Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/06/11 2:43 p.m.43 views

CVE-2020-0233

CVE-2020-0233 describes a memory corruption in Android’s kernel due to a use-after-free in main.cpp, enabling local elevation of privilege without extra user interaction. Documented impact: local attacker could escalate privileges; exploitation status is not provided in the sources. Affected comp...

7.8CVSS8.3AI score0.00157EPSS
CVE
CVE
added 2020/06/16 1:30 p.m.43 views

CVE-2020-0234

CVE-2020-0234 affects the Android kernel audio component (kernel driver for msm-cirrus playback). The issue is in crus_afe_get_param in msm-cirrus-playback.c, where a missing bounds check allows an out-of-bounds write. This can enable local privilege escalation with no extra privileges and no use...

7.8CVSS8.2AI score0.0015EPSS
CVE
CVE
added 2020/12/15 3:53 p.m.43 views

CVE-2020-0280

CVE-2020-0280 affects Android 11 and is caused by an out-of-bounds read in nci_proc_ee_management_rsp of nci_hrcv.cc due to a missing bounds check. This can lead to local information disclosure with no additional execution privileges; exploitation requires user interaction. The documentation does...

5.5CVSS5.7AI score0.00158EPSS
CVE
CVE
added 2020/09/17 8:54 p.m.43 views

CVE-2020-0324

Summary: CVE-2020-0324 affects Android 11 via the libsonivox component, where a missing bounds check can cause an out-of-bounds read. This leads to potential remote information disclosure without execution privileges, with user interaction required to exploit. Evidence from provided documents: Th...

6.5CVSS6.5AI score0.00835EPSS
CVE
CVE
added 2020/09/17 8:45 p.m.43 views

CVE-2020-0337

CVE-2020-0337 affects Android 11 in the MediaProvider component, where a permissions-check bypass can occur due to a confused deputy, enabling local information disclosure without user interaction. Affected product: Android 11 (Android framework). Root cause: flawed permission check leading to in...

5.5CVSS6.1AI score0.00141EPSS
CVE
CVE
added 2020/09/18 3:27 p.m.43 views

CVE-2020-0348

CVE-2020-0348 affects Android 11 and is tied to the NFC subsystem. The issue is an out-of-bounds read caused by a missing bounds check, potentially enabling remote information disclosure over NFC without user interaction (as per the NVD/Red Hat/CNVD entries). The vulnerability is associated with ...

4.9CVSS5.5AI score0.00689EPSS
CVE
CVE
added 2020/09/17 8:53 p.m.43 views

CVE-2020-0357

CVE-2020-0357 affects Android 11, specifically the SurfaceFlinger component. The issue is a use-after-free caused by improper locking, enabling local escalation of privilege in the graphics server without extra execution privileges or user interaction. Other documents confirm this CVE is addresse...

7.8CVSS8.2AI score0.0012EPSS
CVE
CVE
added 2020/09/17 8:53 p.m.43 views

CVE-2020-0358

CVE-2020-0358: In Android's SurfaceFlinger, a race condition leads to a use-after-free vulnerability. This is a local elevation-of-privilege issue on Android 11, requiring System privileges with no user interaction. CVSS data (3.1) indicates LOCAL, HIGH-privileges, with Confidentiality/Integrity/...

6.4CVSS7AI score0.00109EPSS
CVE
CVE
added 2020/09/17 8:58 p.m.43 views

CVE-2020-0374

CVE-2020-0374 concerns Android 11/NFC where an unsafe PendingIntent can bypass a permission, enabling local elevation of privilege with user rights granted to the attacker. Affected component is the NFC handling path; attack requires local access and does not require user interaction according to...

7.8CVSS8.2AI score0.00163EPSS
CVE
CVE
added 2020/09/17 8:53 p.m.43 views

CVE-2020-0406

CVE-2020-0406 affects Android 11 via the libmpeg2dec component. The issue is an out-of-bounds write caused by a missing bounds check in libmpeg2dec, enabling local privilege escalation if triggered with certain parameters; exploitation requires user interaction and does not require prior executio...

7.8CVSS8.2AI score0.00423EPSS
CVE
CVE
added 2020/12/15 3:56 p.m.43 views

CVE-2020-0488

CVE-2020-0488 affects Android 11 on Pixel devices, with a vulnerability in the media processing path: in ihevc_inter_pred_chroma_copy_ssse3 (file ihevc_inter_pred_filters_ssse3_intr.c), uninitialized data can cause information disclosure. Impact is partial confidentiality loss, remote information...

6.5CVSS6.6AI score0.00702EPSS
CVE
CVE
added 2020/12/15 3:57 p.m.43 views

CVE-2020-0497

Technical details about CVE-2020-0497 are not provided in the supplied documents beyond the basic Android biometric disclosure information. Monitor for updates for any new specifics on affected components, affected versions, impact, and remediation.

