Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/03/24 6:50 p.m.42 views

CVE-2019-20579

Samsung reports a vulnerability in the Gallery app on Galaxy devices running N(7.x), O(8.x), and P(9.0) that allows attackers to enable location information sharing from the lock screen. The entry references Samsung ID SVE-2019-14462 (August 2019). No concrete exploit details, affected specific m...

2.4CVSS4AI score0.00136EPSS
CVE
CVE
added 2020/03/24 6:58 p.m.42 views

CVE-2019-20587

CVE-2019-20587 corresponds to a type-confusion vulnerability in Samsung mobile devices running O(8.1) and P(9.0) with TEEGRIS. The issue is in the MLDAP Trustlet, enabling arbitrary code execution due to a type confusion flaw. Samsung ID: SVE-2019-14867 (August 2019). Connected sources (Red Hat, ...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/03/24 7:28 p.m.42 views

CVE-2019-20613

CVE-2019-20613 affects Samsung mobile devices running Android N (7.x) and O (8.x). A time-based SQL injection in the Contacts database is described, with Samsung’s internal ID SVE-2018-13452 (March 2019). Multiple connected sources corroborate a SQL injection vulnerability that can expose or mani...

8.1CVSS8.5AI score0.00362EPSS
CVE
CVE
added 2020/03/24 7:33 p.m.42 views

CVE-2019-20618

The vulnerability CVE-2019-20618 affects Samsung mobile devices on Android P (9.0) where the Pin Window feature allows unauthenticated unpinning of an app. The connected Red Hat/EUVD/CNVD/etc. records mirror the same description and confirm the issue stems from Pin Window behavior; no explicit ro...

7.5CVSS7.6AI score0.00333EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-2075

CVE-2019-2075 affects libxaac on Android 10, where a missing bounds check allows an out-of-bounds write that can lead to remote code execution. Exploitation requires user interaction; impact is remote code execution with high severity in the Android 10 context. The issue is confirmed across multi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-2083

CVE-2019-2083 refers to an out-of-bounds write in the Android libxaac library, caused by a missing bounds check. The vulnerability could enable remote code execution on Android 10, with execution requiring user interaction for exploitation. The connected Red Hat and CNVD entries corroborate the s...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-2162

CVE-2019-2162 affects Android 10 via libxaac, where an out-of-bounds read due to a missing bounds check could lead to remote information disclosure. The vulnerability enables information leakage without additional execution privileges, with user interaction required to exploit. Multiple connected...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:21 p.m.42 views

CVE-2019-2188

CVE-2019-2188 affects the Android kernel’s Easel image driver. The issue is memory corruption caused by race conditions, enabling local escalation of privilege to System level without user interaction. Public patch details or fixed versions are not provided in the supplied documents. No exploitat...

6.9CVSS7.2AI score0.00117EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9279

CVE-2019-9279 maps to Android 10’s wifi hotspot service vulnerability: a null pointer dereference causes a remote DoS without user interaction. Affected component is the wifi hotspot service in Android 10; exploitation results in denial of service (availability impact) with network access as the ...

7.5CVSS7.6AI score0.00987EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9288

CVE-2019-9288 affects Android 10 via a missing bounds check in libhidcommand_jni, enabling an out-of-bounds write that could cause local elevation of privilege in the USB service without user interaction. Impact is limited to the USB service and requires no additional privileges. Remediation is a...

6.8CVSS7.2AI score0.00167EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9302

CVE-2019-9302 affects Android 10 via the libAACdec library, where an integer overflow can cause an out-of-bounds write leading to remote code execution. The vulnerability requires user interaction to exploit, with impact described as remote code execution and high severity in the CVSS data. Remed...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9307

CVE-2019-9307 affects Android 10 libAACdec in the Media framework, with an integer overflow causing an out-of-bounds write and remote code execution; user interaction is required for exploitation. Android 10 security release notes indicate fixes with patch level 2019-09-01 or later, but no exploi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9308

CVE-2019-9308 affects Android 10’s libAACdec. The root cause is an out-of-bounds write caused by an integer overflow, enabling remote code execution with no privileges and requiring user interaction to exploit. Remediation is via Android 10 security updates; devices with a patch level of 2019-09-...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9323

CVE-2019-9323 affects the Android Wallpaper Manager service. The issue is an information disclosure caused by a missing permission check, allowing any application to access the wallpaper image without extra privileges, with no user interaction required. The Android 10 release notes indicate this ...

