7579 matches found
CVE-2023-38454
In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
CVE-2023-38457
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
CVE-2023-38461
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
CVE-2023-38463
In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution privileges
CVE-2023-38554
In wcn bsp driver, there is a possible out of bounds write due to a missing bounds check.This could lead to local denial of service with no additional execution privileges
CVE-2023-40641
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-42643
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2023-42682
In gsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-42691
In wifi service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
CVE-2023-42727
In gpu driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed
CVE-2023-42735
In telephony service, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
CVE-2023-42736
In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
CVE-2023-48339
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
CVE-2016-0831
The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka inte...
CVE-2016-3769
The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.
CVE-2016-3837
service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too few characters, aka internal bug 28164077.
CVE-2016-6679
CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1...
CVE-2018-5888
While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVE-2018-5910
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a memory corruption can occur in kernel due to improper check in callers count parameter in display handlers.
CVE-2018-9534
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. An...
CVE-2019-9390
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117551475
CVE-2020-0364
In libDRCdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137282770
CVE-2020-0387
In manifest files of the SmartSpace package, there is a possible tapjacking vector due to a missing permission check. This could lead to local escalation of privilege and account hijacking with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVe...
CVE-2020-0482
In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1507...
CVE-2020-0491
In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-15681952...
CVE-2020-11601
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 (April 2020).
CVE-2020-35552
An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020).
CVE-2021-0423
In memory management driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05385714.
CVE-2021-0618
In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561394; Issue ID: ALPS05561394.
CVE-2021-0659
In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687559; Issue ID: ALPS05687559.
CVE-2021-23243
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
CVE-2023-20773
In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07611449; Issue ID: ALPS07441735.
CVE-2023-21260
In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.
CVE-2023-21332
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-21341
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-30863
In Connectivity Service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-30925
In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30933
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30934
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-30941
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-32788
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33880
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33886
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33901
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-33902
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2023-38440
In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
CVE-2023-38456
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
CVE-2023-38459
In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges
CVE-2023-38553
In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed
CVE-2023-42652
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed