8153 matches found
CVE-2018-9578
CVE-2018-9578 describes an out-of-bounds write in ixheaacd_adts_crc_start_reg (ixheaacd_adts_crc_check.c) on Android 9, caused by a missing bounds check. This could enable remote escalation of privilege without user interaction. Connected CNVD notes specify Android 9 exposure and indicate the iss...
CVE-2018-9580
CVE-2018-9580 is an Elevation of Privilege in the HTC bootloader affecting Android kernel components. The issue is categorized as EoP with high risk (CVSS v3.0 base score 9.8) and high impact on confidentiality, integrity, and availability; exploitation details or vectors are not disclosed in the...
CVE-2019-2149
CVE-2019-2149 affects the libxaac component in Android 10. The issue is an out-of-bounds read caused by a missing bounds check, leading to potential information disclosure. Exploitation requires user interaction. Multiple sources (Android NVD entry, Red Hat, CNVD, etc.) corroborate this vulnerabi...
CVE-2019-2161
In Android 10, the libxaac library contains an information-disclosure vulnerability caused by a missing bounds check, leading to an out-of-bounds read. It affects Android-10, with exploitation requiring user interaction. Several sources (NVD, Red Hat, CNVD, CVE records) consistently describe this...
CVE-2019-2168
CVE-2019-2168 affects the libxaac library in Android 10. The issue is information disclosure caused by uninitialized data, requiring user interaction to exploit. The vulnerability manifests as partial confidentiality impact with no integrity/availability impact stated, and a network attack vector...
CVE-2019-9286
CVE-2019-9286 affects Android 10 components via Bluetooth, describing an out-of-bounds read caused by a missing bounds check that could enable remote information disclosure without user interaction. The NVD notes CVSSv3.1 base score 7.5 (HIGH) with network attack vector, no privileges, UI: NONE, ...
CVE-2019-9317
CVE-2019-9317 affects Android 10’s libstagefright, where a missing variable initialization could allow remote information disclosure. Root cause is an uninitialized variable in libstagefright, enabling information leakage without additional privileges; exploitation requires user interaction per t...
CVE-2019-9327
CVE-2019-9327 affects the Android 10 Bluetooth stack. Root cause: missing bounds check causing an out-of-bounds read, enabling remote information disclosure with no privileges and no user interaction over a network. Exploitation status is not detailed in the provided documents. Remediation accord...
CVE-2019-9378
CVE-2019-9378 affects Android 10 in the Framework/Activity Manager area, where a permission check weakness allows local elevation of privileges without user interaction. The issue enables a bypass of access controls to gain higher privileges on the device, with Local attack vector and no authenti...
CVE-2020-0061
CVE-2020-0061 pertains to Pixel Recorder on Android, where a permissions bypass can allow arbitrary apps to record audio, leading to local information disclosure without extra execution privileges. The vulnerability affects the Android System component as listed in the Pixel Update Bulletin (Syst...
CVE-2020-0169
CVE-2020-0169 affects Android 10: In RTTTL_Event of eas_rtttl.c, there is a missing bounds check that can cause resource exhaustion, leading to remote Denial of Service. Exploitation requires user interaction. The issue is documented across multiple feeds (NVD entry for CVE-2020-0169, RH Red Hat ...
CVE-2020-0208
CVE-2020-0208 affects Android Framework, specifically in multiple functions of AccountManager.java, where a permissions bypass could enable local privilege escalation with no additional execution privileges needed and without user interaction. The vulnerability is reflected in multiple sources: N...
CVE-2020-0282
Technical details about CVE-2020-0282 are not publicly disclosed in the provided documents. No concrete product/version/exploit information is present beyond the Android-11 NFC bounds issue. Monitor for updates from official advisories.
CVE-2020-0314
CVE-2020-0314 affects Android 11 AudioService, where missing permission checks could enable local disclosure of audio configuration without extra execution privileges. The root cause is insufficient permission validation in AudioService, with exploitation not requiring user interaction. Documente...
CVE-2020-0364
CVE-2020-0364 affects Android 11 via libDRCdec, where a missing bounds check causes an out-of-bounds read that can disclose information remotely. Exploitation requires user interaction. The issue is documented as fixed in the Android 11 security release notes; update to Android 11 with the patch ...
CVE-2020-0491
CVE-2020-0491 affects Android 11 on Pixel devices. The issue is in readBlock of MatroskaExtractor.cpp, where resource exhaustion can cause a denial of service. This can enable remote DoS with user interaction required for exploitation. Exploitation details, affected build patches, and concrete re...
