Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/12/07 11:0 p.m.40 views

CVE-2018-9576

CVE-2018-9576 affects Android 9 and is due to an out-of-bounds write in impd_parse_parametric_drc_instructions (impd_drc_static_payload.c) with missing bounds checks. Exploitation could lead to remote code execution and requires user interaction. The vulnerability is tied to the Android 9 stack; ...

9.3CVSS8.5AI score0.00863EPSS
CVE
CVE
added 2020/03/24 5:45 p.m.40 views

CVE-2019-20536

This CVE concerns Samsung mobile devices running N (7.1), O (8.x), and P (9.0) (China release). The issue is in the Firewall application, which mishandles the PermissionWhiteLists protection mechanism (Samsung ID SVE-2019-14299). The connected sources confirm the vulnerable component is the Firew...

9.8CVSS9.4AI score0.00426EPSS
CVE
CVE
added 2020/03/24 5:56 p.m.40 views

CVE-2019-20544

CVE-2019-20544 affects Samsung mobile devices with O(8.x) and P(9.0) Exynos chipsets. The vulnerability is an out-of-bounds write in the ICCC Trustlet, leading to potential memory corruption. Affected component is the ICCC Trustlet; root cause details are limited to the out-of-bounds write descri...

9.8CVSS9.5AI score0.00449EPSS
CVE
CVE
added 2020/03/24 6:55 p.m.40 views

CVE-2019-20584

Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS are affected by a type-confusion in the HDCP Trustlet, enabling arbitrary code execution. Root cause: type confusion within the HDCP Trustlet component. Impact, as reflected in CVE records, is high/critical (CVE-2019-20584) with potent...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-2076

CVE-2019-2076 affects libxaac on Android 10. It is an out-of-bounds write due to a missing bounds check, enabling remote code execution with no additional privileges; user interaction is required for exploitation. The issue is cited across multiple sources (NVD, Red Hat, CNVD) and is referenced i...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-2077

CVE-2019-2077 affects Android 10’s libxaac, where a missing bounds check enables an out-of-bounds write, potentially allowing remote code execution. Evidence across sources (NVD/Red Hat/CNVD) confirms the vulnerability involves libxaac and Android 10, with exploitation requiring user interaction ...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-2148

CVE-2019-2148 affects the libxaac library in Android 10, where an out-of-bounds read due to a missing bounds check can lead to information disclosure. The vulnerability requires user interaction to exploit and is described across multiple sources (NVD, Red Hat). Practical impact is information di...

6.5CVSS6.4AI score0.00646EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-2154

CVE-2019-2154 affects the Android 10 libxaac library, where an out-of-bounds read due to a missing bounds check could disclose information. The vulnerability allows information disclosure without executing code, with user interaction required for exploitation. The connected Red Hat advisory reite...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-2155

CVE-2019-2155 affects the Android 10 libxaac library. The vulnerability is an out-of-bounds read due to a missing bounds check in libxaac, enabling information disclosure. Exploitation requires user interaction, and there is no indication of remote code execution in the provided documents. Impact...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9251

CVE-2019-9251 describes an out-of-bounds read in the Android NFC stack due to a missing bounds check, enabling local information disclosure. Exploitation requires user interaction. Affected product/version is Android 10. The vulnerability is documented in the Android 10 Security Release Notes, wh...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9264

CVE-2019-9264 affects Android 10 where the libxaac library contains a missing-bounds-check flaw that enables an information-disclosure via an out-of-bounds read. This issue requires user interaction for exploitation and could disclose partial data without executing code. The root cause is an out-...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9318

CVE-2019-9318: A missing variable initialization in libhevc on Android-10 (Android 10) can cause information disclosure. Exploitation requires user interaction; no remote code execution is stated. Affected component: libhevc in Android 10, with CVE details echoed across NVD/Red Hat/CVEs. Mitigati...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9342

CVE-2019-9342 affects Android 10 Bluetooth stack. The issue is an out-of-bounds read caused by a missing bounds check, enabling remote information disclosure without user interaction over a network. CVSS highlights: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (base 7.5). Remediation: apply Android 10 sec...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9357

CVE-2019-9357 affects libAACdec in Android 10’s Media Framework. An integer overflow can trigger an out-of-bounds write, enabling remote code execution. Exploitation requires user interaction; no privileges beyond the user. Android 10 patch level 2019-09-01 or later mitigates via released securit...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9362

CVE-2019-9362 affects the Android 10 libSACdec component, where a missing bounds check can cause an out-of-bounds read and potential information disclosure. The issue is described as a remote information disclosure vulnerability with user interaction required for exploitation; no exploitation det...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.40 views

CVE-2019-9435

CVE-2019-9435 affects Android 10 Bluetooth stack, with an out-of-bounds read due to a missing bounds check in the Bluetooth component. This enables local information disclosure without execution privileges and without user interaction. The Android 10 security release notes indicate these issues a...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2020/07/17 7:51 p.m.40 views

CVE-2020-0120

CVE-2020-0120 affects Android 10 in the Media/Camera stack: the vulnerability arises from an out-of-bounds write caused by a heap overflow in QCamera3HWI.cpp (notifyErrorForPendingRequests). This could allow local escalation of privilege without requiring user interaction. The available sources c...

