8153 matches found
CVE-2020-0271
CVE-2020-0271 affects Android 11 and is listed in Android 11 security release notes under System as an Elevation of Privilege (EoP) issue. The vulnerability arises from an insecure default value in the Settings app, enabling local escalation of privilege and tapjacking with user interaction requi...
CVE-2020-0284
CVE-2020-0284 affects Android 11 Telephony where a missing permission check enables a local permission bypass that can lead to information disclosure without extra execution privileges. Exploitation details are not provided in the supplied documents. The issue is listed across multiple feeds (e.g...
CVE-2020-0292
CVE-2020-0292 affects Android 11 via a Bluetooth vulnerability described as an out-of-bounds read caused by a missing bounds check. The issue could allow local information disclosure with System privileges and may require a compromised firmware; no user interaction is needed. The description conf...
CVE-2020-0312
CVE-2020-0312 affects Android 11 Battery Saver. It describes a permission bypass caused by an unsafe PendingIntent that could disclose local information; exploitation details are not provided, and no in-the-wild status is stated. The vulnerability is mitigated by Android 11 security updates (patc...
CVE-2020-0319
CVE-2020-0319 is an Android 11 NFC stack vulnerability caused by a missing bounds check that enables an out-of-bounds write, leading to local elevation of privilege with system execution privileges and potential firmware compromise. Exploitation requires user interaction. CVSS v3.1 base score 7.8...
CVE-2020-0330
CVE-2020-0330 relates to the Android 11 ecosystem. The affected component is the iorap path, where a memory corruption via a use-after-free condition could be triggered locally. The documented impact is local escalation of privilege and code execution with System privileges, with exploitation not...
CVE-2020-0349
CVE-2020-0349 affects Android 11 NFC functionality. The issue is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure with system-level privileges required. No user interaction is needed for exploitation. Reported impact matches Android’s release notes and...
CVE-2020-0362
CVE-2020-0362 affects Android 11 and targets the libstagefright component. The issue is a resource exhaustion vulnerability caused by improper input validation, leading to a remote denial of service. Exploitation requires user interaction and is delivered over a network, with the CVSS v3.1 vector...
CVE-2020-0426
CVE-2020-0426 affects Android 11 where in SyncManager a permission bypass can occur due to an unsafe PendingIntent. This could enable local information disclosure with no extra privileges and without user interaction. The available documents describe the issue but do not provide exploit details, ...
CVE-2020-0485
CVE-2020-0485 affects Android 11. In UsbBackend.java’s areFunctionsSupported, a missing permission check can allow tethering access from a guest account, enabling local elevation of privilege with no user interaction. According to NVD, the CVSSv3.1 vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I...
CVE-2020-0489
CVE-2020-0489 involves a suspected out-of-bounds write in the Android media framework (Parse_data in eas_mdls.c) which could lead to remote code execution in the media extractor. Affected software is Android 11, notably Pixel devices. The root cause is a missing bounds check in Parse_data, enabli...
CVE-2020-0498
CVE-2020-0498 affects Android 11 and is associated with a heap buffer overflow in decode_packed_entry_number inside codebook.c, causing an out-of-bounds read that can disclose information remotely with no memory integrity impact and requires user interaction to exploit. Public records consistentl...
CVE-2020-10836
CVE-2020-10836 affects Samsung mobile devices with Exynos (O(8.x), P(9.0), Q(10.0)). The Widevine Trustlet permits read/write access to arbitrary memory, indicating a memory-safety/Trustlet isolation flaw. CVSSv3.1 base score 9.8 (CRITICAL); access is network-based with no authentication required...
CVE-2020-10846
CVE-2020-10846 affects Samsung mobile devices with P(9.x) and Q(10.x) software. The issue enables OEM unlock on KG-enrolled devices, potentially allowing download of unwanted binaries. Samsung ID: SVE-2019-16554. No explicit remediation or exploitation details are provided in the connected docume...
CVE-2020-10848
CVE-2020-10848 affects Samsung mobile devices running O(8.x), P(9.0) and Q(10.0) with Exynos 9810; the issue is an arbitrary memory mapping in the TrustZone/T EE. Root cause: memory mapping flaw in TEE. Impact per CVSS: HIGH across confidentiality, integrity, and availability. Affected Samsung de...
CVE-2020-10853
CVE-2020-10853 affects Samsung mobile devices running P (Android 9.0). The issue is described as an information disclosure via the Gallery app that leaks cached data. Samsung IDs associated with the vulnerability are SVE-2019-16010, SVE-2019-16011, and SVE-2019-16012. Connected sources reiterate ...
