8153 matches found
CVE-2018-9521
CVE-2018-9521 describes an out-of-bounds write in NuPlayer2CCDecoder.cpp (parseMPEGCCData) on Android 9, enabling remote code execution in an unprivileged process with user interaction. The issue arises from an incorrect bounds check in the Media framework’s MPEG data handling, potentially allowi...
CVE-2018-9557
CVE-2018-9557 affects Android 7.0, 7.1.1, and 7.1.2. In really_install_package() within install.cpp, there is a possible free of arbitrary memory caused by uninitialized data, enabling local elevation of privilege without extra execution privileges and without user interaction. The NVD entry conf...
CVE-2018-9559
CVE-2018-9559: In persist_set_key and related cryptfs.cpp functions, there is an out-of-bounds write caused by an uncaught error, enabling local elevation of privilege without user interaction on Android 7.0–9. No exploitation details are provided. The Android Security Bulletin indicates patches ...
CVE-2018-9567
CVE-2018-9567 affects Pixel devices: a bug in verified boot causes the certificate fingerprint to appear identical despite different signing keys, enabling local privilege escalation with no user interaction. The Android Security Bulletin (Dec 2018) indicates patches at the 2018-12-01 and 2018-12...
CVE-2019-2032
CVE-2019-2032 affects Android devices (Android 8.0, 8.1, 9) and is tied to the function in ble_advertiser_hci_interface.cc: SetScanResponseData. The issue is an out-of-bounds write caused by a missing bounds check, leading to local elevation of privilege with no additional execution privileges re...
CVE-2019-2052
CVE-2019-2052 : In VisitPointers of heap.cc, Android’s System component, there is a potential out-of-bounds read caused by type confusion. This could enable remote information disclosure without extra execution privileges or user interaction. Affected Android versions include 7.0, 7.1.1, 7.1.2, 8...
CVE-2019-20547
CVE-2019-20547 affects Samsung mobile devices running Android O (8.x) and Pie (9.0). The issue allows data leakage through a Bluetooth debug command, implying a local-bypass-like interaction via Bluetooth tooling on affected software. The description does not specify exact vulnerable components, ...
CVE-2019-20553
CVE-2019-20553 affects Samsung mobile devices running P9.0 on chipsets SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820. The issue allows arbitrary memory read and write operations in the RKP component, as described in multiple sources (Samsung ID SVE-2019-15143). Public refe...
CVE-2019-20569
CVE-2019-20569 affects Samsung mobile devices running Android P (9.0). The vulnerability enables bypassing Factory Reset Protection (FRP) via manipulation of the status bar, as described in Red Hat and NVD references (Samsung ID SVE-2019-15089). Public details consistently state the issue as an F...
CVE-2019-20588
CVE-2019-20588 affects Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS. The SEM Trustlet has a type confusion flaw that can lead to arbitrary code execution. Samsung ID SVE-2019-14891 is associated with this issue. The CVSS-3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a b...
CVE-2019-20591
CVE-2019-20591 affects Samsung mobile devices running N (7.x), O (8.x), and P (9.0) with a local SQL injection in the Gear VR Service Content Provider. The issue, tracked as Samsung Samsung ID SVE-2019-14058, is documented across multiple feeds (NVD, Red Hat, etc.). The connected sources confirm ...
CVE-2019-20592
CVE-2019-20592 affects Samsung mobile devices running N(7.x), O(8.x) and P(9.0). The issue is a local SQL injection in the Story Video Editor Content Provider, with Samsung ID SVE-2019-14062. Connected documents corroborate this vulnerability and do not provide concrete patch versions or remediat...
CVE-2019-20609
CVE-2019-20609 affects Samsung mobile devices running P(9.0). An attacker with access to a paired smartwatch can view Secure Folder notification content, exposing confidential information. The root cause is not detailed in the provided documents; no vendor patch/version or remediation details are...
CVE-2019-20615
CVE-2019-20615 affects Samsung mobile devices running N(7.x) and O(8.x) software. The issue enables bypassing Factory Reset Protection (FRP) through SVoice Terms & Conditions, as referenced by Samsung ID SVE-2018-13547 (March 2019). Publicly available documents in the provided set reiterate this ...
CVE-2019-2073
CVE-2019-2073 affects the Android 10 libxaac library, where an out-of-bounds write occurs due to a missing bounds check. This can lead to remote code execution with network access and no extra privileges, with user interaction required for exploitation. The vulnerability is documented across seve...
CVE-2019-2074
This entry concerns CVE-2019-2074 affecting libxaac in Android 10. The issue is an out-of-bounds write due to a missing bounds check, enabling remote code execution. Impact: remote code execution with user interaction required, configured as HIGH in CVSS 3.1. Affected component: libxaac in Androi...
