8153 matches found
CVE-2018-14981
CVE-2018-14981 affects LG devices running Android 6.0–8.1, where the SystemUI application’s intents grant incorrect access control. The root cause is an access-control fault in SystemUI intents, enabling bypass of security restrictions; exploitation status is not detailed in the provided document...
CVE-2018-21061
CVE-2018-21061 affects Samsung mobile devices running N(7.1) and O(8.x). The issue allows a counterfeit/“fake” charger to execute critical functions while the device is locked, enabling partial confidentiality, integrity, and availability impacts as indicated in CVSS vectors. The problem is descr...
CVE-2018-9448
CVE-2018-9448 affects Android 8.0 and 8.1, with a vulnerability in avct_bcb_msg_ind (avct_bcb_act.cc) caused by a missing bounds check that could enable remote information disclosure without user interaction or additional privileges. The issue is categorized as an information-disclosure risk (no ...
CVE-2019-20560
CVE-2019-20560 affects Samsung mobile devices on O(8.x) and P(9.0) with TEEGRIS. The BIOSUB Trustlet has an out-of-bounds write vulnerability. Connected sources (Red Hat, NVD/NVD list) confirm the issue description but do not provide affected product versions beyond the Samsung device/software fa...
CVE-2019-20565
Technical details about CVE-2019-20565 are not publicly available in the provided connected documents. Monitor for updates from vendors and security trackers.
CVE-2018-11912
The CVE-2018-11912 entry concerns CAF-based Android/Linux that may allow unprivileged access due to improper daemon configuration. Affected: Android releases for MSM, Firefox OS for MSM, and QRD Android built on CAF Linux kernel. Root cause stated as misconfigured daemons; impact described as unp...
CVE-2018-11919
Technical details (affected products, root cause, impact, and fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2018-11962
CVE-2018-11962 affects Qualcomm audio components. The issue is a Use-After-Free in the heap during loading of audio effects config in the audio effects factory. It is a local (LOCAL) vulnerability with low attack complexity and requires no user interaction, per CVSS data (AV:L, AC:L, PR:L, UI:N, ...
CVE-2018-11963
CVE-2018-11963 affects Android platforms based on CAF’s Linux kernel, with the issue localized to the camera JPEG driver. The root cause is a buffer overread caused by non-null terminated strings during processing of vsprintf, potentially enabling a local attacker with access to expose or corrupt...
CVE-2018-11983
CVE-2018-11983 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built on CAF’s Linux kernel. The vulnerability is a kernel memory-management error where code accesses freed mask pointers after reallocating memory for a mask table, constituting a fault in the kernel’s ha...
CVE-2018-21059
The CVE-2018-21059 entry describes an information-disclosure issue on Samsung mobile devices running Android N (7.x) and O (8.x). Clipboard content is visible in the locked state via the emergency contact picker, exposing potentially sensitive data. Samsung’s internal identifier SVE-2018-11806 is...
CVE-2018-21060
Technical details about CVE-2018-21060 are not publicly provided in the supplied documents. Monitor for updates. The records reiterate a Samsung keyboard-leak issue but do not specify affected components, versions, or fixes.
CVE-2018-3561
CVE-2018-3561 is a Qualcomm Diagchar-related issue affecting Android on MSM devices. The root cause is a race condition in diag_ioctl_lsm_deinit() that leads to a Use-After-Free condition. The vulnerability is characterized as Elevation of Privilege (EoP) with local access requirements and high i...
CVE-2018-3574
CVE-2018-3574 describes a vulnerability in CAF Android kernel userspace cache maintenance for ION buffers where the ION_FLAG_SECURE flag is not set, causing the kernel to perform cache maintenance on memory that does not belong to HLOS. The provided sources (NVD entry and Debian/Ubuntu security t...
CVE-2018-3578
CVE-2018-3578 is a heap overflow in the Qualcomm WLAN component caused by a type mismatch for ie_len, leading Android CAF/Linux kernel builds to allocate insufficient heap memory. The issue is described as a local vulnerability with HIGH impact (CVSS3: LOCAL, LOW complexity, NO privileges, USER i...
CVE-2018-3587
CVE-2018-3587 is tied to the Qualcomm qcacld-2.0 WLAN driver in Android CAF builds, where a Use-After-Free in a firmware memory dump feature can lead to Elevation of Privilege (EoP). The NVD listing shows a CVSS v3 base score of 7.8 (HIGH) with LOCAL attack vector, low complexity, and privileges ...
CVE-2018-3599
CVE-2018-3599 is a Use-After-Free in Qualcomm Core Services affecting Qualcomm Android for MSM/CAF-based Android builds (Linux kernel pre-2018-04-05 patch). The issue occurs when notifying a DCI client, enabling EoP with high/critical impact per the Android Pixel bulletin. Mitigation is to apply ...
