Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2020/04/08 5:50 p.m.56 views

CVE-2018-21054

CVE-2018-21054 describes an integer underflow causing a buffer overflow in eCryptFS on Samsung mobile devices running M(6.0), N(7.x), and O(8.x) (with some model/version exclusions). Affected component is eCryptFS; root cause is underflow leading to overflow, with potential impact across confiden...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2024/11/19 7:1 p.m.56 views

CVE-2018-9345

CVE-2018-9345 affects Android’s BnAudioPolicyService (AudioPolicyService.cpp). The issue is information disclosure due to uninitialized data, enabling local information disclosure with no extra privileges and no user interaction required. Multiple connected sources confirm the same description. P...

5.5CVSS5.9AI score0.00084EPSS
CVE
CVE
added 2020/03/24 5:39 p.m.56 views

CVE-2019-20530

CVE-2019-20530 affects Samsung mobile devices running N(7.1), O(8.x), P(9.0) and Q(10.0). The vulnerability enables arbitrary code execution on the lock screen, linked to Samsung identifier SVE-2019-15266. Public sources in the provided set reiterate the description but do not disclose root cause...

9.8CVSS9.6AI score0.00418EPSS
CVE
CVE
added 2020/04/17 1:39 p.m.56 views

CVE-2019-20776

Technical details (affected products, components, root cause, versions, or fixes) are not publicly available in the provided connected documents. Monitor for updates; current sources only reiterate a crash in TZ trusted apps on LG Android 7.x–8.1 with crafted input.

5.5CVSS5.5AI score0.00126EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.56 views

CVE-2019-2079

CVE-2019-2079 affects Android 10 via the libxaac library, where an out-of-bounds read due to a missing bounds check could lead to information disclosure. The vulnerability targets a library/file within the Android stack and is exploitable with user interaction; no explicit remote code execution i...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2020/02/13 2:20 p.m.56 views

CVE-2019-2200

CVE-2019-2200 affects Android 10 where updatePermissions in PermissionManagerService.java could allow a malicious app to bypass a custom-permission check, enabling local privilege escalation with full confidentiality/ integrity/ availability impact as described. Root cause: permission bypass with...

7.3CVSS7.2AI score0.00188EPSS
CVE
CVE
added 2019/11/13 5:42 p.m.56 views

CVE-2019-2212

CVE-2019-2212 concerns an out-of-bounds read in the Poisson_distribution of random, enabling local information disclosure without extra privileges or user interaction. Affected products/versions (from provided docs): Android 8.0–10. The root cause is a read that can leak information from memory i...

5.5CVSS5.1AI score0.00169EPSS
CVE
CVE
added 2020/01/06 5:26 p.m.56 views

CVE-2019-9468

The CVE-2019-9468 issue affects Android 10 and is caused by a double free in export_key_der inside export_key.cpp, leading to memory corruption and local privilege escalation without user interaction. The vulnerability is categorized as EoP with high impact, as reflected in the Pixel Update Bulle...

7.8CVSS8.3AI score0.00164EPSS
CVE
CVE
added 2020/05/14 8:12 p.m.56 views

CVE-2020-0064

CVE-2020-0064 is a MediaTek-specific issue (component: Omacp) documented in the Android May 2020 bulletin. It is classified as Information Disclosure (ID) with High severity and is linked to Android patch levels 2020-05-01 and later. The vulnerability arises from improper authorization when proce...

5.5CVSS5.5AI score0.00134EPSS
CVE
CVE
added 2020/03/15 9:16 p.m.56 views

CVE-2020-0088

CVE-2020-0088 affects Android 10 and is caused by an issue in parseTrackFragmentRun within MPEG4Extractor.cpp that can lead to resource exhaustion and a remote Denial of Service. Exploitation requires user interaction. The description does not specify the exact vulnerable versions beyond Android-...

6.5CVSS6.9AI score0.00658EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.56 views

CVE-2020-0201

CVE-2020-0201 affects Android 10 with a vulnerability in WifiConfigController.java (showSecurityFields) that can leak credentials due to a confused deputy, enabling remote elevation of privilege without additional privileges or user interaction. The issue is documented in multiple sources; applic...

9.8CVSS9AI score0.01759EPSS
CVE
CVE
added 2020/09/17 8:48 p.m.56 views

CVE-2020-0293

CVE-2020-0293 affects Android 11 via the Java network APIs where a missing permission check can allow access to sensitive network state, leading to local information disclosure without extra execution privileges. The vulnerability is described as requiring no user interaction for exploitation and...