CVE-2020-11874
CVE-2020-11874 concerns LG mobile devices running Android 8.x–10, where attackers can bypass Factory Reset Protection (FRP). The LG internal ID is LVE-SMP-200004 (March 2020). Connected sources (NVD, Red Hat advisory, CVE listings) corroborate the FRP bypass claim. The documents do not provide co...
CVE-2020-15583
This CVE pertains to Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) where the StickerProvider allows directory traversal to access system files. Root cause: improper validation in the StickerProvider component enables path traversal that could lead to exposure of sensitive files. The ...
CVE-2020-25051
CVE-2020-25051 affects Samsung mobile devices running Android P (9.0) and Q (10.0). The vulnerability permits bypassing Factory Reset Protection (FRP) via AppInfo, as described across multiple sources (NVD entry, Red Hat advisory, NCSC summary) with Samsung’s ID SVE-2020-17758. The exact affected...
CVE-2020-25052
CVE-2020-25052 affects Samsung mobile devices running Q(10.0) on exynos9830-based hardware. The issue arises in H-Arx where indexing is mishandled, enabling memory corruption that can be leveraged to execute arbitrary code or cause a denial of service. The vulnerability is documented across multi...
CVE-2020-25278
Summary of CVE-2020-25278 (Samsung) : The vulnerability affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue stems from the Quram image codec library, which can be exploited by crafted JPEG data to overwrite memory and execute arbitrary code during decoding. Impact is des...
CVE-2020-27034
CVE-2020-27034 affects Android 11 in the SimSelectNotification path. The issue arises in createSimSelectNotification due to an unsafe PendingIntent, enabling a permission bypass that can lead to local information disclosure with the attacker obtaining user privileges. The advisory describes user ...
CVE-2020-27097
CVE-2020-27097 affects Android 11. The vulnerability exists in UriGrantsManagerService.java (checkGrantUriPermission), enabling a local information disclosure without additional exploitation privileges or user interaction. Concrete impact documented as a permissions bypass that could expose parti...
CVE-2020-35553
CVE-2020-35553 affects Samsung mobile devices running Android Q (10.0) and R (11.0) on Qualcomm SM8250 chipsets. The issue allows a denial of service (unlock failure) by triggering a power-shortage incident that leads to a false-positive attack detection. No concrete exploit details, affected sof...
CVE-2021-0363
CVE-2021-0363 affects Android (Android-10 and Android-11) with vulnerability in the mobile_log_d component, caused by a missing bounds check that enables command injection and local escalation of privilege to SYSTEM without user interaction. The issue is documented in multiple sources (e.g., Andr...
CVE-2021-0379
CVE-2021-0379 is a media stack issue in Android 11 where getUpTo17bits in pvmp3_getbits.cpp can read out of bounds due to a heap buffer overflow, potentially enabling information disclosure without code execution. Documented impact is remote information disclosure with user interaction required f...
CVE-2021-0412
The CVE-2021-0412 issue affects the MediaTek flv extractor and is caused by a missing bounds check that enables an out-of-bounds read. This leads to local information disclosure without additional execution privileges. Documents note no user interaction is required for exploitation. A patch is re...
CVE-2021-0456
CVE-2021-0456 : In the Citadel chip firmware, there is a possible out-of-bounds write due to a missing bounds check, enabling local escalation of privilege with System execution privileges required. Affected: Citadel chipset firmware in Android kernels (Android ID A-174769927). Impact per sources...
CVE-2021-0494
CVE-2021-0494 affects the Android memory management driver on Android SoCs. The issue is an out-of-bounds write caused by an integer overflow, enabling local escalation of privilege with no user interaction required. The only details provided in the connected sources are that the vulnerability is...
CVE-2021-0530
CVE-2021-0530 is an Android memory management driver vulnerability described across multiple sources as an out-of-bounds write caused by uninitialized data, enabling local privilege escalation with no user interaction required. Connected data identify affected component as the Android memory mana...
CVE-2021-0610
CVE-2021-0610 affects Mediatek memory management driver. Reported issue is a memory corruption caused by an integer overflow, enabling local privilege escalation with no user interaction required (LOCAL, LOW complexity). Documents consistently describe a patch identified as ALPS05403499 (Issue AL...
CVE-2021-0616
CVE-2021-0616 affects the MediaTek ape extractor. The issue is a heap buffer overflow causing an out-of-bounds read, leading to local information disclosure without extra privileges or user interaction. Affected component is the ape extractor (buffer handling) and the documents consistently descr...
CVE-2021-0617
CVE-2021-0617 affects MediaTek’s ape extractor. The issue is a heap-buffer-overflow–induced out-of-bounds read in the extractor, leading to local information disclosure without privilege or user interaction. Patch ALPS05561391/ALPS05561391 is referenced as remediation. No exploitation details are...