CVE-2018-5863
CVE-2018-5863 is a buffer overflow in WLAN HOST caused by an overly large WPA RSN IE length processed by wlan_hdd_cfg80211_set_ie(). Affected are Android releases (Android for MSM, Firefox OS for MSM, QRD Android) provided by CAF on the Linux kernel. The description confirms a memory corruption v...
CVE-2018-5893
CVE-2018-5893 is a buffer overwrite in the Qualcomm WLAN driver (htt_t2h_msg_handler_fast()) within Android CAF/Linux kernel for MSM devices. Root cause: buffer overwrite during firmware message processing. Affected: Qualcomm WLAN component in Android on CAF Android for MSM, Firefox OS for MSM, Q...
CVE-2018-5896
CVE-2018-5896 affects Android CAF builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) prior to the 2018-06-05 security patch level. The issue is a kernel panic caused by an out-of-bounds read from not checking the source buffer length against the packet stream length ...
CVE-2018-9453
CVE-2018-9453 describes a local information-disclosure vulnerability in Android where, in avdt_msg_prs_cfg of avdt_msg.cc, a missing bounds check allows an out-of-bounds read. Affects Android versions 6.0–8.1 (including 6.0.0/6.0.1, 7.0, 7.1.x, 8.0, 8.1). The underlying issue is a missing bounds ...
CVE-2018-9529
CVE-2018-9529 affects Android 9 and is triggered by an out-of-bounds write in ixheaacd_individual_ch_stream within ixheaacd_channel.c caused by a missing bounds check. The issue could allow remote code execution with no privileges, with user interaction required for exploitation. No exploitation ...
CVE-2018-9530
CVE-2018-9530 affects Android 9, where in file ixheaacd_aac_tns.c (function ixheaacd_tns_ar_filter_dec) there is a missing bounds check causing a possible out-of-bounds write. This could enable remote code execution with no extra privileges and requires user interaction to exploit. The Android se...
CVE-2018-9535
CVE-2018-9535 is a vulnerability in Android 9 where ixheaacd_reset_acelp_data_fix in ixheaacd_lpc.c can write out of bounds due to a missing bounds check, enabling remote code execution with network attack vector and user interaction required. The issue is documented in NVD for Android 9 and echo...
CVE-2018-9540
The CVE-2018-9540 issue affects Android’s Bluetooth stack. In avrc_ctrl_pars_vendor_rsp (avrc_pars_ct.c) a missing bounds check allows an out-of-bounds read, enabling remote information disclosure over Bluetooth without user interaction or added privileges. Affected: Android 7.0–9 (Android-7.0, 7...
CVE-2018-9553
CVE-2018-9553 : In MasteringMetadata::Parse of mkvparser.cc, a double-free can occur due to an insecure default value, enabling remote code execution. Affected: Android devices/versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation requires user interaction (local attack). Evidence ties this CVE ...
CVE-2018-9572
CVE-2018-9572 affects Android 9 in the impd_drc_parse_coeff function of impd_drc_static_payload.c, where a missing bounds check can cause an out-of-bounds write leading to remote code execution with no privileges and requiring user interaction for exploitation. The issue is documented in multiple...
CVE-2018-9575
CVE-2018-9575 affects Android 9, with a vulnerability in impd_parse_dwnmix_instructions in impd_drc_static_payload.c. The root cause is a missing bounds check, causing an out-of-bounds write that could enable remote code execution. Exploitation is described as requiring user interaction, and the ...
CVE-2019-2040
CVE-2019-2040 affects Android 9 (rw_i93_process_ext_sys_info in rw_i93.cc). It is caused by a missing bounds check, leading to a possible out-of-bounds read and local information disclosure; exploitation requires user interaction. The Android Security Bulletin assigns this vulnerability to the Sy...
CVE-2019-20539
CVE-2019-20539 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) on Broadcom chipsets. The vulnerability is an out-of-bounds read in the Wi-Fi vendor command, leading to information leakage. Impact is described as partial confidentiality loss; no exploit details are provided in th...
CVE-2019-20541
The CVE-2019-20541 entry concerns Samsung mobile devices running Android P (9.0) on Exynos chipsets, where the Wi-Fi kernel drivers are affected by a stack overflow. Affected Samsung IDs include SVE-2019-14965, 14966, 14968–14970, 14980–14984, 15122–15123 (November 2019). The issue originates in ...
CVE-2019-20561
CVE-2019-20561 refers to a vulnerability in Samsung mobile devices with N(7.x), O(8.x), and P(9.0) Exynos chipsets where the bootloader contains an integer signedness error (Samsung ID SVE-2019-15230). Public documents across NVD and Red Hat cite the same issue; no product-specific exploit detail...
CVE-2019-20572
CVE-2019-20572 describes a buffer overflow in the load_kernel path on Samsung mobile devices with Exynos chips running O(8.1) and P(9.0). The issue is triggered by untrusted data and is documented across multiple feeds (NVD entry and Red Hat/CVE references) under the Samsung ID SVE-2019-14939. Th...
