8153 matches found
CVE-2018-9353
CVE-2018-9353 affects the ihevcd_parse_slice_data function in ihevcd_parse_slice.c used by Google Android. The root cause is a missing bounds check that enables a heap buffer out-of-bounds read, allowing remote denial of service with no single execution privilege required. Exploitation requires u...
CVE-2018-9365
CVE-2018-9365 describes a potential out-of-bounds read in the SMP L2C data path (smp_data_received in smp_l2c.cc) that could lead to remote code execution. Exploitation requires user interaction. Multiple connected sources (RH, NVD, CVE lists, Android bulletin) confirm the issue and its remote-co...
CVE-2018-9372
CVE-2018-9372 : The issue is in the Android bootloader path (cmd_flash_mmc_sparse_img in dl_commands.c) where there is a possible out-of-bounds write caused by a missing bounds check. This could allow a local escalation of privilege in the bootloader without additional execution privileges and wi...
CVE-2018-9397
The CVE-2018-9397 entry describes an OOB write in MTK WMT device driver, triggered in WMT_unlocked_ioctl due to a missing bounds check. The consequence is local privilege escalation to SYSTEM with no user interaction required. Documents consistently identify the affected component as the Mediatek...
CVE-2018-9479
CVE-2018-9479 concerns an out-of-bounds write in the Bluetooth SDP server logic (sdp_server.cc) within functions process_service_attr_req and process_service_search_attr_req. The issue, observed across sources including Red Hat and NVD descriptions, could enable remote code execution without addi...
CVE-2018-9492
CVE-2018-9492 concerns Android’s ActivityManagerService.checkGrantUriPermissionLocked, where a permissions bypass could allow local elevation of privilege without user interaction. Affected Android versions are 8.0, 8.1, and 9.0. The vulnerability’s impact is a local, privilege-escalation risk; t...
CVE-2018-9586
The CVE-2018-9586 issue affects Android 7.0, 7.1.1, 7.1.2, 8.0, 8.1 and 9.0. It stems from a race condition in InstallPackageTask.java that can leave package verification turned off, enabling local elevation of privilege with no extra execution privileges or user interaction required. Affected pr...
CVE-2019-1992
CVE-2019-1992 affects Android. In the code path bta_hl_sdp_query_results within bta_hl_main.cc a race condition can cause a use-after-free, leading to remote code execution with no extra privileges needed. The issue is tied to Android versions 7.0–7.1.2, 8.0, 8.1, and 9 (Android ID: A-116222069)....
CVE-2019-2051
CVE-2019-2051 is a vulnerability described in the Android ecosystem: it is a remote-read out-of-bounds issue in the Android system spaces.h encountered while processing a PAC file, allowing potential information disclosure without user interaction. Affected products are Android versions 7.0, 7.1....
CVE-2019-20605
CVE-2019-20605 affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) on Exynos chipsets. The issue is a heap overflow in the Shannon baseband modem, as described in multiple sources (Samsung ID SVE-2019-14071). CVSS metrics from NVD indicate a high/critical risk: Network attack vector...
CVE-2019-20777
CVE-2019-20777 affects LG mobile devices running Android 7.0–9.0 (V40 and G7 family). The issue is in WapService during OTA Provisioning, where OTA provisioning handling is mishandled, constituting the root cause. Documents describe the vulnerable component and affected OS versions but do not pro...
CVE-2019-2112
CVE-2019-2112 : In Android, memory corruption via a use-after-free in alarm.cc could enable local code execution with no authentication and no user interaction. Affected: Android 8.0, 8.1, and 9.0. Root cause: use-after-free in alarm.cc. Impact: local privilege escalation with high severity per C...
CVE-2019-2128
CVE-2019-2128 is an elevation-of-privilege vulnerability in Android’s Media/ACELP code path. The issue is an out-of-bounds write in ACELP_4t64_fx (c4t64fx.c) caused by a missing bounds check, enabling local privilege escalation without extra execution privileges. Affected products include Android...
CVE-2020-0116
CVE-2020-0116 is a local information-disclosure issue in Android 10’s System area stemming from a permissions bypass in LocationAccessPolicy.checkSystemLocationAccess, which could bypass user profile isolation and disclose data without extra execution privileges. Affected product: Android (Androi...
CVE-2020-0478
CVE-2020-0478 targets Android-11, with a vulnerability in restoration.c (extend_frame_lowbd) causing an out-of-bounds write due to a missing bounds check. This can enable local privilege escalation and requires user interaction for exploitation. Affects Android-11; exploitation details or patch/v...
CVE-2020-10831
The provided documents identify CVE-2020-10831 as affecting Samsung mobile devices running O(8.x), P(9.0), and Q(10.0) software, where attackers can trigger an update to arbitrary touch‑screen firmware. The root cause and exact vulnerable component are not elaborated in the supplied sources, and ...
