8153 matches found
CVE-2018-9576
CVE-2018-9576 affects Android 9 and is due to an out-of-bounds write in impd_parse_parametric_drc_instructions (impd_drc_static_payload.c) with missing bounds checks. Exploitation could lead to remote code execution and requires user interaction. The vulnerability is tied to the Android 9 stack; ...
CVE-2019-20536
This CVE concerns Samsung mobile devices running N (7.1), O (8.x), and P (9.0) (China release). The issue is in the Firewall application, which mishandles the PermissionWhiteLists protection mechanism (Samsung ID SVE-2019-14299). The connected sources confirm the vulnerable component is the Firew...
CVE-2019-20544
CVE-2019-20544 affects Samsung mobile devices with O(8.x) and P(9.0) Exynos chipsets. The vulnerability is an out-of-bounds write in the ICCC Trustlet, leading to potential memory corruption. Affected component is the ICCC Trustlet; root cause details are limited to the out-of-bounds write descri...
CVE-2019-20584
Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS are affected by a type-confusion in the HDCP Trustlet, enabling arbitrary code execution. Root cause: type confusion within the HDCP Trustlet component. Impact, as reflected in CVE records, is high/critical (CVE-2019-20584) with potent...
CVE-2019-2076
CVE-2019-2076 affects libxaac on Android 10. It is an out-of-bounds write due to a missing bounds check, enabling remote code execution with no additional privileges; user interaction is required for exploitation. The issue is cited across multiple sources (NVD, Red Hat, CNVD) and is referenced i...
CVE-2019-2077
CVE-2019-2077 affects Android 10’s libxaac, where a missing bounds check enables an out-of-bounds write, potentially allowing remote code execution. Evidence across sources (NVD/Red Hat/CNVD) confirms the vulnerability involves libxaac and Android 10, with exploitation requiring user interaction ...
CVE-2019-2148
CVE-2019-2148 affects the libxaac library in Android 10, where an out-of-bounds read due to a missing bounds check can lead to information disclosure. The vulnerability requires user interaction to exploit and is described across multiple sources (NVD, Red Hat). Practical impact is information di...
CVE-2019-2154
CVE-2019-2154 affects the Android 10 libxaac library, where an out-of-bounds read due to a missing bounds check could disclose information. The vulnerability allows information disclosure without executing code, with user interaction required for exploitation. The connected Red Hat advisory reite...
CVE-2019-2155
CVE-2019-2155 affects the Android 10 libxaac library. The vulnerability is an out-of-bounds read due to a missing bounds check in libxaac, enabling information disclosure. Exploitation requires user interaction, and there is no indication of remote code execution in the provided documents. Impact...
CVE-2019-9251
CVE-2019-9251 describes an out-of-bounds read in the Android NFC stack due to a missing bounds check, enabling local information disclosure. Exploitation requires user interaction. Affected product/version is Android 10. The vulnerability is documented in the Android 10 Security Release Notes, wh...
CVE-2019-9264
CVE-2019-9264 affects Android 10 where the libxaac library contains a missing-bounds-check flaw that enables an information-disclosure via an out-of-bounds read. This issue requires user interaction for exploitation and could disclose partial data without executing code. The root cause is an out-...
CVE-2019-9318
CVE-2019-9318: A missing variable initialization in libhevc on Android-10 (Android 10) can cause information disclosure. Exploitation requires user interaction; no remote code execution is stated. Affected component: libhevc in Android 10, with CVE details echoed across NVD/Red Hat/CVEs. Mitigati...
CVE-2019-9342
CVE-2019-9342 affects Android 10 Bluetooth stack. The issue is an out-of-bounds read caused by a missing bounds check, enabling remote information disclosure without user interaction over a network. CVSS highlights: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (base 7.5). Remediation: apply Android 10 sec...
CVE-2019-9357
CVE-2019-9357 affects libAACdec in Android 10’s Media Framework. An integer overflow can trigger an out-of-bounds write, enabling remote code execution. Exploitation requires user interaction; no privileges beyond the user. Android 10 patch level 2019-09-01 or later mitigates via released securit...
CVE-2019-9362
CVE-2019-9362 affects the Android 10 libSACdec component, where a missing bounds check can cause an out-of-bounds read and potential information disclosure. The issue is described as a remote information disclosure vulnerability with user interaction required for exploitation; no exploitation det...
CVE-2019-9435
CVE-2019-9435 affects Android 10 Bluetooth stack, with an out-of-bounds read due to a missing bounds check in the Bluetooth component. This enables local information disclosure without execution privileges and without user interaction. The Android 10 security release notes indicate these issues a...
CVE-2020-0120
CVE-2020-0120 affects Android 10 in the Media/Camera stack: the vulnerability arises from an out-of-bounds write caused by a heap overflow in QCamera3HWI.cpp (notifyErrorForPendingRequests). This could allow local escalation of privilege without requiring user interaction. The available sources c...
