8153 matches found
CVE-2022-28788
CVE-2022-28788 concerns the aviextractor library. A buffer size check logic defect allowed out-of-bounds reads, potentially causing a temporary denial of service prior to Samsung SMR May-2022 Release 1. The patch introduces buffer size checks to address this. The issue is cited across multiple fe...
CVE-2022-30716
CVE-2022-30716 concerns the Samsung DisplayToast component on Android. The issue is an unprotected broadcast in sendIntentForToastDumpLog within DisplayToast, which could let untrusted apps access toast message information from the device. The vulnerability enables information disclosure with a n...
CVE-2022-39885
CVE-2022-39885 affects Samsung DeviceManagement, BootCompletedReceiver_CMCC component, prior to SMR Nov-2022 Release 1. Root cause: improper access control allowing a local attacker to access device information via the BootCompletedReceiver_CMCC in DeviceManagement. Impact: local disclosure of de...
CVE-2022-47359
CVE-2022-47359 concerns the Log Service, where a missing permission check is identified as the root cause. The exposure enables local denial of service in the log service. The available connected records consistently describe a privilege check omission as the flaw, but do not provide product/vend...
CVE-2023-20846
CVE-2023-20846 concerns MediaTek chips where the vulnerability resides in the imgsys_cmdq path, caused by missing valid range checking that enables an out-of-bounds read. The documented impact is local information disclosure with system-level execution privileges required, and exploitation report...
CVE-2023-20850
The CVE concerns the imgsys_cmdq component in MediaTek chips, where an out-of-bounds write can occur due to missing valid range checking. This could permit local escalation of privilege with system execution privileges required, and user interaction is needed for exploitation. Documented impact i...
CVE-2023-21005
CVE-2023-21005 affects Android 13, specifically the Transcode Permission Controllers. The root cause is a missing permission check in getAvailabilityStatus, enabling a possible local escalation of privilege with no additional execution privileges and no user interaction required. Public reference...
CVE-2023-21007
The CVE-2023-21007 entry affects Android 13 and is caused by a missing bounds check in p2p_iface.cpp, resulting in an out-of-bounds read that can lead to local information disclosure with system privileges. The issue is exploitable locally, with no user interaction required, and is tied to the p2...
CVE-2023-21008
Summary : CVE-2023-21008 affects Android 13 with code in p2p_iface.cpp. The root cause is a missing bounds check causing an out-of-bounds read, leading to local information disclosure with system privileges required. Exploitation is described as requiring local access and no user interaction. Imp...
CVE-2023-21079
CVE-2023-21079 affects the Android kernel component related to the dhd_rtt.c function, specifically in the routine named rtt_unpack_xtlv_cbfn . The issue is a heap buffer overflow that can cause an out-of-bounds write. The published descriptions consistently warn of local escalation of privilege ...
CVE-2023-21199
CVE-2023-21199 affects Android 13; the issue is in btu_ble_proc_ltk_req of btu_hcif.cc where a missing bounds check allows an out-of-bounds read. This can lead to local information disclosure with System privileges required. Attack vector is LOCAL with LOW complexity and no user interaction; conf...
CVE-2023-21307
CVE-2023-21307 affects Android’s Bluetooth component. A paired Bluetooth device can bypass permissions to read the device’s long-term identifier, leading to local information disclosure without additional execution privileges; user interaction is required for exploitation. The issue is categorize...
CVE-2023-21377
CVE-2023-21377 : Concrete information shows a local information disclosure via a restriction bypass in the Android SELinux Policy. The issue is triggered by a permissions bypass within the policy, allowing disclosure without extra execution privileges and without user interaction. Exploitation st...
CVE-2023-21387
The CVE-2023-21387 entry concerns Google Android’s User Backup Manager. The connected documents describe a token leakage via log information disclosure that can bypass user confirmation for backups, leading to local information disclosure with System execution privileges potentially required. Thi...
CVE-2024-20036
CVE-2024-20036 describes a permission bypass in the vdec component that may allow local information disclosure with System privileges. Affected: vdec (details across Red Hat, NVD/NIST records). Impact per metrics: confidentiality impact High; integrity/availability not affected; attack vector Loc...
CVE-2024-32917
CVE-2024-32917 affects the pl330_dma_from_peri_start() routine in fp_spi_dma.c, where a missing bounds check enables a possible out-of-bounds write. This can lead to local elevation of privilege with no additional execution privileges required, and does not require user interaction. The issue is ...
CVE-2024-47012
CVE-2024-47012 affects Google Pixel devices via the mm_GetMobileIdIndexForNsUpdate path in mm_GmmPduCodec.c, where an incorrect bounds check can cause an out-of-bounds write. This is described as enabling local escalation of privilege with no extra execution privileges or user interaction require...