5.5CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2020/04/08 3:35 p.m.43 views

CVE-2020-11607

CVE-2020-11607 concerns Samsung mobile devices running P(9.0)/Q(10.0). The issue is a notification exposure in Lockdown mode caused by the Edge Lighting application, enabling potential information disclosure. Affected component: Edge Lighting on affected Samsung firmware. Root cause: not explicit...

5.3CVSS5.4AI score0.00396EPSS
CVE
CVE
added 2020/07/07 1:33 p.m.43 views

CVE-2020-15577

Samsung mobile devices running P (9.0) and Q (10.0) software are affected by CVE-2020-15577 via the Cameralyzer component, which can write files to the SD card. Root cause: Cameralyzer ability to write to external storage leads to unauthorized file writes. Impact: potential modification or insert...

5.5CVSS5.7AI score0.00131EPSS
CVE
CVE
added 2020/07/07 1:20 p.m.43 views

CVE-2020-15584

CVE-2020-15584 affects Samsung mobile devices running Q(10.0). The issue arises when processing a 4K wallpaper image, where ImageProcessHelper mishandles boundary checks, causing out-of-bounds access that can lead to a device reset. Samsung’s internal ID for this vulnerability is SVE-2020-18056 (...

7.1CVSS5.5AI score0.00274EPSS
CVE
CVE
added 2020/08/31 8:23 p.m.43 views

CVE-2020-25053

CVE-2020-25053 affects Samsung mobile devices running Android Q (10.0) on Exynos9830. Root cause: RKP permits arbitrary code execution. Impact: remote code execution with high severity (CVSS v3.1 base 9.8, network access, no user interaction). Exploitation details are not provided in the document...

9.8CVSS9.7AI score0.00678EPSS
CVE
CVE
added 2020/09/11 9:7 p.m.43 views

CVE-2020-25280

CVE-2020-25280 affects Samsung mobile devices running Android Q (10.0) on Exynos and MediaTek chipsets. Unauthenticated attackers could send a USB debugging command to execute LTE/5G commands, with impact to confidentiality, integrity, and availability listed as high in CVSS 3.1 (PHYSICAL access,...

6.8CVSS7AI score0.00159EPSS
CVE
CVE
added 2020/12/15 4:1 p.m.43 views

CVE-2020-27032

In CVE-2020-27032, a missing permission check in getRadioAccessFamily() of PhoneInterfaceManager.java allows a local attacker to read privileged radio data on Android-11, potentially leading to information disclosure without user interaction. Affected component is the Android framework (PhoneInte...

5.5CVSS5.6AI score0.00133EPSS
CVE
CVE
added 2020/12/15 4:5 p.m.43 views

CVE-2020-27048

CVE-2020-27048 affects Android 11 and targets the RW_SendRawFrame path in rw_main.cc, where a missing bounds check allows an out-of-bounds write. This can lead to local escalation of privilege with no extra execution privileges required, and exploitation requires user interaction. The issue is li...

7.8CVSS8.2AI score0.00416EPSS
CVE
CVE
added 2021/03/10 3:55 p.m.43 views

CVE-2021-0372

CVE-2021-0372 is a local elevation of privilege in Android 11 via getMediaOutputSliceAction in RemoteMediaSlice.java, caused by an unsafe PendingIntent that bypasses permissions without requiring user interaction. The impact is escalation to higher privileges (HIGH per CVSSv3.1) with local access...

7.8CVSS7.7AI score0.00115EPSS
CVE
CVE
added 2021/03/10 4:13 p.m.43 views

CVE-2021-0389

CVE-2021-0389 affects Android 11; root cause is a missing permission check in UiModeManagerService.setNightModeActivated (UiModeManagerService.java). This permits local privilege escalation without additional execution privileges and without user interaction. Public information confirms the issue...

7.8CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2021/08/18 2:43 p.m.43 views

CVE-2021-0416

CVE-2021-0416 concerns the Mediatek memory management driver. The available descriptions state a vulnerability due to improper input validation that can cause a system crash, yielding local denial of service without requiring user interaction. Affected components are described as the memory manag...

5.5CVSS5.4AI score0.00109EPSS
CVE
CVE
added 2021/08/18 2:43 p.m.43 views

CVE-2021-0418

CVE-2021-0418 concerns the Mediatek memory management driver, where improper input validation can cause a local system crash leading to denial of service without user interaction. The issue is described across multiple sources (NVD, Red Hat) with the same core weakness. The patch reference provid...

5.5CVSS5.4AI score0.00109EPSS
CVE
CVE
added 2021/03/10 4:18 p.m.43 views

CVE-2021-0461

CVE-2021-0461 (Android kernel, iaxxx-core sensor) : The issue arises in iaxxx_core_sensor_change_state within iaxxx-module.c, where a missing bounds check can cause an out-of-bounds write. This leads to local escalation of privilege with System execution privileges required, and exploitation does...