5.5CVSS5.7AI score0.00219EPSS
CVE
CVE
added 2020/12/15 3:54 p.m.56 views

CVE-2020-0477

CVE-2020-0477 affects Android 11, describing an information disclosure in the Android framework. In ClientModeImpl.java, there is a missing permission check in sendLinkConfigurationChangedBroadcast that can allow local disclosure of the current network configuration without extra privileges or us...

5.5CVSS5.7AI score0.00126EPSS
CVE
CVE
added 2020/05/11 3:5 p.m.56 views

CVE-2020-12745

CVE-2020-12745 affects Samsung mobile devices running Q(10.0). The issue enables bypass of the locked-state protection to read clipboard content via USSD. The root cause is described as a protection bypass, but no further technical details or affected versions are provided in the connected docume...

7.5CVSS7.6AI score0.00428EPSS
CVE
CVE
added 2020/10/06 6:32 p.m.56 views

CVE-2020-26607

Summary: CVE-2020-26607 describes a privilege-escalation issue in Samsung’s TimaService where a PendingIntent with an empty intent can be exploited by modifying the intent to perform a privileged action on affected devices (Samsung Android O(8.x), P(9.0), Q(10.0)). The Samsung vulnerability ID is...

9.8CVSS9.1AI score0.00468EPSS
CVE
CVE
added 2021/02/04 5:10 p.m.56 views

CVE-2021-0351

In the Android WLAN driver, CVE-2021-0351 is an out-of-bounds write vulnerability due to a missing bounds check, leading to remote denial of service without user interaction or privileges. Affected products/versions include Android 8.1–11; patch ALPS05412917 is available. Monitor for updates and ...

7.8CVSS7.4AI score0.01059EPSS
CVE
CVE
added 2021/02/02 11:1 p.m.56 views

CVE-2021-0360

CVE-2021-0360 concerns an out-of-bounds write in the netdiag component caused by an incorrect bounds check. According to the provided documents, this could allow local escalation of privilege with System execution privileges, and does not require user interaction. Affected products listed are And...

6.7CVSS6.7AI score0.00155EPSS
CVE
CVE
added 2021/03/10 3:56 p.m.56 views

CVE-2021-0374

CVE-2021-0374 affects Android 11 with a vulnerability in BnAudioPolicyService::onTransact (IAudioPolicyService.cpp) where a missing bounds check allows an out-of-bounds read, enabling local information disclosure with System privileges and no user interaction. Documented impact: confidentiality i...

4.4CVSS4.2AI score0.00124EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.56 views

CVE-2021-0404

CVE-2021-0404 concerns MediaTek’s mobile_log_d on Android 11, where an input validation error can enable local information disclosure. The Red Hat entry and multiple aggregated sources confirm that exploitation does not require user interaction, but the impact involves potential disclosure of sen...

4.4CVSS4.3AI score0.0013EPSS
CVE
CVE
added 2021/02/26 8:19 p.m.56 views

CVE-2021-0405

CVE-2021-0405 affects Android 10 and Android 11, where the MediaTek performance driver’s out-of-bounds write stems from a missing bounds check in the driver code. This can permit local escalation of privilege to System execution level without user interaction, as described in multiple sources (in...

7.2CVSS6.7AI score0.00134EPSS
CVE
CVE
added 2021/11/05 2:3 a.m.56 views

CVE-2021-25500

CVE-2021-25500 describes a missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 that allows attackers to overwrite TZASC , potentially causing a TEE compromise on Samsung mobile devices. The vulnerability affects versions prior to that release. The underlying issue is a lack of i...

7.2CVSS4.7AI score0.001EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.56 views

CVE-2022-20012

CVE-2022-20012 affects the mdp driver and describes memory corruption caused by an integer overflow, enabling local privilege escalation without requiring user interaction. Multiple sources (NVD, Red Hat, CVE records) consistently cite the issue and a patch identified as ALPS05836478. The exploit...

7.8CVSS7.8AI score0.00112EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.56 views

CVE-2022-20015

CVE-2022-20015 affects the kd_camera_hw driver. The issue is information disclosure caused by uninitialized data, enabling local information disclosure with system privileges; exploitation does not require user interaction. A patch/workaround is identified as Patch ID: ALPS05862966 (Issue ID: ALP...

4.4CVSS4.3AI score0.00116EPSS
CVE
CVE
added 2022/08/11 3:8 p.m.56 views

CVE-2022-20247

CVE-2022-20247 is reported as a media processing issue in Android 13 where an out-of-bounds read due to a heap buffer overflow could allow remote information disclosure without user interaction. Documents consistently tie the vulnerability to Android 13 and the Media component, with CVSSv3.1 base...