CVE-2020-0144
CVE-2020-0144 affects Android 10; issue is in btm_proc_sp_req_evt in btm_sec.cc where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure via compromised device firmware with System-level privileges required. User interaction is not needed for exploi...
CVE-2020-0197
CVE-2020-0197 affects Android 10, caused by an out-of-bounds read in InitDataParser::parsePssh, enabling local information disclosure without user interaction. Official sources (NVD/Red Hat/NCSC and Pixel bulletin) confirm this Android Media Framework issue and list Android-10 as affected. The vu...
CVE-2020-0274
The CVE-2020-0274 issue affects the Android 11 OMX parser, where a returned raw pointer can cause local information disclosure without requiring user interaction. This is described across multiple sources (NVD/Red Hat/CNVD entries) as an information-disclosure vulnerability tied to the OMX parser...
CVE-2020-0285
CVE-2020-0285 affects Android 11 Telephony. The issue is a missing permission check that enables a local information disclosure without requiring additional execution privileges, and does not require user interaction for exploitation. The vulnerability is described consistently across multiple co...
CVE-2020-0287
The CVE-2020-0287 issue affects libmkvextractor in Android 11. The vulnerability is a resource exhaustion (Denial of Service) caused by a missing bounds check in a component handling MKV extraction. It can be exploited remotely with network access, but requires user interaction to trigger the fla...
CVE-2020-0323
CVE-2020-0323 affects the Android 11/libavb stack, where a missing bounds check enables a possible out-of-bounds read that can disclose local information without extra privileges or user interaction. Root cause: improper bounds verification in libavb. Impact: information disclosure (no code execu...
CVE-2020-0351
CVE-2020-0351 affects Android 11 via the libstagefright component, where improper input validation can cause CPU exhaustion leading to remote denial of service. Impact is a DoS with no additional execution privileges required; exploitation is noted as requiring user interaction, but explicit expl...
CVE-2020-0481
This CVE (CVE-2020-0481) concerns Android where in AndroidManifest.xml a permissions bypass enables local elevation of privilege. The impact is that a non-system app could broadcast without having required permissions, with no user interaction. Affected info from the sources specifies Android 11 ...
CVE-2020-0482
CVE-2020-0482 affects Android 11, with an out-of-bounds read in IncidentService.cpp caused by an incorrect bounds check. This could allow local information disclosure and, with system privileges, potential escalation. User interaction is not required. The connected documents corroborate the issue...
CVE-2020-10834
CVE-2020-10834 affects Samsung mobile devices running P(9.0). The issue allows attackers to view notifications on the lock screen via Routines, tied to Samsung ID SVE-2019-15074. Connected sources (Red Hat, NVD/NVD-linked entries, CNVD, CNVD, EUVD, PRION) confirm the vulnerability description but...
CVE-2020-10839
CVE-2020-10839 affects Samsung mobile devices running Android O (8.x), P (9.0), and Q (10.0), where attackers can bypass Factory Reset Protection (FRP) via a SIM card. The vulnerability is associated with Samsung ID SVE-2019-16193 (Feb 2020). Public references in connected sources reiterate the F...
CVE-2020-10841
CVE-2020-10841 affects Samsung mobile devices with P(9.0)/Q(10.0) on Exynos 9610; root cause is an arbitrary kfree in the vipx and vertex drivers. Red Hat/NVD entries corroborate a kernel-free issue with potential high impact (CVE notes partial/confidentiality/availability risks, CVSSv3.1 base 7....
CVE-2020-15580
Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) are affected by CVE-2020-15580, allowing attackers to bypass Factory Reset Protection by enrolling a new lock password. Root cause details are not provided in the documents. Impact is FRP bypass; no exploit vectors or in-the-wild details ...
CVE-2020-25046
CVE-2020-25046 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in the USB driver where address information is leaked via kernel logging. Root cause is the USB driver handling/logging that exposes kernel address data; impact reportedly includes partial confidential...
CVE-2020-25049
CVE-2020-25049 affects Samsung mobile devices running P (9.0) and Q (10.0) software, where the StatusBarService has insufficient DEX access control. The vulnerability is documented by NVD as having a high base score (CVSS v3.1: 9.8, NETWORK, NONE user interaction, HIGH confidentiality/integrity/a...
CVE-2020-27024
CVE-2020-27024 affects Android 11. In smp_br_state_machine_event of smp_br_main.cc, there is a missing bounds check causing an out-of-bounds read that can lead to remote information disclosure triggered by a malformed Bluetooth packet, with no user interaction. Bounds Sanitizer mitigates this in ...