5.3CVSS5.6AI score0.00487EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9333

CVE-2019-9333 affects Android 10 Bluetooth. Root cause: a missing bounds check causes an out-of-bounds read, enabling remote information disclosure without additional execution privileges and without user interaction. CVSS metrics show network attack with low complexity (CVSSv3.1: AV:N/AC:L/PR:N/...

6.5CVSS6.4AI score0.00746EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9334

CVE-2019-9334 concerns the Android 10 ecosystem where a vulnerability in the Media/Library stack (libhevc) allows information disclosure via uninitialized data. The issue affects Android 10 and is described as enabling remote information disclosure with no additional execution privileges; exploit...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9341

Summary : CVE-2019-9341 is a Bluetooth vulnerability in Android 10 where an out-of-bounds read occurs due to a missing bounds check. This could allow remote information disclosure without extra execution privileges and without user interaction. Affected component : Bluetooth stack on Android 10. ...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9348

Summary of CVE-2019-9348 (Android 10, libstagefright) : The vulnerability is a resource exhaustion issue in the Android Media Framework (libstagefright) caused by improper input validation. It could allow a remote denial of service without extra privileges, with user interaction required to explo...

7.1CVSS6.8AI score0.00685EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9350

CVE-2019-9350 corresponds to an Elevation of Privilege in Android 10 Keymaster, caused by a use-after-free in a component handling crypto operations. This vulnerability could allow a local attacker to escalate privileges without additional execution privileges or user interaction, as described ac...

7.8CVSS8.1AI score0.00156EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9351

CVE-2019-9351 affects the Android 10 Framework, specifically a bypass in SyncStatusObserver that allows local information disclosure by failing to enforce a permission check between user profiles. Exploitation is described as requiring no user interaction and provides only local access with parti...

3.3CVSS4.4AI score0.00138EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9394

CVE-2019-9394 affects Android 10, with a Bluetooth vulnerability caused by a missing bounds check in a Bluetooth component that allows remote denial of service without user interaction. The issue is listed in multiple sources (Android 10 security release notes and Red Hat advisory) with the same ...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9419

The CVE-2019-9419 issue affects the Android Bluetooth stack on Android 10. It is a possible out-of-bounds read due to a missing bounds check that can allow remote information disclosure without additional privileges or user interaction. Exploitation would occur over the network. Android’s securit...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2020/03/10 7:56 p.m.42 views

CVE-2020-0044

CVE-2020-0044 affects the Android FPC Fingerprint TEE in the Android kernel. In set_nonce of fpc_ta_qc_auth.c, there is an out-of-bounds read due to a missing bounds check, enabling local information disclosure with system execution privileges required. Exploitation is local and does not require ...

4.4CVSS4.3AI score0.00143EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0142

CVE-2020-0142 describes an information disclosure in Android's rw_i93_sm_format (rw_i93.c) caused by a missing bounds check. The issue allows remote information disclosure with network access and no user interaction. Affected software is Android 10 (as per the CVE entry). The CVSS data provided s...

7.5CVSS7.4AI score0.00804EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0157

CVE-2020-0157: A out-of-bounds read vulnerability in Android's nfa_hci_main.cc (function nfa_hci_conn_cback) could enable remote information disclosure from compromised device firmware. Reported for Android 10; CVSS/EXPL provides network attack vector with low complexity and no user interaction p...

4.9CVSS5.5AI score0.00689EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0162

CVE-2020-0162 affects Android’s Media Framework (MPEG4Extractor.cpp). The vulnerability arises from improper input validation in parseSampleAuxiliaryInformationOffsets, enabling resource exhaustion that could lead to remote Denial of Service on Android 10. The issue’s impact is a DoS with partial...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0165

CVE-2020-0165 affects Android 10. The issue is a potential out-of-bounds write in phNxpNciHal_NfcDep_cmd_ext (nfc driver code), caused by a missing bounds check, enabling local escalation of privilege with System execution privileges; no user interaction required. CVSSv3.1 base score 6.7 (Local, ...

7.2CVSS7.2AI score0.0016EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0177

CVE-2020-0177 affects Android 10; the issue is described as a permissions bypass in PanService.java (connect()) that could allow local elevation of privilege to change network connection settings without extra privileges or user interaction. The connected Red Hat/Redacted entries and NVD details ...