7.8CVSS8.3AI score0.00155EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.40 views

CVE-2020-0144

CVE-2020-0144 affects Android 10; issue is in btm_proc_sp_req_evt in btm_sec.cc where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure via compromised device firmware with System-level privileges required. User interaction is not needed for exploi...

4.4CVSS4.9AI score0.00147EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.40 views

CVE-2020-0197

CVE-2020-0197 affects Android 10, caused by an out-of-bounds read in InitDataParser::parsePssh, enabling local information disclosure without user interaction. Official sources (NVD/Red Hat/NCSC and Pixel bulletin) confirm this Android Media Framework issue and list Android-10 as affected. The vu...

5.5CVSS5.7AI score0.00148EPSS
CVE
CVE
added 2020/09/17 8:54 p.m.40 views

CVE-2020-0274

The CVE-2020-0274 issue affects the Android 11 OMX parser, where a returned raw pointer can cause local information disclosure without requiring user interaction. This is described across multiple sources (NVD/Red Hat/CNVD entries) as an information-disclosure vulnerability tied to the OMX parser...

5.5CVSS5.7AI score0.0014EPSS
CVE
CVE
added 2020/09/18 3:21 p.m.40 views

CVE-2020-0285

CVE-2020-0285 affects Android 11 Telephony. The issue is a missing permission check that enables a local information disclosure without requiring additional execution privileges, and does not require user interaction for exploitation. The vulnerability is described consistently across multiple co...

5.5CVSS5.7AI score0.00136EPSS
CVE
CVE
added 2020/09/17 8:56 p.m.40 views

CVE-2020-0287

The CVE-2020-0287 issue affects libmkvextractor in Android 11. The vulnerability is a resource exhaustion (Denial of Service) caused by a missing bounds check in a component handling MKV extraction. It can be exploited remotely with network access, but requires user interaction to trigger the fla...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/09/17 8:50 p.m.40 views

CVE-2020-0323

CVE-2020-0323 affects the Android 11/libavb stack, where a missing bounds check enables a possible out-of-bounds read that can disclose local information without extra privileges or user interaction. Root cause: improper bounds verification in libavb. Impact: information disclosure (no code execu...

5.5CVSS5.7AI score0.00148EPSS
CVE
CVE
added 2020/09/17 8:57 p.m.40 views

CVE-2020-0351

CVE-2020-0351 affects Android 11 via the libstagefright component, where improper input validation can cause CPU exhaustion leading to remote denial of service. Impact is a DoS with no additional execution privileges required; exploitation is noted as requiring user interaction, but explicit expl...

7.1CVSS6.9AI score0.00781EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.40 views

CVE-2020-0481

This CVE (CVE-2020-0481) concerns Android where in AndroidManifest.xml a permissions bypass enables local elevation of privilege. The impact is that a non-system app could broadcast without having required permissions, with no user interaction. Affected info from the sources specifies Android 11 ...

3.3CVSS5.3AI score0.00127EPSS
CVE
CVE
added 2020/12/15 3:55 p.m.40 views

CVE-2020-0482

CVE-2020-0482 affects Android 11, with an out-of-bounds read in IncidentService.cpp caused by an incorrect bounds check. This could allow local information disclosure and, with system privileges, potential escalation. User interaction is not required. The connected documents corroborate the issue...

4.4CVSS5.1AI score0.00163EPSS
CVE
CVE
added 2020/03/24 5:15 p.m.40 views

CVE-2020-10834

CVE-2020-10834 affects Samsung mobile devices running P(9.0). The issue allows attackers to view notifications on the lock screen via Routines, tied to Samsung ID SVE-2019-15074. Connected sources (Red Hat, NVD/NVD-linked entries, CNVD, CNVD, EUVD, PRION) confirm the vulnerability description but...