CVE-2024-47020
CVE-2024-47020 affects Google Pixel devices running Android prior to the 2024-10-05 patch level, with the vulnerability classified as Information Disclosure in the ABL component (A-331966488). Public descriptors identify an information disclosure bug in ABL on Pixel hardware, but the available do...
CVE-2011-3881
CVE-2011-3881 affects WebKit as used in Google Chrome <15.0.874.102 and Android
CVE-2012-3979
CVE-2012-3979 : The OpenVAS/Nessus entries indicate a vulnerability in Mozilla Firefox for Android where insecure use of __android_log_print can be triggered by a crafted web page using the dump() function, potentially allowing remote code execution. The issue is tied to Firefox for Android speci...
CVE-2016-10276
CVE-2016-10276 (Qualcomm bootloader) targets the Qualcomm bootloader on Android devices, enabling a local malicious app to execute arbitrary code within the kernel context (elevation of privilege). The issue is described as critical due to potential local, permanent device compromise that may req...
CVE-2016-10381
CVE-2016-10381 : The issue affects Qualcomm components in Android CAF releases using the Linux kernel, where the UE can send unprotected MeasurementReports that disclose UE location. Connected documents confirm a Qualcomm information-disclosure vulnerability linked to MeasurementReports, with the...
CVE-2017-0386
CVE-2017-0386 describes an elevation of privilege in the libnl library that could allow a local malicious application to execute arbitrary code within the context of a privileged process on Android. Affected products/versions include Android 5.0.2–7.1 (as listed). The impact is local code executi...
CVE-2017-0424
CVE-2017-0424 affects AOSP Messaging in Android (versions 6.0–7.1.1). It is an information disclosure vulnerability that could allow a local malicious app to bypass OS protections and access data outside its permitted scope when processing a specially crafted file. The issue is described as a mod...
CVE-2017-0477
CVE-2017-0477 is a remote code execution vulnerability in libgdx used by Android. A specially crafted file could cause arbitrary code execution within the context of an unprivileged process, with impact described as High. The vulnerability entry notes affected product/version as Android 7.1.1 and...
CVE-2017-0548
CVE-2017-0548 describes a remote denial-of-service vulnerability in libskia that could allow an attacker to cause a device hang or reboot by processing a specially crafted file. Affected product: Android, specifically versions 7.0 and 7.1.1. The issue is classified as High severity in the Android...
CVE-2017-0604
CVE-2017-0604 concerns Android devices with the Qualcomm power driver in the kernel. The flaw enables a local malicious application to gain elevation of privilege and execute arbitrary code in the kernel context, implying potential local compromise that could require reflashing to repair. The lin...
CVE-2017-0641
CVE-2017-0641 is a remote denial-of-service vulnerability in the libvpx Mediaserver component used by Android. A specially crafted file can cause a device to hang or reboot. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The description does not provide ...
CVE-2017-0776
CVE-2017-0776 is an information-disclosure vulnerability in Android’s Media Framework affecting Android 7.0, 7.1.1, 7.1.2 and 8.0. Root-cause and exact exploit details are not provided in the connected documents; no mitigation/patch details are specified here. Monitor for official patches in Andr...
CVE-2017-13262
CVE-2017-13262 is an Android Bluetooth vulnerability in the BNEP path (bnep_data_ind in bnep_main.cc) where a missing length decrement causes an out-of-bounds read. This can enable remote information disclosure without user interaction. Affected Android versions include 5.1.1 through 8.1. Public ...
CVE-2017-13320
CVE-2017-13320 affects libmpeg2dec, specifically the impeg2d_bit_stream_flush() function, where a missing bounds check can cause an out-of-bounds read. This leads to a remote denial-of-service possibility with no different privileges required; exploitation requires user interaction. Public source...
CVE-2018-6268
CVE-2018-6268 affects NVIDIA Tegra libnvmmlite_video.so, where a use-after-free can cause DoS or privilege escalation. Connected NVIDIA bulletins tie this to Jetson TX1/TX2 Linux for Tegra (L4T) and list R28.3 as the updated release to address multiple related flaws, including 2018-6268. Affected...
CVE-2018-9354
CVE-2018-9354 is a vulnerability in the Android VideoFrameScheduler component: in VideoFrameScheduler.cpp, PLL::fit can trigger a divide-by-zero error leading to a remote denial of service. Multiple connected records confirm the affected area but do not provide concrete patch/version details or a...