CVE-2020-26600
CVE-2020-26600 concerns Samsung mobile devices running Q(10.0). The issue involves the Auto Hotspot feature, which can allow a remote attacker to obtain sensitive information over the network. Key details from connected sources: Affected product area: Samsung Mobile Android distribution with Q(10...
CVE-2020-26604
CVE-2020-26604 affects Samsung Android SystemUI across O(8.x) to R(11.0). The issue enables a network-sourced attack via PendingIntent where an unprivileged process can access contact numbers. Affected component: SystemUI on Samsung devices; root cause: incorrect handling of PendingIntent permiss...
CVE-2020-26605
Technical details about CVE-2020-26605 are not publicly provided in the supplied documents. Monitor for updates from vendors (Samsung security page, Red Hat, NCSC advisories) for affected products, fixes, and impact.
CVE-2020-28340
Samsung CVE-2020-28340 affects mobile devices running O(8.x) to R(11.0) and describes a vulnerability that allows bypassing Factory Reset Protection via Secure Folder (Samsung ID SVE-2020-18546). NVD reports CVSSv3.1 base score 9.8 (CRITICAL) and CVSSv2 base score 7.5 (HIGH); attack vector NETWOR...
CVE-2020-35554
CVE-2020-35554 affects LG mobile devices running Android 8.x–10 with a WebView SSL error-handler vulnerability. The issue is described as an SSL handling weakness in WebView, linked to LG’s internal identifier LVE-SMP-200026 (December 2020). Connected sources corroborate the vulnerability across ...
CVE-2021-0367
The CVE-2021-0367 entry describes a race-condition induced memory corruption in Android’s vpu component, enabling local escalation of privilege with System permissions required and no user interaction. Affected products are Android 10 and Android 11; the issue is tied to patch ALPS05371580 (Issue...
CVE-2021-0623
CVE-2021-0623 affects the asf extractor component. The linked records describe an out-of-bounds read caused by an integer overflow, leading to local information disclosure without requiring user interaction. The vulnerability is documented across multiple sources (including NVD and vendor/Red Hat...
CVE-2021-25338
CVE-2021-25338 describes an improper memory access control weakness in the RKP of Samsung mobile devices prior to the SMR Mar-2021 Release 1. The issue allows a compromised kernel to write portions of the RKP EL2 memory region, implying local attacker capabilities with kernel-level access and pot...
CVE-2022-20289
CVE-2022-20289 affects Android 13: a side-channel in PackageInstaller can reveal whether an app is installed without query permissions, causing local information disclosure with no user interaction. Root cause: information disclosure via PackageInstaller side channel. Impact: potential exposure o...
CVE-2022-20311
CVE-2022-20311 affects Android 13 Telecomm: a missing permission check could disclose registered self-managed phone accounts, enabling local information disclosure with low risk of exploitation (attack vector LOCAL, UI:N). Root cause is a permission check omission in Telecomm that exposes sensiti...
CVE-2022-20339
CVE-2022-20339 affects Android 13 and is caused by an insecure SEpolicy configuration that allows access to the network neighbor table, leading to local information disclosure of network topography with no additional execution privileges and no user interaction required. The incident is described...
CVE-2022-20531
The provided connected documents confirm CVE-2022-20531 affects Android’s Telecom component, describing a side-channel information disclosure that lets an app determine if another app is installed without query permissions. This enables local information disclosure with no extra execution privile...
CVE-2022-21765
CVE-2022-21765 affects the CCCI component. The root cause is a missing bounds check that enables an out-of-bounds write, leading to local escalation of privilege with SYSTEM-level execution rights. Exploitation reportedly does not require user interaction. A patch is referenced (Patch ID: ALPS066...
CVE-2022-22267
Samsung ActivityMetricsLogger on mobile devices is affected by CVE-2022-22267: an implicit intent hijacking flaw that can disclose information about a running application. The vulnerability is tied to ActivityMetricsLogger before SMR Jan-2022 Release 1. Documented impact is information disclosure...
CVE-2022-26095
CVE-2022-26095 affects the libsimba library, with a null pointer dereference in the parser_colr function prior to Samsung SMR Apr-2022 Release 1, enabling out-of-bounds writes by a remote attacker. Impacts and mitigations from connected docs indicate vulnerable component is the parser_colr code p...
CVE-2022-26429
CVE-2022-26429 concerns a missing permission check in the cta component, enabling an app to write permission usage records. This constitutes a local privilege escalation vulnerability with a LOCAL attack vector, LOW privileges required, and NO user interaction needed. The NVD entry cites a patch ...
CVE-2022-26436
The vulnerability CVE-2022-26436 affects the emi mpu component and is caused by a missing bounds check, leading to an out-of-bounds read. This can lead to local information disclosure with System execution privileges required, and no user interaction is needed. A patch identified as ALPS07023666 ...
