8153 matches found
CVE-2018-9432
CVE-2018-9432 affects Android components in BluetoothPermissionActivity.java (specifically in createPhonebookDialogView and createMapDialogView), where a permissions bypass could allow local elevation of privilege by hiding and bypassing the user’s ability to disable access to contacts. The descr...
CVE-2018-9440
CVE-2018-9440 affects Android’s Media Framework (M3UParser.cpp): parsing can trigger resource exhaustion and DoS without elevated privileges, requiring user interaction to exploit. Red Hat and NVD entries corroborate the DoS impact with UI interaction. Android’s security bulletin (Sept 2018) list...
CVE-2018-9469
CVE-2018-9469 affects Android framework components where ShortcutService.java can create a spoofed shortcut due to a missing permission check. This could enable a local elevation of privilege in a privileged app, with exploitation requiring user interaction. Connected documents confirm the same ...
CVE-2018-9555
CVE-2018-9555 applies to Android Bluetooth, where the function l2c_lcc_proc_pdu in l2c_fcr.cc contains a missing bounds check causing an out-of-bounds write. This can enable remote escalation of privilege via Bluetooth with no user interaction, impacting Android 7.0–9 according to the CVE record....
CVE-2019-1993
CVE-2019-1993 affects Android 8.0–9, with a memory corruption/integer overflow in the btif_hd.cc register_app function. The issue can enable local escalation of privilege with no additional execution privileges and does not require user interaction. Root cause: integer overflow leading to memory ...
CVE-2019-2027
CVE-2019-2027 affects Android’s Media framework. The vulnerability is a floor0_inverse1 out-of-bounds write in floor0.c caused by an incorrect bounds check, leading to remote code execution. Exploitation requires user interaction, and impact is rated high (RCE) across Android 7.0 through 9 in the...
CVE-2019-20534
CVE-2019-20534 affects Samsung mobile devices running Android P (9.0). The issue allows an attacker to view the home-screen wallpaper by adjusting the brightness on a locked screen. The description repeatedly mirrors Samsung’s SVE-2019-15540 identifier; Red Hat and CNVD/EUVD/CVE records corrobora...
CVE-2019-20586
CVE-2019-20586 affects Samsung mobile devices running O(8.1) and P(9.0) with TEEGRIS. Root cause is a type confusion in the FINGERPRINT Trustlet, enabling arbitrary code execution. Exploitation details are not provided in the available documents, and no public patch/version fix is specified; one ...
CVE-2019-20589
CVE-2019-20589 concerns Samsung mobile devices with O(8.x) and P(9.0) on TEEGRIS. A type confusion in the SKPM Trustlet can lead to arbitrary code execution. Affected platform details are cited in multiple sources; the vulnerability is tied to the Trustlet’s handling of internal objects, enabling...
CVE-2019-20770
CVE-2019-20770 affects LG mobile devices running Android 9.0. The HAL service contains a buffer overflow that leads to arbitrary code execution. Sources in connected documents (Red Hat and NVD entries) confirm the description and LG’s internal ID LVE-SMP-190013 (Sept 2019). No further exploit det...
CVE-2019-2133
CVE-2019-2133 affects Android and is rooted in the Mfc_Transceive path of phNxpExtns_MifareStd.cpp, where a heap buffer overflow can cause an out‑of‑bounds write. This vulnerability could enable local elevation of privilege with no extra execution privileges, with user interaction required to exp...
CVE-2019-9418
CVE-2019-9418 affects Android 10 via libstagefright, where a missing bounds check can cause resource exhaustion leading to remote DoS with no extra privileges required (user interaction). Connected sources confirm the issue and indicate mitigation through Android 10 patch level 2019-09-01 or late...
CVE-2019-9429
CVE-2019-9429 affects the profman component in Android 10. The issue is a memory corruption–related out-of-bounds write that could enable local privilege escalation with no user interaction. Exploitation is described as local; no remote/vector details are provided. Mitigation: apply Android 10 se...
CVE-2020-0020
CVE-2020-0020 affects the Android 10 ExifInterface.getAttributeRange implementation. The issue is an incorrect bounds check in redacting location metadata from media files, enabling local information disclosure with no user interaction required (privileges: none; attack vector: LOCAL; CVSS v3.1 b...
CVE-2020-0121
CVE-2020-0121: In Android 10, a logic error in AppOpsService.updateUidProcState allows a local information disclosure of location data with user privileges and no user interaction. Affected software is Android 10; root cause is a logic flaw enabling a permission bypass in updateUidProcState. Impa...