CVE-2018-9449
The CVE-2018-9449 entry concerns Google Pixel/Nexus Android devices. The vulnerability is in the SDP discovery path, specifically the function process_service_search_attr_rsp in sdp_discovery.cc, where a missing bounds check can cause an out-of-bounds read. This leads to local information disclos...
CVE-2019-2065
CVE-2019-2065 affects the Android 10 libxaac library, where a missing bounds check enables an out-of-bounds write. This could permit remote code execution over the network with user interaction required. Connected Red Hat and CNVD entries confirm the same description. No concrete patch/version is...
CVE-2019-2111
CVE-2019-2111 affects Android 9. The issue is a heap memory corruption in DnsTlsSocket.cpp caused by a use-after-free, potentially allowing remote code execution in the netd server without user interaction. Publicly stated impact is remote code execution with high severity; exploitation status is...
CVE-2019-2117
The CVE-2019-2117 issue affects Android (7.0–9) and is tied to TelephonyProvider.java. The root cause is a missing permission check in checkQueryPermission, leading to local information disclosure about carrier systems without requiring privileges or user interaction. Impact is information disclo...
CVE-2019-9297
CVE-2019-9297 affects Android 10, within the Android Media Framework (libAACdec). The issue is a potential out-of-bounds write caused by an integer overflow in a decoder component, which could enable remote code execution. Exploitation requires user interaction, and successful exploitation would ...
CVE-2019-9367
CVE-2019-9367 concerns Bluetooth on Android 10 with a missing bounds check causing an out-of-bounds read and potential remote information disclosure. The vulnerability requires no user interaction and can be exploited over the network; exploitation status is not detailed in the provided documents...
CVE-2020-0103
CVE-2020-0103 exploits a memory corruption in a2dp_aac_decoder_cleanup within a2dp_aac_decoder.cc, enabling remote code execution with no privileges or user interaction. Affected software per the initial data includes Android 9 and Android 10. The Android Security Bulletin notes this issue under ...
CVE-2021-0542
CVE-2021-0542 affects Android 11, with the issue residing in the BeamTransferManager.java workflow where a missing permission check in updateNotification can lead to local information disclosure of paired Bluetooth addresses. Exploitation requires no additional execution privileges but may requir...
CVE-2021-0544
CVE-2021-0544 affects Android 11 and is described across multiple sources as an out-of-bounds write in phNxpNciHal.cc (function: phNxpNciHal_print_res_status) caused by a missing bounds check. The vulnerability can lead to local elevation of privilege with System execution privileges required, an...
CVE-2021-0549
CVE-2021-0549 affects Android 11 (Android-11) Bluetooth stack; the vulnerability is in sspRequestCallback within BondStateMachine.java, where log statements can leak Bluetooth MAC addresses, causing local information disclosure with potentially SYSTEM-level privileges. The issue is confirmed acro...
CVE-2021-0558
CVE-2021-0558 is a vulnerability in the Android 11 Media Framework where fillMainDataBuf in pvmp3_framedecoder.cpp can trigger an out-of-bounds read due to a heap buffer overflow. This could allow remote information disclosure and, per the available data, would require user interaction for exploi...
CVE-2021-0559
CVE-2021-0559 is a reported out-of-bounds read in Lag_max of p_ol_wgh.cpp for Android 11, allowing remote information disclosure with user interaction required. Multiple sources (NVD entry, Red Hat advisory, CNVD, NCSC, and OSV) describe the same issue with the bound-check failure in Lag_max; exp...
CVE-2021-0571
CVE-2021-0571 affects Android 11, specifically the code paths in ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() , where a permissions bypass can allow access to restricted activities. The Red Hat/UK and CVE listings corroborate an Elevation of Privilege (EoP) risk with...
CVE-2021-0572
CVE-2021-0572 affects Android 11 with a vulnerability in AccountManagerService.doNotification where an unsafe PendingIntent allows a local permission bypass and potential local information disclosure. Exploitation requires no user interaction and privileges are potentially low with local access. ...
CVE-2021-0939
CVE-2021-0939 affects the Android kernel, description states: in set_default_passthru_cfg of passthru.c there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with system privileges required; user interaction not needed. The provided ...
CVE-2021-0940
CVE-2021-0940 concerns the Android kernel with a vulnerability described as an out-of-bounds write due to improper locking. The issue could enable local escalation of privilege to System execution privileges without user interaction, affecting Android kernel components. Concrete exploit details, ...
CVE-2021-0973
CVE-2021-0973 affects Android 12 and involves a flaw in isFileUri in UriUtil.java that allows bypassing the ignoring of file:// URIs due to improper case-sensitive handling. The issue can lead to local information disclosure with no additional privileges required, and exploitation requires user i...