Android Security Vulnerabilities and Issues — Page 140 of Android CVE List

5.5CVSS5.2AI score0.00012EPSS

CVE-2021-0620

In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05561381.

6.7CVSS6.8AI score0.00041EPSS

CVE-2021-0664

In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827158; Issue ID: ALPS05827158.

6.7CVSS6.8AI score0.00018EPSS

CVE-2021-0667

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670581; Issue ID: ALPS05670581.

7.2CVSS6.8AI score0.00015EPSS

CVE-2021-0669

7.2CVSS6.8AI score0.00015EPSS

CVE-2021-0670

CVE•added 2021/12/17 5:15 p.m.•31 views

CVE-2021-0901

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.

6.7CVSS6.8AI score0.00018EPSS

CVE•added 2021/01/05 6:15 p.m.•31 views

CVE-2021-22492

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetooth chipsets) software. The Bluetooth UART driver has a buffer overflow. The Samsung ID is SVE-2020-18731 (January 2021).

8.8CVSS8.8AI score0.0004EPSS

CVE•added 2021/04/23 3:15 p.m.•31 views

CVE-2021-25382

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

6.1CVSS5.5AI score0.00041EPSS

CVE•added 2021/06/11 3:15 p.m.•31 views

CVE-2021-25390

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

4CVSS5.7AI score0.00019EPSS

CVE•added 2021/07/08 2:15 p.m.•31 views

CVE-2021-25426

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.

7.5CVSS7.4AI score0.00123EPSS

CVE•added 2021/09/09 7:15 p.m.•31 views

CVE-2021-25462

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

5.5CVSS5.4AI score0.00017EPSS

7.2CVSS6.9AI score0.00017EPSS

CVE-2021-25467

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

6.7CVSS7AI score0.0002EPSS

CVE-2021-25469

A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

6.7CVSS6.3AI score0.00016EPSS

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.

6.5CVSS6.5AI score0.00062EPSS

CVE-2021-25483

Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

CVE•added 2021/11/05 3:15 a.m.•31 views

CVE-2021-25503

Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.

6.7CVSS6.9AI score0.00018EPSS

CVE•added 2023/05/09 2:15 a.m.•31 views

CVE-2022-47340

In h265 codec firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges.

5.5CVSS5.5AI score0.00014EPSS

CVE•added 2023/03/10 9:15 p.m.•31 views

CVE-2022-47478

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

5.5CVSS5.2AI score0.00011EPSS

CVE•added 2023/05/09 2:15 a.m.•31 views

CVE-2022-47499

In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

4.4CVSS4.7AI score0.0001EPSS

CVE•added 2023/06/06 6:15 a.m.•31 views

CVE-2022-48446

In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/07/04 2:15 a.m.•31 views

CVE-2023-20690

In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735.

7.5CVSS7.4AI score0.01096EPSS

CVE•added 2023/05/15 10:15 p.m.•31 views

CVE-2023-20720

In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.

6.7CVSS6.6AI score0.0002EPSS

CVE•added 2023/06/06 1:15 p.m.•31 views

CVE-2023-20724

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07843845; Issue ID: ALPS07843841.

6.7CVSS6.6AI score0.00014EPSS

CVE•added 2023/06/06 1:15 p.m.•31 views

CVE-2023-20749

In swpm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780926; Issue ID: ALPS07780926.

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2023/08/07 4:15 a.m.•31 views

CVE-2023-20795

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.

6.7CVSS6.7AI score0.0002EPSS

CVE•added 2023/09/04 3:15 a.m.•31 views

CVE-2023-20851

In stc, there is a possible out of bounds read due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08048635; Issue ID: ALPS08048635.

6.3CVSS6.3AI score0.00014EPSS

5.5CVSS5.6AI score0.00015EPSS

CVE-2023-21299

In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

5.5CVSS5.6AI score0.00017EPSS

CVE-2023-21303

In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00026EPSS

CVE-2023-21327

In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploita...

7.5CVSS7.4AI score0.02032EPSS

CVE-2023-21339

In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.00017EPSS

CVE-2023-21340

In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE•added 2023/07/12 9:15 a.m.•31 views

CVE-2023-30924

In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

5.5CVSS5.2AI score0.00021EPSS

4.4CVSS4.3AI score0.00025EPSS

CVE-2023-32852

In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971.

4.4CVSS4.2AI score0.00041EPSS

CVE-2023-32857

In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS07993710.

4.4CVSS4.3AI score0.00025EPSS

CVE-2023-32858

In GZ, there is a possible information disclosure due to a missing data erasing. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07806008; Issue ID: ALPS07806008.

6.7CVSS6.6AI score0.00035EPSS

CVE-2023-32862

In display, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07388762; Issue ID: ALPS07388762.