure with system privileges. No user interaction is required. The Red Hat and NVD entries corroborate ...
CVE-2020-0152
CVE-2020-0152 affects Android 10 and is tied to the function avb_vbmeta_image_verify in avb_vbmeta_image.c . The root cause is a missing bounds check that enables an out-of-bounds read, leading to possible information disclosure with system-level privileges; exploitation does not require user int...
CVE-2020-0176
The CVE-2020-0176 issue is described across multiple sources as an out-of-bounds read in avdt_msg_prs_rej of avdt_msg.cc, enabling remote information disclosure on Android 10 with network access and no user interaction. The vulnerability arises from improper input validation and affects Android-1...
CVE-2020-0180
CVE-2020-0180 affects Android 10 (Media Framework). Vulnerability arises from a missing bounds check in GetOpusHeaderBuffers() within OpusHeader.cpp, causing an out-of-bounds read that can disclose information remotely. Exploitation requires user interaction. Public references in the Pixel Update...
CVE-2020-0188
The CVE-2020-0188 entry concerns Android 10 and a vulnerability in SettingsSliceProvider.java. In onCreatePermissionRequest, a PendingIntent error can permit a permissions bypass, enabling local elevation of privilege with user privileges required and no user interaction needed. Public disclosure...
CVE-2020-0194
CVE-2020-0194 is an Android 10 vulnerability in the Media Framework (ihevcd_parse_slice_header.c) where an integer overflow can cause an out-of-bounds write, enabling remote code execution and requiring user interaction to exploit. Public references from NVD/Red Hat/CNVD corroborate the descripti...
CVE-2020-0204
CVE-2020-0204 affects Android 10 with a flaw in InstallPackage (package.cpp) that allows bypassing the initial signature check for an OS update due to a Time of Check/Time of Use condition. This can enable local escalation of privilege, with no additional execution privileges required beyond user...
CVE-2020-0262
CVE-2020-0262 affects Android 11 and stems from an unsafe PendingIntent used in WiFi tethering, enabling local elevation of privilege with user execution privileges needed and no user interaction required. The issue is categorized as EoP, with impact on confidentiality/ integrity/ availability as...