CVE-2020-10842
The CVE-2020-10842 issue affects Samsung mobile devices on O(8.x), P(9.0), and Q(10.0) using S.LSI chipsets. A heap out-of-bounds write in the tsmux driver is identified as the root cause. Impact is described in CVSS terms as high for confidentiality, integrity, and availability (local exploit, l...
CVE-2020-15579
CVE-2020-15579 describes a FRP bypass on Samsung mobile devices running O(8.x), P(9.0) and Q(10.0) via the KNOX API (Samsung ID SVE-2020-17318). Documents consistently identify FRP bypass as the issue; no concrete exploit technique, affected model list, or fixed version is provided in the sources...
CVE-2020-27050
CVE-2020-27050 affects Android 11 with an issue in rw_i93_send_cmd_write_multi_blocks (rw_i93.cc). The root cause is a heap buffer overflow causing an out-of-bounds write, which the description states could lead to local privilege escalation with no additional execution privileges required. User ...
CVE-2021-0415
CVE-2021-0415 concerns a vulnerability in the Mediatek memory management driver where a missing permission check can disclose local information without requiring user interaction. The issue affects the in-memory management component (Mediatek chipset context) and enables information leakage with ...
CVE-2021-0425
CVE-2021-0425 relates to a side-channel information disclosure in the memory management driver, enabling local information disclosure without user interaction. The vulnerability affects the memory-management component and is tied to the Mediatek ecosystem per linked advisories. The root cause is ...
CVE-2021-0629
The CVE-2021-0629 entry centers on the mdlactl driver, where a use-after-free leads to memory corruption and local privilege escalation, requiring System privileges but no user interaction. Multiple connected records corroborate the issue and cite patch ALPS05776625 (Issue ID ALPS05776625) as the...
CVE-2021-25383
The CVE-2021-25383 entry concerns the Samsung libsapeextractor library. Affected component: scmn_mfal_read() in libsapeextractor. Root cause: improper input validation prior to SMR MAY-2021 Release 1. Impact: allows an attacker to execute arbitrary code on the mediaextractor process. Public detai...
CVE-2021-25483
Summary of CVE-2021-25483 (livfivextractor) : The vulnerability affects the livfivextractor library prior to Samsung SMR Oct-2021 Release 1, due to a lack of boundary checking in a buffer which allows an out-of-bounds read. Reported across multiple feeds (NVD, Red Hat advisory, CVE lists, and CNN...
CVE-2021-25484
The CVE-2021-25484 entry concerns an improper authentication flaw in InputManagerService. Affected component: InputManagerService (Samsung SMR prior to Oct-2021 Release 1). Impact stated: it allows monitoring the touch event. Documented references indicate a Samsung security update (securityUpdat...
CVE-2022-48385
CVE-2022-48385 affects the UNISOC chipsets cp_dump driver. The vulnerability is an out-of-bounds write caused by a missing bounds check, leading to local denial of service with System execution privileges required. The CVSS/metrics indicate LOCAL access, HIGH privileges, no user interaction, and ...
CVE-2022-48442
CVE-2022-48442 affects the dialer service with a missing permission check, enabling local denial of service with no extra privileges. The connected sources consistently describe this impact, but do not provide concrete exploit details or remediation (no patch/version information is present in the...
CVE-2022-48460
CVE-2022-48460 affects the UNISOC setting service. The root cause is undefined behavior from incorrect error handling, leading to local denial of service without additional privileges. Public details across connected documents confirm the issue’s nature but do not specify exact affected products/...
CVE-2023-20700
CVE-2023-20700 affects Widevine in MediaTek chips. The vulnerability is described as an out-of-bounds write caused by a logic error, enabling local escalation of privilege with System execution privileges required; user interaction is not needed. Patch ID ALPS07643304 (Issue ALPS07643304) is refe...
CVE-2023-20767
CVE-2023-20767 affects the pqframework. The root cause is a missing bounds check that enables an out-of-bounds write, potentially allowing local privilege escalation with System execution privileges. Exploitation requires no user interaction. The patch referenced is ALPS07629585 (Issue ALPS076295...
CVE-2023-21260
CVE-2023-21260 affects Android Automotive OS (AAOS) Packages component. A malicious app can exploit the notification access permission dialog by embedding an excessively long service label that can overflow the user prompt and display misleading information as a system message for user confirmati...
CVE-2023-21345
CVE-2023-21345 is described as an information-disclosure issue in Android’s Game Manager Service where an attacker can determine if an app is installed without query permissions via a side-channel. The available documents indicate local exploitation with no user interaction and a low overall risk...
CVE-2023-30865
CVE-2023-30865 affects the dialer service where a missing permission check can allow local information disclosure without extra privileges. The common description across sources states the root cause is inadequate permission verification, enabling disclosure with low attack complexity and local a...