CVE-2019-20773
CVE-2019-20773 affects LG mobile devices running Android OS 7.x–9.0; the issue allows unprivileged applications to execute shell commands via the connectivity service. Root cause is not detailed in the provided documents; no exploit specifics or remediation are described in the connected sources....
CVE-2019-2088
CVE-2019-2088 affects Android 10, specifically the StatsService component. The flaw is an out-of-bounds read in StatsService that could lead to local information disclosure without user interaction, with UBSAN being a factor. The public documents consistently reference Android-10 as affected; no ...
CVE-2019-9242
CVE-2019-9242 affects Android 10 NFC, where a missing bounds check can cause an out-of-bounds read and local information disclosure. Exploitation requires user interaction and local access; no public exploit details are provided in the documents. The issue is listed among Android 10 security fixe...
CVE-2019-9320
CVE-2019-9320 relates to the Android media stack (libavc) with a missing variable initialization. The issue affects Android 10 and can lead to remote information disclosure without extra privileges; exploitation requires user interaction. The published details describe Information Disclosure as t...
CVE-2019-9331
CVE-2019-9331 affects Android 10 Bluetooth: a missing bounds check enables an out-of-bounds read and remote information disclosure without privileges or user interaction. Documented in Android 10 security release notes; mitigated by Android patch level 2019-09-01 or later. Exploitation status and...
CVE-2019-9387
CVE-2019-9387 describes an out-of-bounds read in the Android Bluetooth stack caused by a missing bounds check. The vulnerability could enable remote information disclosure without requiring privileges or user interaction. Affected product is Android 10 (Android Bluetooth stack); the description d...
CVE-2019-9397
CVE-2019-9397 affects the Bluetooth component in Android 10. The issue is a missing bounds check that can cause a controlled termination, yielding a remote DoS without needing privileges or user interaction. The vulnerability is documented with Android 10 as affected, and remediation is noted in ...
CVE-2019-9403
CVE-2019-9403: In cn-cbor, an out-of-bounds read due to improper casting could lead to remote information disclosure on Android 10. Impact is information disclosure with no privileges gained; exploitation requires user interaction. CVSS2 base 4.3 (PARTIAL confidentiality impact) and CVSS3.1 base ...
CVE-2019-9404
CVE-2019-9404 affects Android 10 devices via the Bluetooth stack, where a missing bounds check can cause a remote denial-of-service without user interaction. The issue is documented across multiple sources (NVD and Red Hat) with a consistent description: uncontrolled termination due to an out-of-...
CVE-2019-9409
CVE-2019-9409 affects the Android 10 media processing stack (libhevc). The issue is an information-disclosure vulnerability caused by uninitialized data, enabling remote information disclosure with no execution privileges required. Exploitation requires user interaction. The connected documents r...
CVE-2019-9475
CVE-2019-9475 corresponds to a local information disclosure in Android 10 via a permissions bypass in /proc/net of the kernel filesystem. The root cause is a privileged bypass that allows reading information without execution privileges, with exploitation requiring local access and no user intera...
CVE-2020-0037
CVE-2020-0037 affects Android, focusing on rw_i93_sm_set_read_only in rw_i93.cc. The vulnerability is an out-of-bounds read caused by a missing bounds check in this function, enabling remote information disclosure over NFC without additional execution privileges. Affected Android versions include...
CVE-2020-0058
The CVE-2020-0058 issue is a real Android vulnerability affecting the Bluetooth stack code path: in l2c_rcv_acl_data of l2c_main.cc there is an out-of-bounds read due to an incorrect bounds check, potentially enabling local information disclosure with system privileges. Exploitation context is no...
CVE-2020-0129
CVE-2020-0129 affects Android 10, due to an out-of-bounds write in SetData of btm_ble_multi_adv.cc caused by an incorrect bounds check. This can lead to local elevation of privilege without user interaction, as documented in multiple sources (NVD entry and Red Hat/Samsung references). Affected co...
CVE-2020-0133
CVE-2020-0133 affects Android 10. The issue arises in MockLocationAppPreferenceController.java where a permissions bypass allows spoofing GPS location, enabling local privilege escalation. Exploitation details are not publicly provided in the connected documents; the NVD entry lists local attack ...
CVE-2020-0146
CVE-2020-0146 affects Android 10 in the btu_hcif hardware path (btu_hcif.cc). The issue is a missing bounds check that enables an out-of-bounds read, potentially allowing local information disclosure with system privileges. No user interaction is required. The Red Hat and NVD entries corroborate ...
CVE-2020-0154
CVE-2020-0154 affects Android 10 with the vulnerability located in the nci_proc_core_rsp function of nci_hrcv.cc. The root cause is an out-of-bounds read due to an incorrect bounds check, which could enable local information disclosure on devices with System privileges and requires no user intera...