6.7CVSS6.7AI score0.00124EPSS
CVE
CVE
added 2021/06/11 4:42 p.m.43 views

CVE-2021-0497

CVE-2021-0497 describes a memory corruption vulnerability in the Android memory management driver caused by a use-after-free. This can enable local escalation of privilege without user interaction. Affected component is the Android memory management driver on Android SoCs with Android ID A-183461...

7.8CVSS7.8AI score0.00129EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.43 views

CVE-2021-0531

CVE-2021-0531 affects the memory management driver in Android, specifically MTK memory management components, with a use-after-free leading to local privilege escalation and high impact as described in multiple sources. The vulnerability is a memory corruption issue in the memory management drive...

7.8CVSS7.8AI score0.00116EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.43 views

CVE-2021-0613

CVE-2021-0613 affects MediaTek’s asf extractor component. It describes an out-of-bounds read caused by an incorrect bounds check, enabling local information disclosure without extra privileges or user interaction. A patch/issue reference is ALPS05489178 (MediaTek bulletin). Exploitation details (...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/11/18 2:54 p.m.43 views

CVE-2021-0620

CVE-2021-0620 affects the asf extractor component, where an out-of-bounds read caused by a heap buffer overflow could lead to local information disclosure without additional execution privileges. Exploitation details are not provided in the documents. The issue is associated with a patch: ALPS054...

5.5CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2021/11/18 2:55 p.m.43 views

CVE-2021-0624

CVE-2021-0624 affects the flv extractor component; the root cause is an out-of-bounds read caused by a heap buffer overflow, leading to local information disclosure without extra execution privileges and with no user interaction required. The vulnerability is referenced with Patch ID ALPS05594988...

5.5CVSS5.2AI score0.00122EPSS
CVE
CVE
added 2021/11/18 2:58 p.m.43 views

CVE-2021-0666

CVE-2021-0666 concerns MediaTek’s Apusys component where an incorrect bounds check can cause an out-of-bounds read. This leads to local information disclosure with system execution privileges needed to exploit, and does not require user interaction. The vulnerability is documented across multiple...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/11/18 2:58 p.m.43 views

CVE-2021-0670

The CVE-2021-0670 entry concerns an issue in the apusys component where a use-after-free can cause memory corruption, enabling local escalation of privilege with SYSTEM execution privileges; exploitation reportedly does not require user interaction. Patch ID ALPS05654663 (Issue ID ALPS05654663) i...

7.2CVSS6.8AI score0.0012EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.43 views

CVE-2021-0902

CVE-2021-0902 affects MediaTek Apusys. The issue is an out-of-bounds read caused by an incorrect bounds check in apusys, potentially leading to local information disclosure with SYSTEM privileges required for exploitation and no user interaction. Public details in the initial and connected record...

4.4CVSS4.2AI score0.00116EPSS
CVE
CVE
added 2021/12/15 6:6 p.m.43 views

CVE-2021-1038

CVE-2021-1038 describes a DoS via a tapjacking/overlay vulnerability in UserDetailsActivity of AndroidManifest.xml, affecting Android 9–12. The root cause is an overlay/tapjacking issue that can cause local denial of service with no extra privileges; exploitation requires user interaction per CVS...

5.5CVSS5.3AI score0.00111EPSS
CVE
CVE
added 2021/01/05 5:54 p.m.43 views

CVE-2021-22495

CVE-2021-22495 affects Samsung mobile devices with Exynos SoCs (O/8.x, P/9.0, Q/10.0, R/11.0) where the Mali GPU driver permits out-of-bounds access and can trigger a device reset. This is documented across multiple sources in the connected docs (NVD, Red Hat advisory, CVE records), referencing S...

7.1CVSS5.6AI score0.0027EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.43 views

CVE-2021-25386

Summary: The vulnerability CVE-2021-25386 affects the Samsung libsdffextractor library, specifically the improper input validation in the function sdfffd_parse_chunk_FVER(). This can allow attackers to execute arbitrary code on the mediaextractor process. Affected component: libsdffextractor (pri...

9.8CVSS9.6AI score0.00634EPSS
CVE
CVE
added 2021/06/11 2:45 p.m.43 views

CVE-2021-25389

Samsung CVE-2021-25389 affects S Secure prior to SMR MAY-2021 Release 1, due to an improper running task check that could allow a user to access a locked app without authentication. Affected: Samsung devices running S Secure; Root cause: faulty task-check logic. Impact: partial confidentiality an...