7.5CVSS7.3AI score0.00464EPSS
CVE
CVE
added 2022/08/11 3:12 p.m.56 views

CVE-2022-20265

CVE-2022-20265 concerns Android 13 where the Settings component allows a permissions bypass that can lead to local elevation of privilege with physical access and no user interaction. Affected product: Android 13 (Settings). Root cause: a permissions bypass in the Settings flow that bypasses fact...

4.6CVSS5.7AI score0.0013EPSS
CVE
CVE
added 2022/08/11 3:22 p.m.56 views

CVE-2022-20303

CVE-2022-20303 (Android 13) in ContentService: a missing permission check allows an account-detection information disclosure without GET_ACCOUNTS permission. Local attacker with low privileges and no user interaction can reveal whether an account exists on the device. Mitigation is included in An...

5.5CVSS5.5AI score0.00089EPSS
CVE
CVE
added 2022/08/11 3:29 p.m.56 views

CVE-2022-20332

CVE-2022-20332 affects Android 13 and involves the PackageManager. The issue allows an app to infer whether another app is installed via a side-channel information disclosure, resulting in local information disclosure without extra execution privileges. Exploitation is described as local with no ...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:30 p.m.56 views

CVE-2022-20340

CVE-2022-20340 affects Android 13 with a missing permission check in SELinux policy that can let a local attacker infer which websites are opened in the browser, causing a local information disclosure without additional privileges or user interaction. Root cause: improper SELinux policy allows in...

3.3CVSS4.4AI score0.00094EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.56 views

CVE-2022-26449

Summary: CVE-2022-26449 concerns the MediaTek Apusys component, with an out-of-bounds write caused by a missing bounds check that can enable local privilege escalation without user interaction. Affected component: apusys (MediaTek Apusys chipset). Root cause and impact (as stated): out-of-bounds ...

6.7CVSS6.7AI score0.00101EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.56 views

CVE-2022-26473

CVE-2022-26473 concerns a use-after-free in the vdec fmt component caused by improper locking, enabling local privilege escalation with System privileges required. Exploitation status is not detailed in the provided documents. Multiple sources (NVD, Red Hat, CVE lists, CNVD, PRION, CNNVD, PRON, P...

6.7CVSS6.7AI score0.00104EPSS
CVE
CVE
added 2022/06/07 5:58 p.m.56 views

CVE-2022-30720

CVE-2022-30720 concerns an improper input validation logic in libsmkvextractor used by Samsung Mobile. The issue, tracked across multiple feeds, states that prior to SMR Jun-2022 Release 1 an attacker could trigger a crash, indicating a stability/availability impact. Concrete details confirm the ...

5.3CVSS5.2AI score0.00201EPSS
CVE
CVE
added 2022/06/07 6:2 p.m.56 views

CVE-2022-30724

CVE-2022-30724 (Samsung Mobile Bluetooth Information Disclosure) : The vulnerability arises from broadcasting the BluetoothDevice object in the sendIntentSessionCompleted function without properly restricting receivers, which leaks the MAC address of the connected Bluetooth device. This affects S...

4.3CVSS4.6AI score0.00109EPSS
CVE
CVE
added 2022/06/07 6:2 p.m.56 views

CVE-2022-30725

CVE-2022-30725 refers to a Bluetooth issue in Samsung devices where a broadcast Intent that includes a BluetoothDevice object is not properly restricted to recipients in the sendIntentSessionError function, prior to the SMR Jun-2022 Release 1. This leads to leakage of the connected device’s MAC a...

4.3CVSS4.6AI score0.00109EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.56 views

CVE-2022-32624

CVE-2022-32624 describes an out-of-bounds write caused by an incorrect buffer-size calculation in the throttling mechanism. This can lead to local escalation of privileges with SYSTEM-level execution privileges. Exploitation is described as local and does not require user interaction. The issue i...

6.7CVSS6.8AI score0.00093EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.56 views

CVE-2022-32625

CVE-2022-32625 describes an out-of-bounds write caused by an incorrect bounds check in the display path, with potential local escalation to SYSTEM privileges and no user interaction required. Multiple connected sources reference MediaTek chips as affected and note the vulnerability’s impact on co...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.56 views

CVE-2022-36868

The issue in CVE-2022-36868 affects Samsung Mobile devices with the MouseNKeyHidDevice before SMR Oct-2022 Release 1. The root cause is an improper restriction of broadcasting an Intent, which leaks the MAC address of the connected Bluetooth device. Impact is limited to exposure of MAC address; n...