CVE-2023-30919
The CVE-2023-30919 vulnerability is due to a missing permission check in the messaging service, enabling local information disclosure without requiring additional execution privileges. Public records (NVD, Red Hat, PRION, CVE listing) describe the issue as a local-privilege-context information ex...
CVE-2023-30922
CVE-2023-30922 describes a missing permission check in the messaging service, leading to local information disclosure without extra execution privileges. The vulnerability is reported across multiple sources tied to UNISOC chipsets (e.g., SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T...
CVE-2023-30925
CVE-2023-30925 describes a missing permission check in the opm service that can cause local information disclosure without requiring extra privileges. Multiple sources (including NVD and Red Hat) confirm the issue and its impact, with a CVSSv3.1 base score of 5.5 (Local access, Confidentiality im...
CVE-2023-30934
The CVE-2023-30934 entry describes a local information disclosure in the telephony service due to a missing permission check. Affected scope is supported by connected records noting UNISOC chipset impacts (e.g., various SC-series and T-series devices) with exploitation possible without additional...
CVE-2023-30940
CVE-2023-30940 : A missing permission check in the telephony service allows local information disclosure without additional privileges. Documented impact is data exposure (confidentiality impact) with a local attack surface. Affected platforms include Unisoc-based devices (e.g., certain SC famili...
CVE-2023-33882
CVE-2023-33882 involves a missing permission check in the telephony service that could cause local information disclosure without additional privileges. Connected sources consistently describe a local-impact vulnerability with HIGH confidentiality impact and a CVSS‑3.1 base score of 5.5 (LOCAL, L...
CVE-2023-33888
CVE-2023-33888 affects the telephony service with a missing permission check that can lead to local information disclosure. Connected documents identify these as UNISOC-chipset telephony services, listing affected devices such as SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T612/T616/T820/S80...
CVE-2023-33899
The CVE-2023-33899 issue affects the telephony service (notably on UNISOC chipsets per connected records). The root cause is a missing permission check that could allow a local attacker to disclose information without any additional execution privileges. Multiple sources confirm the description a...
CVE-2023-33901
CVE-2023-33901 affects UNISOC Bluetooth service due to a missing permission check, enabling local information disclosure without extra privileges. Public details in connected sources enumerate affected UNISOC chipsets, including SC9863A, SC9832E, SC7731E, T610, T310, T606, T760, T618, T612, T616,...
CVE-2023-38443
CVE-2023-38443 affects vowifiservice. The root cause is a missing permission check, enabling local privilege escalation without additional execution privileges. CVSSv3.1 vectors indicate Local access, Low attack complexity, Low privileges required, with High impact on confidentiality, integrity, ...
CVE-2023-38449
CVE-2023-38449 affects vowifiservice and is caused by a missing permission check, enabling local privilege escalation with no additional execution privileges (per the CVE description and connected records). The NVD entry shows a CVSS v3.1 base score of 7.8 (HIGH) with local attack vector, low att...
CVE-2023-38462
CVE-2023-38462 affects vowifiservice, where a possible missing permission check could allow a local denial-of-service with no additional privileges. The NVD entry lists a CVSSv3.1 base score of 5.5 (Local, Low attack complexity, Privileges Required: Low, Privilege: None for confidentiality/integr...
CVE-2023-38467
CVE-2023-38467 affects the urild service and is caused by a missing bounds check that enables an out-of-bounds write. This can lead to a local denial of service with SYSTEM privileges required. Reported CVSSv3.1 vector (L/L/H/N/U) indicates local access, low complexity, high privileges required, ...
CVE-2023-38553
CVE-2023-38553 affects the gnss service on Unisoc chipsets, where a missing bounds check can trigger an out-of-bounds write. This could allow local escalation of privilege with System execution privileges needed (local, high privileges, no user interaction). The provided documents do not specify ...
CVE-2023-42672
The CVE-2023-42672 entry concerns UNISOC/imsservice with a missing permission check, enabling an attacker to write permission usage records and cause local information disclosure without executing code. Affected component: imsservice in UNISOC chipsets. Root cause: absence of permission validatio...
CVE-2023-42692
CVE-2023-42692 concerns the wifi service on UNISOC chipsets, where a missing permission check can allow local escalation of privilege with no extra privileges. The CVSS 3.1 base vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects a high impact to confidentiality, integrity, and availability. Pu...
CVE-2023-42727
The CVE-2023-42727 entry concerns an out-of-bounds write in a GPU driver caused by an incorrect bounds check, leading to local denial of service with SYSTEM privileges required. Multiple connected records corroborate that the affected component is the GPU driver and describe the same root cause a...