CVE-2020-0189
In Android 10, the vulnerability CVE-2020-0189 affects the Media Framework (hevc/decoder path) via ihevcd_decode() in ihevcd_decode.c, causing resource exhaustion from an infinite loop. This can lead to remote denial of service without extra execution privileges; exploitation requires user intera...
CVE-2020-0267
CVE-2020-0267 affects Android 11 WindowManager. The issue allows a local attacker to trigger the launch of a malicious app due to a confused deputy, causing elevation of privilege without extra execution privileges, with user interaction required for exploitation. Affected component is WindowMana...
CVE-2020-0309
CVE-2020-0309 affects Android 11 Bluetooth server and is described across multiple sources as an out-of-bounds write caused by an integer overflow, enabling local elevation of privilege to System with no user interaction required. The vulnerability concerns the Android-11 Bluetooth stack and is l...
CVE-2020-0369
CVE-2020-0369 affects libavb and is an out-of-bounds write caused by an integer overflow that can lead to local privilege escalation without user interaction. Exploitation details are not provided in the connected documents beyond the local-privilege-elevation impact for Android 11. Remediation i...
CVE-2020-11873
CVE-2020-11873 affects LG mobile devices running Android OS 7.2, 8.0, 8.1, 9 and 10. The vulnerability is a stack-based overflow in the logging tool, causing privilege escalation. Root cause is a stack overflow in the logging component; impact is elevated privileges for an attacker without user i...
CVE-2020-13831
CVE-2020-13831 affects Samsung mobile devices running O(8.x) and P(9.0) on Exynos 7570. The vulnerability stems from the Trustonic Kinibi component, which allows arbitrary memory mapping. This yields high-severity impact (partial confidentiality, integrity, and availability; in NVD, CVSSv3.1 base...
CVE-2020-13832
Technical details about CVE-2020-13832 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2020-26599
CVE-2020-26599 affects Samsung mobile devices running Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication, enabling potential credentialless interaction with the lockscreen flow. The Samsung ID SVE-2020-17079 (October 2020) is cited. Connected advis...
CVE-2020-27098
CVE-2020-27098 affects Android 11 and targets UriGrantsManagerService.checkGrantUriPermission. The vulnerability describes a permissions bypass that could allow an app to access contacts via a local, privilege-escalation path without user interaction. It is a local information-disclosure issue (c...
CVE-2021-0895
In CVE-2021-0895, the affected component is MediaTek Apusys (apusys). The issue is an out-of-bounds write caused by a missing bounds check, enabling local escalation of privileges with System execution privileges required; exploitation is possible without user interaction. The vulnerability is li...
CVE-2021-25361
The CVE-2021-25361 issue affects Samsung’s stickerCenter component prior to SMR APR-2021 Release 1. The vulnerability stems from improper access control, enabling a local attacker to read or write arbitrary files of the system process via an untrusted application. Public documentation consistentl...
CVE-2021-25387
The CVE-2021-25387 issue affects Samsung’s libsflacextractor library, specifically the sflacfd_get_frm() function. The root cause is improper input validation in sflacfd_get_frm(), which can lead to arbitrary code execution in the mediaextractor process. Affected software is the libsflacextractor...
CVE-2021-25428
The CVE-2021-25428 entry concerns Samsung’s PackageManager, affected before the SMR July-2021 Release 1. The root cause is an improper validation check in PackageManager that can let untrusted apps obtain dangerous level permissions without user confirmation in limited circumstances (local, low c...
CVE-2022-20267
The CVE-2022-20267 issue affects Android 13’s Bluetooth implementation. It arises from a missing permission check that could allow enabling or disabling Bluetooth connections without user consent, enabling local elevation of privilege with no user interaction required. Affected component: Bluetoo...
CVE-2022-20279
CVE-2022-20279 affects Android 13, specifically through DevicePolicyManager where a side-channel can reveal whether an app is installed without query permissions, enabling local information disclosure with no extra privileges. The issue is categorized as a Framework component vulnerability (Polic...
CVE-2022-20286
CVE-2022-20286 affects Android 13 under the Connectivity component. A logic error can bypass the restriction on starting activities from the background, potentially enabling local privilege escalation with user privileges and no user interaction required. Documented impact: local elevation of pri...
CVE-2022-20293
CVE-2022-20293 affects Android 13 LauncherApps: a side-channel disclosure lets a local attacker determine whether an app is installed without query permissions, enabling local information disclosure with no execution privileges and no user interaction. Affected component: LauncherApps; root cause...
CVE-2022-20295
CVE-2022-20295 affects Android 13 via a missing permission check in ContentService, enabling information disclosure by checking whether an account exists on the device. Impact is local, with no user interaction required beyond local access; exploits are described as requiring user privileges but ...