6.1CVSS6.2AI score0.00113EPSS
CVE
CVE
added 2021/10/06 5:8 p.m.43 views

CVE-2021-25472

The CVE-2021-25472 entry concerns an improper access control vulnerability in BluetoothSettingsProvider for Samsung SMR releases. Affected component: BluetoothSettingsProvider prior to SMR Oct-2021 Release 1. Condition: an untrusted application can overwrite certain Bluetooth information due to w...

4CVSS4.1AI score0.00099EPSS
CVE
CVE
added 2021/10/06 5:8 p.m.43 views

CVE-2021-25473

CVE-2021-25473 affects Samsung Galaxy SystemUI prior to SMR Oct-2021 Release 1. The issue is an improper exception handling for the multi_sim_bar_hide_by_meadia_full value, which can allow a local attacker to cause a permanent denial of service on the user device before factory reset. Supported m...

4.9CVSS4.7AI score0.00101EPSS
CVE
CVE
added 2021/11/05 2:3 a.m.43 views

CVE-2021-25503

CVE-2021-25503 is an improper input validation vulnerability in Samsung HDCP prior to SMR Nov-2021 Release 1 that enables arbitrary code execution. Affected component: HDCP; root cause: input validation weakness. Local attack vector with low complexity and no authentication required (per CVSS). I...

6.7CVSS6.9AI score0.00112EPSS
CVE
CVE
added 2022/09/09 2:40 p.m.43 views

CVE-2022-36856

The CVE-2022-36856 entry concerns Samsung Telecom application on mobile devices. Affected component: Telecom application prior to SMR Sep-2022 Release 1. Root cause: improper access control that allowed an attacker to start emergency calls via undefined permission. Impact: demonstrated capability...

4CVSS4.1AI score0.00086EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.43 views

CVE-2022-47477

CVE-2022-47477 affects the telephony service, with a missing permission check leading to local information disclosure without requiring additional execution privileges. The linked documents consistently describe a zero-day-style local disclosure risk via the telephony module (e.g., UNISOC telepho...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.43 views

CVE-2022-47478

Affected software: telephony service. Root cause: missing permission check leading to potential local information disclosure. Impact: local information disclosure without additional execution privileges; confidentiality impact HIGH, as per CVE entry. Exploitation status: not described in the prov...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.43 views

CVE-2022-47497

The CVE-2022-47497 entry concerns the soter service, with a root cause described as a missing bounds check that enables an out-of-bounds write. This could cause local denial of service with system execution privileges required. Affected context appears to be UNISOC/“soter service” components acro...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.43 views

CVE-2022-48232

CVE-2022-48232 concerns UNISOC chipsets’ FM service with a missing parameter check, enabling local denial of service. Connected sources corroborate a local impact; exploitation details are not provided, and there is no publicly available fix information in the supplied documents. Monitor for upda...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.43 views

CVE-2022-48386

The CVE-2022-48386 entry concerns the apipe driver with a use-after-free caused by a logic error, leading to local denial of service with SYSTEM privileges. This is documented across multiple feeds (NVD, Red Hat, CVE List) and references UNISOC chipsets’ apipe driver. No explicit patch/version re...

4.4CVSS4.8AI score0.00093EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.43 views

CVE-2022-48452

CVE-2022-48452 affects Ifaa service used in UNISOC chipsets. The root cause is a missing permission check, enabling local denial of service with SYSTEM privileges required. Exploitation is described as local (no UI interaction). The CVE entry shows a MEDIUM severity (CVSS v3.1: 4.4) with PRIVILEG...

4.4CVSS4.7AI score0.00084EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.43 views

CVE-2023-20719

The CVE-2023-20719 issue affects the pqframework. It describes an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with high confidentiality impact and requiring system privileges, with no user interaction needed. Mitigation/Remediation: Patch...

4.4CVSS4.2AI score0.00105EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.43 views

CVE-2023-20720

CVE-2023-20720 affects the pqframework component. The issue is an out-of-bounds read caused by a missing bounds check, enabling local escalation of privilege with SYSTEM-level execution privileges required. Exploitation does not require user interaction. The code is associated with patch ALPS0762...

6.7CVSS6.6AI score0.00095EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.43 views

CVE-2023-20750

The CVE-2023-20750 entry concerns the swpm module in MediaTek chips, describing a race-condition that can cause an out-of-bounds write. This could lead to local information disclosure, with system execution privileges needed for exploitation and no user interaction required. Public references not...

4.1CVSS4.1AI score0.00066EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.43 views

CVE-2023-20753

CVE-2023-20753 affects rpmb (MediaTek context in multiple feeds). A logic error enables an out-of-bounds write, which could lead to local privilege escalation with SYSTEM execution privileges required. Exploitation does not require user interaction. A patch is referenced as ALPS07460390 (Issue AL...

6.7CVSS6.7AI score0.00099EPSS
Total number of security vulnerabilities8153