5.3CVSS5.4AI score0.0034EPSS
CVE
CVE
added 2020/03/24 5:21 p.m.40 views

CVE-2020-10839

CVE-2020-10839 affects Samsung mobile devices running Android O (8.x), P (9.0), and Q (10.0), where attackers can bypass Factory Reset Protection (FRP) via a SIM card. The vulnerability is associated with Samsung ID SVE-2019-16193 (Feb 2020). Public references in connected sources reiterate the F...

6.8CVSS6.6AI score0.00141EPSS
CVE
CVE
added 2020/03/24 5:24 p.m.40 views

CVE-2020-10841

CVE-2020-10841 affects Samsung mobile devices with P(9.0)/Q(10.0) on Exynos 9610; root cause is an arbitrary kfree in the vipx and vertex drivers. Red Hat/NVD entries corroborate a kernel-free issue with potential high impact (CVE notes partial/confidentiality/availability risks, CVSSv3.1 base 7....

7.8CVSS7.7AI score0.00136EPSS
CVE
CVE
added 2020/07/07 1:24 p.m.40 views

CVE-2020-15580

Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) are affected by CVE-2020-15580, allowing attackers to bypass Factory Reset Protection by enrolling a new lock password. Root cause details are not provided in the documents. Impact is FRP bypass; no exploit vectors or in-the-wild details ...

5.5CVSS5.6AI score0.0013EPSS
CVE
CVE
added 2020/08/31 8:26 p.m.40 views

CVE-2020-25046

CVE-2020-25046 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). The issue is in the USB driver where address information is leaked via kernel logging. Root cause is the USB driver handling/logging that exposes kernel address data; impact reportedly includes partial confidential...

5.5CVSS5.4AI score0.00148EPSS
CVE
CVE
added 2020/08/31 8:25 p.m.40 views

CVE-2020-25049

CVE-2020-25049 affects Samsung mobile devices running P (9.0) and Q (10.0) software, where the StatusBarService has insufficient DEX access control. The vulnerability is documented by NVD as having a high base score (CVSS v3.1: 9.8, NETWORK, NONE user interaction, HIGH confidentiality/integrity/a...

9.8CVSS9.4AI score0.00443EPSS
CVE
CVE
added 2020/12/15 4:0 p.m.40 views

CVE-2020-27024

CVE-2020-27024 affects Android 11. In smp_br_state_machine_event of smp_br_main.cc, there is a missing bounds check causing an out-of-bounds read that can lead to remote information disclosure triggered by a malformed Bluetooth packet, with no user interaction. Bounds Sanitizer mitigates this in ...

7.5CVSS7.3AI score0.0093EPSS
CVE
CVE
added 2020/12/15 4:0 p.m.40 views

CVE-2020-27027

CVE-2020-27027: In the NFC code path, specifically in nfc_ncif_proc_get_routing of nfc_ncif.cc, an out-of-bounds read due to a missing bounds check is described as enabling local information disclosure without requiring user interaction. The Android-11 reference in the initial entry is supported ...

5.5CVSS5.7AI score0.00142EPSS
CVE
CVE
added 2020/12/15 4:1 p.m.40 views

CVE-2020-27030

CVE-2020-27030 (Android 11) describes a permission bypass caused by a flaw in HandleApiCalls.java during onCreate, enabling local escalation of privilege via a confused deputy. This could let an app set or dismiss alarms without additional privileges, with no user interaction required. Exploitati...

7.8CVSS8.2AI score0.00147EPSS
CVE
CVE
added 2020/12/15 4:3 p.m.40 views

CVE-2020-27037

CVE-2020-27037 affects Android 11, with a vulnerability in phNxpNciHal_core_initialized of phNxpNciHal.cc that can trigger an out-of-bounds read due to a missing bounds check. This could lead to local information disclosure on the NFC server and may grant System execution privileges, with no user...

4.4CVSS4.9AI score0.00149EPSS
CVE
CVE
added 2020/12/15 4:6 p.m.40 views

CVE-2020-27053

CVE-2020-27053 affects Android 11. In ClientModeImpl.java, broadcastWifiCredentialChanged has a missing permission check causing a location permission bypass. This could lead to local disclosure of the WiFi network name with System execution privileges; no user interaction is required for exploit...

4.4CVSS5AI score0.00133EPSS
CVE
CVE
added 2021/03/10 3:55 p.m.40 views

CVE-2021-0371

Summary: CVE-2021-0371 is an Android elevation-of-privilege issue. The flaw is in the function nci_proc_rf_management_ntf within nci_hrcv.cc , where an out-of-bounds read can occur due to a missing bounds check. This could enable local privilege escalation to System level without user interaction...