CVE-2022-20315
CVE-2022-20315 affects Android 13 with a missing permission check in ActivityManager, causing disclosure of installed packages via local information disclosure without extra privileges and no user interaction. Affected component: ActivityManager; root cause: inadequate permission check; impact: l...
CVE-2022-32608
CVE-2022-32608 describes a race-condition–driven use-after-free in the jpeg component that can allow local escalation of privilege to SYSTEM. Exploitation is possible without user interaction, with local access required. Reported patch/identifier: ALPS07388753 (Issue ID: ALPS07388753). Connected ...
CVE-2022-32613
CVE-2022-32613 affects the vcu component. A race condition can cause memory corruption, enabling local privilege escalation with SYSTEM execution privileges and no user interaction required. The exploitation vector/status is not detailed in the provided documents, but a patch is identified (ALPS0...
CVE-2022-32614
CVE-2022-32614 concerns a memory corruption flaw in Audio processing within MediaTek chipsets. The root cause is a logic error in the audio path that can allow local privilege escalation to SYSTEM level with no user interaction required. Exploitation details are not provided in the available docu...
CVE-2022-32617
CVE-2022-32617 affects the typec component in affected MediaTek hardware. The root cause is an out-of-bounds write caused by an incorrect buffer-size calculation, enabling local privilege escalation for an attacker with physical access and no extra privileges or user interaction required. The vul...
CVE-2022-32640
CVE-2022-32640 concerns MediaTek Meta WiFi with an out-of-bounds write caused by a missing bounds check. The vulnerability enables local privilege escalation with SYSTEM level execution privileges required; no user interaction is needed. Connected documents confirm affected component is Meta WiFi...
CVE-2022-32641
CVE-2022-32641 affects Meta Wifi implementations in MediaTek chipsets, with an out-of-bounds read caused by a missing bounds check. This can enable local escalation of privilege with System execution privileges required; exploitation reportedly does not require user interaction. The patch referen...
CVE-2022-36849
CVE-2022-36849 is a use-after-free vulnerability in the sdp_mm_set_process_sensitive function of the sdpmm driver, affecting Samsung devices in the SMR Sep-2022 Release 1. The issue arises from post-release reuse in the sdpmm driver and could allow malicious actions. Publicly documented impact fo...
CVE-2022-38678
CVE-2022-38678 describes a missing permission check in the contacts service that could lead to a local denial-of-service without requiring additional privileges. The vulnerability affects the contacts service component and is characterized by a local attack vector with low attack complexity and l...
CVE-2022-39125
The CVE-2022-39125 entry concerns a vulnerability in a sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service in the kernel. The data in connected sources consistently describe the issue as a sensor-driver boundary-check failure affecting k...
CVE-2022-42774
CVE-2022-42774 corresponds to a local denial-of-service vulnerability in the wlan driver caused by a missing bounds check in the wlan path. Connected sources confirm the issue affects the wlan driver and can lead to DoS of wlan services via local access. The Red Hat advisory and other feeds reite...
CVE-2022-44446
CVE-2022-44446 affects the WLAN driver, with the root cause described as a missing bounds check in the wlan driver. The practical impact stated across sources is a local denial of service in WLAN services. No exploit details, affected product versions, or remediation steps are provided in the con...
CVE-2022-44447
The CVE-2022-44447 vulnerability affects the wlan driver (reported across multiple feeds) due to a missing bounds check that can cause a NULL pointer dereference, leading to local denial of service in wlan services. The issue is characterized by local attack vector, low complexity, and no user in...
CVE-2022-47475
CVE-2022-47475 : A missing permission check in the telephony service allows local information disclosure with no additional privileges. The issue is described across multiple sources as a lack of privilege verification within the telephony module (confidentiality impact: HIGH). No concrete exploi...
CVE-2022-48244
CVE-2022-48244 affects UNISOC chipsets’ audio service, with a missing permission check as the root cause. This could enable local escalation of privilege with no additional execution privileges, aligning with the CVSS 3.1 base metrics (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8). Exploit...
CVE-2022-48376
CVE-2022-48376 affects UNISOC chipsets’ dialer service module. The root cause is a missing permission check, which could allow a local attacker to trigger a denial of service without gaining additional execution privileges. The CVE is documented with a CVSS v3.1 base score of 5.5 (Local attack, L...
CVE-2023-20650
The CVE-2023-20650 entry describes a vulnerability in MediaTek chips’ apu module: an out-of-bounds write from a missing bounds check, enabling local escalation of privilege to System level. No exploitation details are provided in the documents. CVSSv3.1/3.1 base score 6.7 (MEDIUM); attack vector ...