5.9CVSS4.1AI score0.00116EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.56 views

CVE-2022-38677

Summary (CVE-2022-38677) : Multiple sources describe a vulnerability in the cell service caused by a missing permission check, enabling local denial of service without requiring additional privileges. Reported impact is availability degradation; CVSSv3.1 base score ~5.5 (Medium) with local attack...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.56 views

CVE-2022-39088

CVE-2022-39088 : A missing permission check in a network service affecting UNISOC chipsets can lead to local privilege escalation to SYSTEM execution privileges. The entry lacks explicit affected product versions or a published fix in the provided documents. Exploitation status is not disclosed. ...

6.7CVSS6.7AI score0.00147EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.56 views

CVE-2022-39096

CVE-2022-39096: A missing permission check in the power management service is documented, potentially allowing setup of the service with no additional execution privileges. Affected context across multiple sources centers on a local-privilege scenario with high impact (confidentiality, integrity,...

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.56 views

CVE-2022-39112

CVE-2022-39112 describes a vulnerability in the Music service where a missing permission check can lead to local denial of service with no additional execution privileges required. The issue is consistently described across multiple sources (NVD/Red Hat/PRION/CNVD/etc.) as a lack of access contro...

5.5CVSS5.4AI score0.00097EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.56 views

CVE-2022-39123

CVE-2022-39123 describes a potential out-of-bounds write in the sensor driver due to a missing bounds check, which could lead to local denial of service in the kernel. The public documents consistently state this issue but do not provide concrete exploitation details, affected product versions, o...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.56 views

CVE-2022-39127

The CVE-2022-39127 entry concerns a vulnerability in a sensor driver where a missing bounds check can cause an out-of-bounds write, leading to local denial of service in the kernel. The issue is described across multiple sources (NVD/Red Hat/CNNVD) as affecting the sensor driver (kernel level); C...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/10/07 12:0 a.m.56 views

CVE-2022-39851

CVE-2022-39851 affects CocktailBarService on Samsung Mobile devices prior to SMR Oct-2022 Release 1. The issue is due to improper access control, enabling a local attacker to bind a service that requires the BIND_REMOTEVIEWS permission. The vulnerability is mitigated by updating to SMR Oct-2022 R...

4CVSS4AI score0.00075EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.56 views

CVE-2022-39905

CVE-2022-39905 is an implicit intent hijacking vulnerability in the Samsung Telecom application prior to the SMR-DEC-2022 Release 1. The fault is a misused implicit intent that allows an attacker to access sensitive information via intents, with impact described as confidential data exposure and ...

5.5CVSS5.2AI score0.00083EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.56 views

CVE-2022-42760

The records collectively describe CVE-2022-42760 as a vulnerability in the WLAN driver (notably for UNISOC chipset implementations) where a missing bounds check could allow local denial of service in WLAN services. Affected component: WLAN driver; root cause: out-of-bounds-like condition due to i...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.56 views

CVE-2022-42776

CVE-2022-42776 affects the UscAIEngine service, with a missing permission check that could allow setting up the service without requiring additional execution privileges. The issue is described consistently across NVD/Red Hat records and related feeds as a privilege-check bypass within the UscAIE...

7.8CVSS7.5AI score0.00091EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.56 views

CVE-2022-44423

CVE-2022-44423 involves a missing permission check in the music service that could trigger a local denial-of-service in the contacts service without requiring additional privileges. Connected sources reference UNISOC chipsets and reiterate the issue as a local DoS vector, but do not provide concr...

5.5CVSS5.4AI score0.00083EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.56 views

CVE-2022-44433

The connected sources describe CVE-2022-44433 as a vulnerability in UNISOC Chipsets’ phoneEx service module where a missing permission check allows local escalation of privilege with no additional execution privileges. The issue is tied to the phoneEx service component and is characterized by a l...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.56 views

CVE-2022-44442

The CVE-2022-44442 entry concerns the WLAN driver, where a missing bounds check in the WLAN driver could allow local denial of service in WLAN services. This risk is supported by multiple sources (NVD text reiterates the local DoS outcome; Red Hat and others describe the same bound-check issue in...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/02/06 5:26 a.m.56 views

CVE-2022-47342

CVE-2022-47342: Affected via engineermode services on Unisoc chipsets; root cause is a missing permission check that allows local access to sensitive engineermode functionality, causing local denial of service. Impact is indicated as High for availability with local attack vector and low privileg...

5.5CVSS5.3AI score0.00092EPSS
Total number of security vulnerabilities8153