CVE-2022-32612
CVE-2022-32612 concerns a possible memory-use-after-free in the MediaTek/vcu stack caused by a race condition. Reported as enabling local escalation of privilege with System execution privileges required and no user interaction needed. Multiple sources confirm the issue, but public details about ...
CVE-2022-33687
Exposure of Sensitive Information in telephony-common.jar prior to the Samsung SMR July‑2022 Release 1 allows a local attacker with log access to obtain IMSI from device logs. The issue stems from information disclosure in telephony-common.jar on Samsung mobile devices. Affected component: teleph...
CVE-2022-33694
CVE-2022-33694 is an exposure of sensitive information in the Samsung CSC application on Samsung Mobile devices. The root issue is disclosure of wifi information through unprotected intent broadcasting within the CSC app prior to the SMR July 2022 release 1. The vulnerability permits a local atta...
CVE-2022-33697
CVE-2022-33697 corresponds to a local information-disclosure vulnerability in Samsung ImsCore, specifically ImsServiceSwitchBase, where IMSI can be exposed via device logs. Affected software: ImsCore prior to SMR Jul-2022 Release 1. Root cause: failure to protect sensitive information in logs; re...
CVE-2022-38680
In CVE-2022-38680, the vulnerability is in the WLAN driver where a missing parameter check can allow local denial of service against WLAN services. Affected component: WLAN driver (details on exact versions not provided). Root cause: insufficient validation of parameters leading to resource disru...
CVE-2022-38683
CVE-2022-38683 affects the contacts service, where a missing permission check could allow local denial of service without additional execution privileges. Public documents consistently describe a local, privilege-check issue in the contacts service as the root cause. The CVSS vector indicates LOC...
CVE-2022-38686
The documents confirm a vulnerability in the wlan driver caused by a missing parameter check, enabling local denial of service in wlan services. Affected component: wlan driver (no specific vendor or version provided in the sources). Root cause: insufficient input validation leading to a service ...
CVE-2022-39114
CVE-2022-39114 describes a missing permission check in the Music service that can lead to a local denial of service without requiring additional execution privileges. The NVD entry assigns a CVSS v3.1 base score of 5.5 (Local, Low attack complexity, Low privileges required, Availability impact), ...
CVE-2022-39126
CVE-2022-39126 affects the sensor driver with an out-of-bounds write caused by a missing bounds check, leading to local kernel denial of service. Multiple sources (NVD, Red Hat, CNNVD, PRION, etc.) reproduce the description and tie it to Unisoc chipsets (sensor driver). The documents do not provi...
CVE-2022-42541
CVE-2022-42541 is a Remote Code Execution vulnerability associated with Google Chromecast/Android Secure Monitor (AMLogic). Public sources in the connected documents describe a critical impact (CVSS v3.1: 9.8, Network attack vector, no authentication, no user interaction) affecting confidentialit...
CVE-2022-44444
The CVE-2022-44444 entry concerns a vulnerability in the WLAN driver caused by a missing bounds check. Affects the WLAN driver component and could lead to local denial of service in WLAN services. Exploitation details, affected versions, and a confirmed patch/remediation are not disclosed in the ...
CVE-2022-47327
CVE-2022-47327 affects WLAN driver components with a missing permission check that can lead to local information disclosure. Multiple connected sources (including Red Hat, NVD, CNNVD) corroborate the core flaw: unauthorized local access to sensitive information due to insufficient privilege valid...
CVE-2022-47364
The CVE-2022-47364 entry concerns a vulnerability in the wlan driver caused by a missing bounds check, enabling an out-of-bounds write that could lead to local denial of service in wlan services. Documents consistently identify the affected component as the wlan driver and describe the impact as ...
CVE-2022-48234
CVE-2022-48234 affects UNISOC chipsets’ FM service module. The entry notes a missing parameter check in FM service, enabling local denial of service. Documents list NVD/Red Hat/CVE records with CVSS v3.1 metrics (AV:L, AC:L, PR:L/H, UI:N, S:U, C:N/I:N/A:H) and a base score around 5.5 (NVD) or 4.4...
CVE-2023-20611
CVE-2023-20611 concerns a race-condition related use-after-free in the GPU component, leading to local escalation of privilege with SYSTEM privileges required and no user interaction. Patch ALPS07588678/ALPS07588678 is referenced. Multiple sources (NVD, Red Hat, CVE listings) corroborate the same...
CVE-2023-20613
The CVE-2023-20613 entry refers to a vulnerability in the MediaTek ril component where a missing bounds check allows an out-of-bounds write, potentially enabling local escalation of privileges to SYSTEM with no user interaction required. Exploitation status is not detailed in the documents, but t...
CVE-2023-20716
CVE-2023-20716 concerns the wlan component in MediaTek chips, where an out-of-bounds write occurs due to a missing bounds check in the WLAN driver. This can lead to local escalation of privileges with System execution rights, and no user interaction is required. Reported patch: ALPS07796883 (Issu...