CVE-2019-2060
CVE-2019-2060 affects the Android 10 libxaac library, with a potential out-of-bounds read due to a missing bounds check that could lead to information disclosure. Exploitation requires user interaction. Affected product/version: Android 10; Android ID A-112709994. CVSS data from NVD indicates a b...
CVE-2019-20622
CVE-2019-20622 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) on Exynos chipsets, via a baseband stack overflow. The issue is identified with Samsung’s internal reference SVE-2018-13188 (Feb 2019). The NVD entry lists a high-severity, network-exposed vulnerability with a base s...
CVE-2019-2068
CVE-2019-2068 affects Android 10 via libxaac, where an out-of-bounds write due to a missing bounds check could enable remote code execution. Exploitation requires user interaction; the CVSS data indicates network access as a potential vector (NVD) and high impact (RCE) per Android bulletin. Remed...
CVE-2019-2071
CVE-2019-2071 affects Android 10 via the libxaac library. The issue is an out-of-bounds write caused by a missing bounds check in libxaac, enabling remote code execution with no required privileges and with user interaction needed to exploit. The impact is consistent with a high-severity remote c...
CVE-2019-2081
Affected component: libxaac in Android 10. Root cause: out-of-bounds write due to a missing bounds check, enabling potential remote code execution. Impact: attacker could execute code remotely with no privileges; user interaction is required for exploitation. Exploitation status not detailed in t...
CVE-2019-2082
CVE-2019-2082 is a vulnerability in the Android libxaac library where an out-of-bounds write arises from a missing bounds check in libxaac. The issue could enable remote code execution on Android 10 with no extra privileges, and exploitation requires user interaction. Affected component: libxaac ...
CVE-2019-2143
CVE-2019-2143 affects Android 10, in the libxaac library. The issue is an out-of-bounds read caused by a missing bounds check, leading to potential information disclosure. Exploitation requires user interaction, and the description does not indicate remote execution or other privileges. Connected...
CVE-2019-2152
CVE-2019-2152 affects libxaac in Android 10 (Android-10). The issue is an out-of-bounds read caused by a missing bounds check, which could lead to information disclosure without requiring additional execution privileges. Exploitation requires user interaction. The CVE is listed in the Android 10 ...
CVE-2019-2153
CVE-2019-2153 affects libxaac in Android 10, where an out-of-bounds read due to a missing bounds check can disclose information. The vulnerability permits information leakage without execution rights, requiring user interaction to exploit. Documented references indicate the issue is part of the A...
CVE-2019-9238
The CVE-2019-9238 entry concerns the NFC stack in Android 10, where a missing bounds check can cause an out-of-bounds write. This leads to local elevation of privilege with System execution privileges required, and exploitation requires user interaction. The available connected documents corrobor...
CVE-2019-9241
CVE-2019-9241 affects Android 10 Bluetooth, describing an out-of-bounds read due to a missing bounds check that could enable remote information disclosure with no user interaction or privileges. CVSS indicates network-based exploitation with high confidentiality impact. Remediation is provided by...
CVE-2019-9265
CVE-2019-9265 affects Android 10 Bluetooth, where an incorrect bounds check enables an out-of-bounds read that could disclose information remotely without extra privileges or user interaction. Documented impact is information disclosure; no exploitation details are provided in the available sourc...
CVE-2019-9280
CVE-2019-9280 affects Android 10 (Framework). The issue is an elevation-of-privilege in the keyguard caused by improper permission checks, enabling a local bypass of the keyguard under limited circumstances. Exploitation requires user execution privileges, but no user interaction is required. Aff...
CVE-2019-9284
The CVE-2019-9284 entry describes a Bluetooth out-of-bounds read in Android 10 that could lead to remote information disclosure without user interaction due to a missing bounds check. Connected sources confirm the vulnerability affects Android-10 Bluetooth components and is addressed in the Andro...
CVE-2019-9300
CVE-2019-9300 describes a vulnerability in Android 10’s Media Framework (libAACdec) where an integer overflow can trigger an out-of-bounds write, enabling remote code execution. The issue affects Android 10 and is associated with Android’s libAACdec component; the root cause is an out-of-bounds w...
CVE-2019-9329
CVE-2019-9329 affects Android 10, where a Bluetooth out-of-bounds read can occur due to uninitialized data, enabling remote information disclosure without privileges or user interaction. The affected component is Bluetooth in Android 10 devices; root cause is an out-of-bounds read from uninitiali...
CVE-2019-9332
The CVE-2019-9332 entry concerns the Android 10 Bluetooth stack, where a missing bounds check enables an out-of-bounds read. This could allow remote information disclosure without user interaction or privileges, over a network vector (low complexity). The issue is documented in NVD and Red Hat’s ...