8153 matches found
CVE-2020-0172
CVE-2020-0172 affects Android 10, where in Parse_art of eas_mdls.c a bounds check is missing, leading to potential resource exhaustion and remote denial of service. The issue requires user interaction for exploitation and is categorized as DoS with a network attack vector (per CVSS data: CVSS v3....
CVE-2020-0192
CVE-2020-0192 affects Android 10 in the Media Framework. The issue is an out-of-bounds read in ih264d_decode_slice_thread (ih264d_thread_parse_decode.c) caused by improper input validation, enabling remote information disclosure with user interaction required for exploitation. Public references i...
CVE-2020-0211
CVE-2020-0211 refers to a vulnerability in Android 10 where an out-of-bounds read in SumCompoundHorizontalTaps within convolve_neon.cc can lead to remote information disclosure. Exploitation requires user interaction per the description. The issue is documented across multiple sources (NVD, RH, C...
CVE-2020-0232
CVE-2020-0232 is reported in the Android kernel (Airbrush component). The issue arises when abc_pcie_issue_dma_xfer_sync creates a transfer object, stores it in a session, and a concurrent thread can fetch that object and delete it via abc_pcie_dma_user_xfer_clean. If this occurs, the original th...
CVE-2020-0291
CVE-2020-0291 affects Android 11 and is described as a Bluetooth out-of-bounds read due to a missing bounds check. It could enable local information disclosure with System execution privileges and does not require user interaction. Exploitation details are not provided in the supplied documents. ...
CVE-2020-0300
CVE-2020-0300 affects Android 11 NFC handling, where an out-of-bounds read from uninitialized data can lead to remote information disclosure without user interaction. The NVD CVSSv3.1 base score is 7.5 (High) with network attack vector and no privileges required; CVSSv2 base score 5.0 (Medium). A...
CVE-2020-0301
CVE-2020-0301 affects Android 11 and is tied to libstagefright, where improper input validation can cause resource exhaustion and remote denial of service. The vulnerability supports a DoS condition without additional privileges; exploitation requires user interaction. The CVE is documented in NV...
CVE-2020-0308
CVE-2020-0308 affects the Android 11 Window Manager. The root cause is an unsafe PendingIntent that enables a permission bypass, allowing local information disclosure without user interaction. Vulnerable component: Window Manager (Android-11). Impact: information disclosure with user privileges; ...
CVE-2020-0320
CVE-2020-0320 affects the Android library libstagefright and is described as a resource exhaustion vulnerability caused by improper input validation. This can lead to remote denial of service with no additional execution privileges required, with exploitation requiring user interaction. The issue...
CVE-2020-0326
CVE-2020-0326 affects Android 11 via an NFC-related out-of-bounds write caused by uninitialized data, enabling local privilege escalation with System-level privileges and no user interaction required. Multiple connected sources confirm the issue in Android 11’s NFC handling; remediation is addres...
CVE-2020-0329
CVE-2020-0329 affects the OMX encoder in Android 11. The root cause is an out-of-bounds read caused by invalid input validation, enabling local information disclosure without user interaction or additional privileges. The issue is documented in the Android 11 security release notes and related ad...
CVE-2020-0340
CVE-2020-0340 affects Android 11 via the libcodec2_soft_mp3dec component, where uninitialized data can cause information disclosure. The issue allows remote information disclosure with no execution privileges and requires user interaction to exploit. The provided connected documents confirm the v...
CVE-2020-0352
CVE-2020-0352 affects Android 11 MediaProvider. The vulnerability is a SQL injection in MediaProvider that can bypass permissions, enabling local information disclosure without extra privileges or user interaction. Impact is limited to partial confidentiality loss on affected devices. Remediation...
CVE-2020-0355
CVE-2020-0355 affects libFraunhoferAAC in Android 11. It is an out-of-bounds read due to a missing bounds check, enabling remote information disclosure with no execution privileges. Exploitation requires user interaction. The issue is documented across multiple sources (NVD, RH, NCSC) and is list...
CVE-2020-0359
CVE-2020-0359 affects the Android GLESRenderEngine on Android 11, where an out-of-bounds read caused by a buffer overflow could enable local information disclosure without user interaction. The issue is described as a local vulnerability with no execution privileges required and no interaction ne...
CVE-2020-0372
CVE-2020-0372 affects Android 11. In ActivityManager, a missing permission check enables local information disclosure of protected data without extra execution privileges. Impact is confined to information disclosure (confidentiality), with no user interaction required. The issue is addressed in ...
CVE-2020-0403
CVE-2020-0403 affects the FPC TrustZone fingerprint app and can enable local elevation of privilege in the TEE via an exposed test feature, requiring System-level privileges with no user interaction (per the NVD/Red Hat/PRION entries). The issue is categorized as Elevation of Privilege (EoP) affe...