CVE-2021-0625
CVE-2021-0625 affects MediaTek’s ccu (camera control processor). The Red Hat/NVD entries describe memory corruption due to improper locking, enabling local escalation of privilege with System execution privileges required and no user interaction. The vulnerability impact is stated as local, with ...
CVE-2021-0628
CVE-2021-0628 affects OMA DRM. The issue is memory corruption caused by improper input validation, enabling local escalation of privilege with System execution privileges required; no user interaction needed. Patch ALPS05722454/ALPS05722454 is noted. Connected records consistently describe the sa...
CVE-2021-0658
CVE-2021-0658 affects the apusys component with an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with System execution privileges required and no user interaction. Public documentation consistently notes this is a local vulnerability with high-impact...
CVE-2021-0669
In apusys, the vulnerability is a memory corruption due to a use-after-free, enabling local escalation of privilege with SYSTEM execution privileges required and no user interaction. The CVE entry notes this affects the apusys component and lists patch ID ALPS05681550 / Issue ID ALPS05681550 as t...
CVE-2021-0899
In CVE-2021-0899, the apusys component in MediaTek exhibits a memory corruption issue caused by a use-after-free, enabling local escalation of privilege with System execution privileges required. No user interaction is needed for exploitation. Affected details and mitigation: Patch ID ALPS0567210...
CVE-2021-25391
CVE-2021-25391 is an Intent redirection vulnerability in Samsung Secure Folder prior to SMR MAY-2021 Release 1. The issue allows an attacker to execute a privileged action through intent redirection. Affected: Secure Folder component on Samsung devices; impact per CVSSv3.1: base score 4.0 (MEDIUM...
CVE-2021-25408
CVE-2021-25408 concerns a buffer overflow in the NPU driver prior to Samsung SMR JUN-2021 Release 1. The underlying issue is a memory overwrite vulnerability in the driver that could lead to arbitrary memory write and code execution. Affected product scope is the NPU driver as described; no speci...
CVE-2021-25426
CVE-2021-25426 concerns Samsung Message’s SmsViewerActivity, where improper component protection permits untrusted apps to access Message files. Affected: Samsung Message versions before SMR July-2021 Release 1. Root cause is lack of proper access controls on SmsViewerActivity. Impact, as stated,...
CVE-2021-25452
CVE-2021-25452 is a vulnerability in the Samsung DSP driver related to improper input validation when loading graph files, prior to SMR Sep-2021 Release 1. The issue allows a local attacker to trigger a permanent denial-of-service condition on the device by exploiting the faulty graph-file loadin...
CVE-2021-25512
CVE-2021-25512 affects the Samsung telephony stack. Connected documents indicate an improper validation vulnerability in telephony prior to Samsung SMR Dec-2021 Release 1, allowing attackers to launch certain activities. Affected: telephony component on Samsung devices (prior to SMR Dec-2021 Rele...
CVE-2021-25515
Samsung SemRewardManager on Android is affected by CVE-2021-25515 due to improper usage of implicit intents, enabling an attacker with local access to read the device’s BSSID. The root cause is an implicit-intent misuse in SemRewardManager prior to SMR Dec-2021 Release 1, leading to information d...
CVE-2021-25517
CVE-2021-25517 affects Samsung LDFW firmware prior to SMR Dec-2021 Release 1. The vulnerability arises from improper input validation in LDFW, enabling arbitrary code execution on affected devices. Documented impact includes remote/local (depending on context) execution with high severity (CVSS v...
CVE-2022-36841
Affected software: libSDKRecognitionText.spensdk.samsung.so on Samsung devices. Vulnerability: heap-based overflow in PrepareRecogLibrary_Part function prior to SMR Sep-2022 Release 1, causing memory access fault. Exploitability/impact: CVE reports local access with memory impact; no explicit exp...
CVE-2022-39101
CVE-2022-39101 concerns a missing permission check in the power management service. The vulnerability allows a local attacker with low privileges to set up the power management service without additional execution privileges, potentially compromising confidentiality, integrity, and availability (...
CVE-2022-39115
CVE-2022-39115 relates to a missing permission check in the Music service, allowing a local attacker to cause a denial of service without extra privileges. Affected component is the Music service; root cause is insufficient authorization before performing sensitive actions. Impact stated as local...
CVE-2022-47489
CVE-2022-47489 affects UNISOC chipsets’ soter service module, where a missing bounds check can trigger an out-of-bounds write. This flaw may allow local denial of service with System execution privileges required. Documents in connected sources corroborate the issue as a boundary-check deficiency...
CVE-2022-48236
CVE-2022-48236 concerns the MP3 encoder in UNISOC chipsets. A missing bounds check can cause an out-of-bounds read, leading to local denial of service with system‑level privileges required. Reported base metrics (CVSS 3.1: AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H; base score 4.4) indicate local access...