5.5CVSS6.5AI score0.00132EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0185

CVE-2020-0185 affects Android 10, with the vulnerability in avrc_pars_browsing_cmd of avrc_pars_tg.cc. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure without extra privileges or user interaction. The issue is listed across mult...

5.5CVSS5.7AI score0.0014EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0207

CVE-2020-0207 affects Android 10 with an out-of-bounds read in next_marker() in jdmarker.c caused by improper input validation. This can lead to remote information disclosure; exploitation requires user interaction. The issue is documented across multiple sources (NVD, Red Hat, CVE lists) with a ...

6.5CVSS6.6AI score0.00732EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0214

CVE-2020-0214 affects Android 10 and is caused by an out-of-bounds read in the function responsible for processing the file command (ce_t4t_process_select_file_cmd in ce_t4t.cc) due to an incorrect bounds check. The vulnerability allows remote information disclosure without requiring user interac...

7.5CVSS7.3AI score0.00804EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.42 views

CVE-2020-0217

The CVE-2020-0217 entry corresponds to an Android 10 vulnerability in the RW_T4tPresenceCheck function of rw_t4t.cc, where a missing bounds check can cause an out-of-bounds write. This issue enables remote code execution with NETWORK access, no privileges required, and no user interaction as desc...

9.8CVSS9.3AI score0.00844EPSS
CVE
CVE
added 2020/09/17 8:47 p.m.42 views

CVE-2020-0289

CVE-2020-0289 affects Android 11 in the PackageManager component, where a missing permission check allows local information disclosure across users without extra privileges or user interaction. The issue is described across multiple sources (NVD, Red Hat, CNVD, PRION, and national advisories) as ...

5.5CVSS5.7AI score0.00135EPSS
CVE
CVE
added 2020/09/18 3:22 p.m.42 views

CVE-2020-0291

CVE-2020-0291 affects Android 11 and is described as a Bluetooth out-of-bounds read due to a missing bounds check. It could enable local information disclosure with System execution privileges and does not require user interaction. Exploitation details are not provided in the supplied documents. ...

4.4CVSS5AI score0.00161EPSS
CVE
CVE
added 2020/09/18 3:24 p.m.42 views

CVE-2020-0307

CVE-2020-0307 affects Android 11, specifically a Settings component issue where an unsafe PendingIntent enables a local information disclosure without user interaction. Root cause is a permission bypass via PendingIntent; exploitation is local and does not require user interaction. The Android 11...

5.5CVSS5.8AI score0.00153EPSS
CVE
CVE
added 2020/09/17 8:48 p.m.42 views

CVE-2020-0308

CVE-2020-0308 affects the Android 11 Window Manager. The root cause is an unsafe PendingIntent that enables a permission bypass, allowing local information disclosure without user interaction. Vulnerable component: Window Manager (Android-11). Impact: information disclosure with user privileges; ...

5.5CVSS5.8AI score0.00145EPSS
CVE
CVE
added 2020/09/17 8:57 p.m.42 views

CVE-2020-0320

CVE-2020-0320 affects the Android library libstagefright and is described as a resource exhaustion vulnerability caused by improper input validation. This can lead to remote denial of service with no additional execution privileges required, with exploitation requiring user interaction. The issue...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/09/17 8:57 p.m.42 views

CVE-2020-0332

CVE-2020-0332 affects Androids libstagefright with a dead loop caused by an uncaught exception, leading to remote denial of service. Exploitation requires user interaction; impact is a DoS with no extra privileges. The issue is cataloged under Android 11, and Android 11 security release notes ind...

6.5CVSS6.8AI score0.00635EPSS
CVE
CVE
added 2020/09/17 8:47 p.m.42 views

CVE-2020-0366

CVE-2020-0366 affects Android via a tapjacking-based permission bypass in PackageInstaller. The underlying issue can enable local escalation of privilege when an app is set as the default Assist app, with user interaction required for exploitation. Affected component: PackageInstaller; impact: el...

7.8CVSS8.2AI score0.00407EPSS
CVE
CVE
added 2020/09/17 8:58 p.m.42 views

CVE-2020-0375

CVE-2020-0375 pertains to Android 11 Telephony: a missing permission check enables local escalation of privilege, allowing an attacker to influence EUICC country settings without extra privileges or user interaction. Several connected sources corroborate: Red Hat and CNVD entries describe a Telep...