CVE-2020-0405
CVE-2020-0405 affects Android 11. In the NetworkStackNotifier, an unsafe implicit PendingIntent can bypass permissions, enabling local elevation of privilege with User execution privileges required but no user interaction. Documentation across multiple sources (NVD/Red Hat/CNVD) confirms this vul...
CVE-2020-0434
CVE-2020-0434 relates to Pixel’s use of the Catpipe library, where a use-after-free leads to memory corruption in the Android kernel and enables local privilege escalation without user interaction. The impact is Local Privilege Escalation with high severity (per CVSS), affecting Pixel devices via...
CVE-2020-0479
The CVE-2020-0479 issue affects Android 11 and is described as a permissions bypass in DocumentsProvider.java (callUnchecked), enabling a malicious app to access files managed by a DocumentProvider without user permission. Exploitation requires user interaction, and the vulnerability allows local...
CVE-2020-0484
CVE-2020-0484 describes a memory corruption vulnerability caused by a use-after-free in the Android component’s ComposerClient.h destroyResources. The issue could allow local elevation of privilege , requiring no user interaction for exploitation and potentially enabling execution with system-lev...
CVE-2020-10847
CVE-2020-10847 affects Samsung mobile devices running P(9.0) on Galaxy S8 and Note8, where the facial recognition system can be spoofed. The core issue is a vulnerability in biometric authentication allowing an attacker to bypass security controls. The connected Red Hat and NVD entries confirm th...
CVE-2020-11601
CVE-2020-11601 affects Samsung mobile devices running P (9.0) and Q (10.0). The issue enables unauthorized access to applications in the Secure Folder via floating icons. Connected sources corroborate the Secure Folder access problem (Samsung ID SVE-2019-16195). No concrete root cause, affected c...
CVE-2020-27039
CVE-2020-27039 : A flaw in Android 11 related to postNotification in ServiceRecord.java enables a local permission bypass via an unsafe PendingIntent. This could lead to local information disclosure with low to medium risk (CVSSv3.1 base score 5.5; LOCAL, NONE user interaction). Exploitation is d...
CVE-2020-27041
In CVE-2020-27041, the issue is in Android 11’s ConnectivityService.java showProvisioningNotification where an unsafe PendingIntent could allow local information disclosure of notification data without extra privileges or user interaction. The vulnerability is a local disclosure due to PendingInt...
CVE-2020-27052
CVE-2020-27052 concerns Android 11 where in ActivityRecord.java, the getLockTaskLaunchMode path allows any app to start in Lock Task Mode via a permissions bypass. The documented impact is local elevation of privilege without additional execution privileges or user interaction. Connected sources ...
CVE-2020-27056
CVE-2020-27056 affects Android 11 with a missing permission check in SELinux MLS policies that can disclose local package-metadata information without extra privileges. The issue is confirmed as a local information-disclosure vulnerability; no exploitation details are provided in the documents. R...
CVE-2020-35552
CVE-2020-35552 involves the GPS daemon on Samsung mobile devices with non-Qualcomm chipsets (O 8.x, P 9.0, Q 10.0). The vulnerability arises from an incorrect configuration file in the GPS service, allowing an attacker to obtain sensitive location information. Connected records confirm the affect...
CVE-2021-0385
CVE-2021-0385 affects Android 11, specifically the ConnectToNetworkNotificationBuilder.java path (createConnectToAvailableNetworkNotification). The issue allows a local elevation of privilege via connection to untrusted Wi‑Fi networks triggered by notification interaction above the lockscreen, wi...
CVE-2021-0411
CVE-2021-0411 affects the MediaTek flv extractor. The vulnerability is an out-of-bounds read caused by an integer overflow in the component, enabling local information disclosure without additional execution privileges or user interaction. Mitigation/patch reference: ALPS05561362 (Issue ID ALPS05...
CVE-2021-0422
CVE-2021-0422 concerns the memory management driver in MediaTek-based systems. The issue is a missing bounds check that can cause a system crash, enabling local denial of service without requiring user interaction. Multiple documents confirm the root cause and the potential impact (local DoS, hig...
CVE-2021-0424
The CVE-2021-0424 entry concerns a Mediatek device where the in memory management driver has a missing bounds check, enabling a local denial-of-service due to a system crash. Exploitation requires local access with no user interaction. The patch reference is ALPS05403499 (Issue ALPS05393787). Con...
CVE-2021-0488
CVE-2021-0488 affects Android with an out-of-bounds write in the nanopb-related code path (pb_write in pb_encode.c) due to a missing bounds check. The impact is local elevation of privilege, requiring local access and yielding System privileges; user interaction is not needed. Several connected s...