6.7CVSS6.6AI score0.00124EPSS
CVE
CVE
added 2021/03/10 4:0 p.m.40 views

CVE-2021-0378

CVE-2021-0378 is a heap-based out-of-bounds read in pvmp3_getbits.cpp:getNbits affecting Android 11 (Media framework). The vulnerability permits remote information disclosure without extra execution privileges; exploitation requires user interaction per the NVD entry. CVSS details: CVSS v3.1 base...

6.5CVSS6.3AI score0.00759EPSS
CVE
CVE
added 2021/08/18 2:43 p.m.40 views

CVE-2021-0407

CVE-2021-0407 affects the clk driver, with an out-of-bounds write caused by an incorrect bounds check. This can lead to local escalation of privilege with System execution privileges needed; exploitation reportedly requires no user interaction. Public references indicate a patch ID ALPS05479659 (...

6.7CVSS6.7AI score0.00119EPSS
CVE
CVE
added 2021/10/25 1:16 p.m.40 views

CVE-2021-0409

CVE-2021-0409 affects the MediaTek flv extractor, where an out-of-bounds read can occur due to an incorrect bounds check. This may lead to local information disclosure without requiring user interaction. The issue is documented with patch ID ALPS05561359 / Issue ID ALPS05561359. Connected sources...

5.5CVSS5AI score0.00112EPSS
CVE
CVE
added 2021/03/10 4:15 p.m.40 views

CVE-2021-0455

The CVE-2021-0455 issue is described as an out-of-bounds write in the Citadel chip firmware, caused by a missing bounds check. It grants local elevation of privilege with System execution privileges required, and requires no user interaction to exploit. In the provided materials, the vulnerabilit...

7.2CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2021/03/10 4:18 p.m.40 views

CVE-2021-0465

CVE-2021-0465 affects the Android kernel component used by Pixel devices, specifically the GenerateFaceMask function in face.cc. The issue is an out-of-bounds write caused by an incorrect bounds check, enabling local escalation of privilege with no extra execution privileges required and no user ...

7.8CVSS7.7AI score0.00124EPSS
CVE
CVE
added 2021/09/27 11:21 a.m.40 views

CVE-2021-0612

CVE-2021-0612 describes a memory corruption in the m4u component, caused by a use-after-free, enabling local escalation of privilege with system execution privileges required. Exploitation reportedly does not require user interaction. Affected context is Mediatek-based hardware; patch ALPS0540349...

7.8CVSS7.8AI score0.00112EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.40 views

CVE-2021-0901

The CVE-2021-0901 issue affects MediaTek Apusys (chipset component). It describes a memory corruption vulnerability caused by a missing bounds check in apusys, enabling local privilege escalation with System execution privileges required and no user interaction needed. Affected state and impact a...

6.7CVSS6.8AI score0.00113EPSS
CVE
CVE
added 2021/06/11 2:33 p.m.40 views

CVE-2021-25407

Summary (CVE-2021-25407) : A vulnerability in Samsung’s NPU driver (pre-SMR JUN-2021 Release 1) enables an out-of-bounds write, allowing arbitrary memory writes. The issue is rooted in the NPU driver and affects devices using the affected firmware. Publicly disclosed data indicate potential impac...

7.8CVSS7.6AI score0.00171EPSS
CVE
CVE
added 2021/12/08 2:20 p.m.40 views

CVE-2021-25519

CVE-2021-25519 affects Samsung CPLC (Chip/Platform Level Controller) prior to SMR Dec-2021 Release 1. The issue is due to improper access control that allows local attackers to access CPLC information without permission. Affected components include CPLC’s local access path; impact is information ...

4CVSS3.8AI score0.00093EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.40 views

CVE-2022-47340

The CVE-2022-47340 entry describes a vulnerability in UNISOC h265 codec firmware where a missing bounds check allows an out-of-bounds write, causing local denial of service. Affected component: UNISOC h265 codec firmware in UNISOC chipsets; root cause: lack of boundary checking leading to out-of-...

5.5CVSS5.5AI score0.0009EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.40 views

CVE-2022-47495

CVE-2022-47495 affects the soter service on UNISOC chipsets, caused by a missing bounds check leading to an out-of-bounds write. The documented impact is local denial of service with system execution privileges required. CVSS metrics indicate LOCAL attack vector, LOW complexity, HIGH privileges r...

4.4CVSS4.7AI score0.00096EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.40 views

CVE-2022-48381

CVE-2022-48381 affects the modem control device with an out-of-bounds write caused by a missing bounds check. The impact described in the sources is local denial of service with System execution privileges required, without mention of remote access. Documents consistently cite the same generic vu...

4.4CVSS4.7AI score0.00121EPSS
Total number of security vulnerabilities8153