CVE-2020-27027
CVE-2020-27027: In the NFC code path, specifically in nfc_ncif_proc_get_routing of nfc_ncif.cc, an out-of-bounds read due to a missing bounds check is described as enabling local information disclosure without requiring user interaction. The Android-11 reference in the initial entry is supported ...
CVE-2020-27030
CVE-2020-27030 (Android 11) describes a permission bypass caused by a flaw in HandleApiCalls.java during onCreate, enabling local escalation of privilege via a confused deputy. This could let an app set or dismiss alarms without additional privileges, with no user interaction required. Exploitati...
CVE-2020-27037
CVE-2020-27037 affects Android 11, with a vulnerability in phNxpNciHal_core_initialized of phNxpNciHal.cc that can trigger an out-of-bounds read due to a missing bounds check. This could lead to local information disclosure on the NFC server and may grant System execution privileges, with no user...
CVE-2020-27053
CVE-2020-27053 affects Android 11. In ClientModeImpl.java, broadcastWifiCredentialChanged has a missing permission check causing a location permission bypass. This could lead to local disclosure of the WiFi network name with System execution privileges; no user interaction is required for exploit...
CVE-2021-0371
Summary: CVE-2021-0371 is an Android elevation-of-privilege issue. The flaw is in the function nci_proc_rf_management_ntf within nci_hrcv.cc , where an out-of-bounds read can occur due to a missing bounds check. This could enable local privilege escalation to System level without user interaction...
CVE-2021-0378
CVE-2021-0378 is a heap-based out-of-bounds read in pvmp3_getbits.cpp:getNbits affecting Android 11 (Media framework). The vulnerability permits remote information disclosure without extra execution privileges; exploitation requires user interaction per the NVD entry. CVSS details: CVSS v3.1 base...
CVE-2021-0407
CVE-2021-0407 affects the clk driver, with an out-of-bounds write caused by an incorrect bounds check. This can lead to local escalation of privilege with System execution privileges needed; exploitation reportedly requires no user interaction. Public references indicate a patch ID ALPS05479659 (...
CVE-2021-0409
CVE-2021-0409 affects the MediaTek flv extractor, where an out-of-bounds read can occur due to an incorrect bounds check. This may lead to local information disclosure without requiring user interaction. The issue is documented with patch ID ALPS05561359 / Issue ID ALPS05561359. Connected sources...
CVE-2021-0455
The CVE-2021-0455 issue is described as an out-of-bounds write in the Citadel chip firmware, caused by a missing bounds check. It grants local elevation of privilege with System execution privileges required, and requires no user interaction to exploit. In the provided materials, the vulnerabilit...
CVE-2021-0465
CVE-2021-0465 affects the Android kernel component used by Pixel devices, specifically the GenerateFaceMask function in face.cc. The issue is an out-of-bounds write caused by an incorrect bounds check, enabling local escalation of privilege with no extra execution privileges required and no user ...
CVE-2021-0612
CVE-2021-0612 describes a memory corruption in the m4u component, caused by a use-after-free, enabling local escalation of privilege with system execution privileges required. Exploitation reportedly does not require user interaction. Affected context is Mediatek-based hardware; patch ALPS0540349...
CVE-2021-0901
The CVE-2021-0901 issue affects MediaTek Apusys (chipset component). It describes a memory corruption vulnerability caused by a missing bounds check in apusys, enabling local privilege escalation with System execution privileges required and no user interaction needed. Affected state and impact a...
CVE-2021-25407
Summary (CVE-2021-25407) : A vulnerability in Samsung’s NPU driver (pre-SMR JUN-2021 Release 1) enables an out-of-bounds write, allowing arbitrary memory writes. The issue is rooted in the NPU driver and affects devices using the affected firmware. Publicly disclosed data indicate potential impac...
CVE-2021-25519
CVE-2021-25519 affects Samsung CPLC (Chip/Platform Level Controller) prior to SMR Dec-2021 Release 1. The issue is due to improper access control that allows local attackers to access CPLC information without permission. Affected components include CPLC’s local access path; impact is information ...
CVE-2022-47340
The CVE-2022-47340 entry describes a vulnerability in UNISOC h265 codec firmware where a missing bounds check allows an out-of-bounds write, causing local denial of service. Affected component: UNISOC h265 codec firmware in UNISOC chipsets; root cause: lack of boundary checking leading to out-of-...
CVE-2022-47495
CVE-2022-47495 affects the soter service on UNISOC chipsets, caused by a missing bounds check leading to an out-of-bounds write. The documented impact is local denial of service with system execution privileges required. CVSS metrics indicate LOCAL attack vector, LOW complexity, HIGH privileges r...
CVE-2022-48381
CVE-2022-48381 affects the modem control device with an out-of-bounds write caused by a missing bounds check. The impact described in the sources is local denial of service with System execution privileges required, without mention of remote access. Documents consistently cite the same generic vu...