CVE-2021-0498
The CVE-2021-0498 entry concerns Android’s memory management driver, where a double free can cause memory corruption leading to local escalation of privilege with no required user interaction. The issue is described consistently across multiple connected sources (including NVD, Red Hat, CNVD, PRI...
CVE-2021-0621
In the asf extractor component, CVE-2021-0621 describes a possible out-of-bounds read caused by an integer overflow. This could lead to local information disclosure without requiring user interaction or additional execution privileges. A patch is available (ALPS05489178; ALPS05561383). The issue ...
CVE-2021-0622
CVE-2021-0622 pertains to the asf extractor and involves a heap-based out-of-bounds read that can disclose local information without extra privileges or user interaction. Exploitation is described as local. Patch ID: ALPS05489178; Issue ID: ALPS05561388. Connected sources describe the vulnerabili...
CVE-2021-0634
CVE-2021-0634 affects MediaTek’s display driver; vulnerability arises from memory corruption due to uninitialized data, enabling local privilege escalation to SYSTEM with no user interaction. Connected sources (Red Hat, NVD, CVE records) confirm the issue and reference patch ALPS05594994 (Issue A...
CVE-2021-25412
The CVE-2021-25412 entry concerns an improper access control flaw in genericssoservice before Samsung SMR JUN-2021 Release 1. The vulnerability enables local attackers to perform protected activities with system privileges via untrusted applications, due to insufficient access restrictions on sen...
CVE-2021-25462
CVE-2021-25462 describes a NULL pointer dereference in Samsung NPU driver prior to SMR Sep-2021 Release 1, leading to memory corruption. The vulnerability is local (attack vector: LOCAL) with low attack complexity per CVSS v3.1, and impacts memory integrity/availability as specified. Affected com...
CVE-2022-38685
CVE-2022-38685 affects UNISOC chipsets’ Bluetooth service module, where a missing privilege check in the Bluetooth service could allow local denial of service without extra execution privileges. The issue is documented across multiple sources (NVD/NVD mirror and related catalogs) with this root c...
CVE-2022-39113
The CVE-2022-39113 entry involves a missing permission check in the Music service that could allow local denial of service without extra privileges. Connected documents corroborate a local impact but do not provide concrete product/version details for the Music service itself. Some sources refere...
CVE-2022-47491
CVE-2022-47491 concerns the UNISOC-soter service, where a missing bounds check enables an out-of-bounds write. This could yield local denial of service with execution privileges required. The NVD notes a CVSS v3.1 base score of 4.4 (MEDIUM); attack vector LOCAL, privilege requirement HIGH, and av...
CVE-2022-47499
CVE-2022-47499 affects the soter service in UNISOC chipsets, with the root cause being a missing bounds check that enables an out-of-bounds write. This can lead to local denial of service with SYSTEM privileges required. The issue is documented across multiple sources (NVD/Red Hat PRION/CVE lists...
CVE-2022-48389
CVE-2022-48389 affects the modem control device in Unisoc chipsets. Root cause: a missing bounds check enables an out-of-bounds write. Impact: local denial of service with SYSTEM privileges (high-impact write, per CVSS 3.1 vector). Exploitation details are not provided in the connected documents;...
CVE-2022-48439
The CVE-2022-48439 entry concerns the cp_dump driver, where a missing bounds check enables an out-of-bounds write. This can lead to a local denial of service with SYSTEM-level execution privileges required. Public sources confirm the impact includes availability risk, with confidentiality/integri...
CVE-2022-48446
The CVE-2022-48446 entry describes a vulnerability in the telephony service where a missing permission check can lead to local denial of service without requiring extra privileges. Reports from multiple sources (NVD, Red Hat, PRION, CVE lists, and vulnerability enrichments) consistently state the...
CVE-2023-20641
The CVE-2023-20641 vulnerability affects the ril module in MediaTek chips, caused by a missing bounds check that enables an out-of-bounds write. It can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed. A patch is available (ALPS076...
CVE-2023-20768
CVE-2023-20768 affects ion, with an out-of-bounds read caused by type confusion that can lead to local privilege escalation (System execution privileges required). Exploitation details are not provided in the available documents. A patch is identified (Patch ID ALPS07560720; Issue ALPS07559800).
CVE-2023-20772
CVE-2023-20772 affects the vow component, where a missing permission check enables local escalation of privilege without requiring user interaction. The issue can be exploited locally to gain higher privileges, as indicated by the CVSS data (LOCAL vector, high confidentiality/integrity/availabili...
CVE-2023-20773
CVE-2023-20773 affects vow with a missing permission check that enables local privilege escalation. Documented impact is local escalation without extra execution privileges; user interaction is not required. Reported affected hardware in related sources includes MediaTek chips (e.g., MT6580, MT67...