7.8CVSS8.2AI score0.00163EPSS
CVE
CVE
added 2020/09/17 6:28 p.m.42 views

CVE-2020-0403

CVE-2020-0403 affects the FPC TrustZone fingerprint app and can enable local elevation of privilege in the TEE via an exposed test feature, requiring System-level privileges with no user interaction (per the NVD/Red Hat/PRION entries). The issue is categorized as Elevation of Privilege (EoP) affe...

7.2CVSS7.2AI score0.00154EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.42 views

CVE-2020-0480

CVE-2020-0480 affects Android 11 in the Framework: DocumentsProvider.java allows a local escalation of privilege due to a missing permission check in callUnchecked. The issue enables a caller to copy, move, or delete files accessible to DocumentsProvider without extra execution privileges. Exploi...

7.8CVSS8.2AI score0.00393EPSS
CVE
CVE
added 2020/03/24 5:3 p.m.42 views

CVE-2020-10830

The CVE-2020-10830 entry concerns Samsung mobile devices running P(9.0) and Q(10.0) software. In Lockdown mode, an attacker can view notifications by entering multiple PINs, impacting user privacy. The issue is documented with Samsung ID SVE-2019-16590 (March 2020). The provided metrics show a lo...

2.4CVSS4.2AI score0.00139EPSS
CVE
CVE
added 2020/03/24 5:20 p.m.42 views

CVE-2020-10838

Samsung mobile devices running P(9.0) and Q(10.0) are affected by CVE-2020-10838 in the PROCA component, which allows a use-after-free and arbitrary code execution. Samsung ID SVE-2019-16132 is referenced. Details indicate local exploitation with low prerequisites and high impact on confidentiali...

7.8CVSS8AI score0.00153EPSS
CVE
CVE
added 2020/03/24 5:34 p.m.42 views

CVE-2020-10851

CVE-2020-10851 affects Samsung mobile devices running P (9.0) and Q (10.0) software. The issue is a stack overflow in the kperfmon driver, leading to potentially code execution or instability as described in the public CVE entry. Connected sources reiterate the same root cause but do not provide ...

7.8CVSS7.8AI score0.00135EPSS
CVE
CVE
added 2020/07/07 1:24 p.m.42 views

CVE-2020-15580

Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) are affected by CVE-2020-15580, allowing attackers to bypass Factory Reset Protection by enrolling a new lock password. Root cause details are not provided in the documents. Impact is FRP bypass; no exploit vectors or in-the-wild details ...

5.5CVSS5.6AI score0.0013EPSS
CVE
CVE
added 2020/09/11 9:18 p.m.42 views

CVE-2020-25281

The CVE-2020-25281 entry concerns LG mobile devices running Android 7.x–8.1 where apps with sensitive security settings (e.g., the package verifier) mishandle unknown-source installations. Affected component/function relates to the installation pipeline for unknown sources. Underlying impact stat...

7.5CVSS7.5AI score0.00346EPSS
CVE
CVE
added 2020/09/11 9:18 p.m.42 views

CVE-2020-25283

CVE-2020-25283 affects LG mobile devices running Android 8.x–10. The issue is described as the BT Manager bypassing intended access restrictions on a certain mode. The connected records indicate the affected product family (LG Android devices) and component involved (BT Manager), but do not provi...

9.8CVSS9.1AI score0.00464EPSS
CVE
CVE
added 2020/12/15 4:2 p.m.42 views

CVE-2020-27033

CVE-2020-27033 affects Android’s NFC stack (nfc_ncif_proc_get_routing in nfc_ncif.cc). A missing bounds check can cause an out-of-bounds read, enabling local information disclosure with potential system-level execution privileges. Exploitation is local and does not require user interaction. Publi...

4.4CVSS4.9AI score0.00145EPSS
CVE
CVE
added 2020/12/15 4:3 p.m.42 views

CVE-2020-27036

CVE-2020-27036 is a local elevation-of-privilege issue in Android 11’s NFC stack. The vulnerability occurs in phNxpNciHal_send_ext_cmd implemented by phNxpNciHal_ext.cc, where a missing bounds check enables an out-of-bounds write. This could lead to local escalation of privilege on the NFC server...

6.7CVSS7.2AI score0.00144EPSS
Total number of security vulnerabilities8153