CVE-2020-0178
CVE-2020-0178 affects Android 10, specifically the SettingsProvider.cpp getAllConfigFlags function. The root cause is a missing permission check that enables a possible illegal read, leading to local information disclosure of configuration flags without extra execution privileges. Exploitation de...
CVE-2020-0199
CVE-2020-0199 affects Android 10 with a race-condition in TimeCheck.cpp TimeCheckThread::threadLoop that can cause use-after-free and local information disclosure, potentially gaining system privileges. The description specifies no user interaction required. Connected sources repeat the same deta...
CVE-2020-0200
CVE-2020-0200 is an Android 10 issue affecting the Media Framework: a missing bounds check in ReadLittleEndian within raw_bit_reader.cc can trigger an out-of-bounds read and information disclosure. The NVD entry notes network access as the attack vector with no execution privileges, while the CVS...
CVE-2020-0216
Technical details about CVE-2020-0216 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2020-0281
CVE-2020-0281 describes an NFC-related out-of-bounds read in Android 11 that could enable remote information disclosure due to a missing bounds check. The issue affects NFC handling and is listed with a root cause of insufficient bounds checking, leading to a potential information leak. Reported ...
CVE-2020-0298
CVE-2020-0298: A local elevation-of-privilege in Android 11 Bluetooth due to a missing permission check that allows an attacker to enable/disable Bluetooth without user interaction. Affects Bluetooth subsystem; root cause is lack of permission validation in Bluetooth flow, enabling local privileg...
CVE-2020-0304
CVE-2020-0304 affects Android 11; a flaw in Settings allows an unsafe PendingIntent to bypass permission, leading to local information disclosure with no user interaction. The root cause is inadequate validation of PendingIntent handlers, enabling a local attacker with physical or remote access t...
CVE-2020-0317
CVE-2020-0317 affects Android 11, where UsageStatsManager may access protected data due to a missing permission check. The described issue is a local information disclosure with no required user interaction. Documents confirm that Android 11 includes security fixes and release notes listing mitig...
CVE-2020-0318
The CVE-2020-0318 entry affects Android 11 System UI, where an uncaught exception can crash the system, causing a local Denial of Service without requiring user interaction. The impact is a local, permanent DoS on affected devices, with no confidentiality/integrity concerns stated. Exploitation i...
CVE-2020-0328
CVE-2020-0328 affects Android 11, with a vulnerability in the camera component where an integer overflow can trigger an out-of-bounds read. This may lead to local information disclosure and system-level execution privileges, without user interaction. The issue is documented across multiple source...
CVE-2020-0331
CVE-2020-0331 affects Android 11, describing a permissions bypass in Settings that can lead to local disclosure of the device IMEI. Exploitation is local, with low attack complexity, requiring LOW privileges and no user interaction. The issue is documented across multiple sources (NVD, Red Hat, P...
CVE-2020-0353
CVE-2020-0353 affects Android 11 and is tied to the libmp4extractor component. The issue is a missing bounds check that can cause resource exhaustion, leading to a remote Denial of Service without requiring additional privileges. Exploitation requires user interaction. The vulnerability is docume...
CVE-2020-0476
CVE-2020-0476 describes a vulnerability in Android 11 where, in onNotificationRemoved of Assistant.java, sensitive information could leak to logs, enabling local information disclosure without user interaction (privilege: System execution required). Affects Android-11 devices per the initial desc...
CVE-2020-0485
CVE-2020-0485 affects Android 11. In UsbBackend.java’s areFunctionsSupported, a missing permission check can allow tethering access from a guest account, enabling local elevation of privilege with no user interaction. According to NVD, the CVSSv3.1 vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I...
CVE-2020-0488
CVE-2020-0488 affects Android 11 on Pixel devices, with a vulnerability in the media processing path: in ihevc_inter_pred_chroma_copy_ssse3 (file ihevc_inter_pred_filters_ssse3_intr.c), uninitialized data can cause information disclosure. Impact is partial confidentiality loss, remote information...
CVE-2020-0489
CVE-2020-0489 involves a suspected out-of-bounds write in the Android media framework (Parse_data in eas_mdls.c) which could lead to remote code execution in the media extractor. Affected software is Android 11, notably Pixel devices. The root cause is a missing bounds check in Parse_data, enabli...
CVE-2020-10836
CVE-2020-10836 affects Samsung mobile devices with Exynos (O(8.x), P(9.0), Q(10.0)). The Widevine Trustlet permits read/write access to arbitrary memory, indicating a memory-safety/Trustlet isolation flaw. CVSSv3.1 base score 9.8 (CRITICAL); access is network-based with no authentication required...