Lucene search

K

647 matches found

cve
cve
added 2021/03/10 5:15 p.m.36 views

CVE-2021-0381

In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS5.1AI score0.00014EPSS
cve
cve
added 2021/03/10 5:15 p.m.36 views

CVE-2021-0388

In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attributing video call data to the wrong app, with no additional execution privileges needed. User interact...

7.8CVSS7.7AI score0.00014EPSS
cve
cve
added 2021/02/26 9:15 p.m.36 views

CVE-2021-0406

In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05471418.

7.2CVSS6.7AI score0.00045EPSS
cve
cve
added 2021/10/25 2:15 p.m.36 views

CVE-2021-0413

In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379; Issue ID: ALPS05561379.

5.5CVSS5AI score0.00015EPSS
cve
cve
added 2021/10/25 2:15 p.m.36 views

CVE-2021-0414

In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.

5.5CVSS5.2AI score0.00012EPSS
cve
cve
added 2021/06/21 5:15 p.m.36 views

CVE-2021-0525

In memory management driver, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193929

7.8CVSS7.7AI score0.00019EPSS
cve
cve
added 2021/06/22 12:15 p.m.36 views

CVE-2021-0552

In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

5.5CVSS5.1AI score0.00015EPSS
cve
cve
added 2021/06/22 11:15 a.m.36 views

CVE-2021-0558

In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Androi...

6.5CVSS6.3AI score0.0041EPSS
cve
cve
added 2021/06/22 11:15 a.m.36 views

CVE-2021-0559

In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172312730

6.5CVSS6.1AI score0.00215EPSS
cve
cve
added 2021/06/22 11:15 a.m.36 views

CVE-2021-0562

In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Androi...

5.5CVSS5AI score0.00017EPSS
cve
cve
added 2021/06/22 11:15 a.m.36 views

CVE-2021-0569

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1740...

5CVSS4.7AI score0.00015EPSS
cve
cve
added 2021/10/25 2:15 p.m.36 views

CVE-2021-0631

In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551435; Issue ID: ALPS05551435.

7.5CVSS7.3AI score0.00663EPSS
cve
cve
added 2021/10/25 2:15 p.m.36 views

CVE-2021-0632

In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP...

6.5CVSS6.1AI score0.00095EPSS
cve
cve
added 2021/11/18 3:15 p.m.36 views

CVE-2021-0657

In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672103; Issue ID: ALPS05672103.

6.7CVSS6.8AI score0.00011EPSS
cve
cve
added 2021/10/25 2:15 p.m.36 views

CVE-2021-0663

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844458; Issue ID: ALPS05844458.

7.2CVSS6.9AI score0.00021EPSS
cve
cve
added 2021/12/17 5:15 p.m.36 views

CVE-2021-0893

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.

6.7CVSS6.8AI score0.00018EPSS
cve
cve
added 2021/12/17 5:15 p.m.36 views

CVE-2021-0900

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.

4.4CVSS4.2AI score0.00016EPSS
cve
cve
added 2021/12/15 7:15 p.m.36 views

CVE-2021-0979

In isRequestPinItemSupported of ShortcutService.java, there is a possible cross-user leak of packages in which the default launcher supports requests to create pinned shortcuts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges neede...

5.5CVSS5AI score0.00013EPSS
cve
cve
added 2021/12/15 7:15 p.m.36 views

CVE-2021-0990

In getDeviceId of PhoneSubInfoController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is...

3.3CVSS3.5AI score0.00013EPSS
cve
cve
added 2021/12/15 7:15 p.m.36 views

CVE-2021-1042

In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: And...

4.4CVSS4.2AI score0.00019EPSS
cve
cve
added 2021/01/05 6:15 p.m.36 views

CVE-2021-22494

An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can oc...

5.5CVSS5.5AI score0.0005EPSS
cve
cve
added 2021/06/11 3:15 p.m.36 views

CVE-2021-25414

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.

7.8CVSS7.4AI score0.00015EPSS
cve
cve
added 2021/09/09 7:15 p.m.36 views

CVE-2021-25457

An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.

5.9CVSS3.9AI score0.00038EPSS
cve
cve
added 2021/10/06 6:15 p.m.36 views

CVE-2021-25488

Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.

5.5CVSS5.6AI score0.00019EPSS
cve
cve
added 2021/12/08 3:15 p.m.36 views

CVE-2021-25511

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.

7.8CVSS7.5AI score0.00015EPSS
cve
cve
added 2021/12/15 7:15 p.m.36 views

CVE-2021-39649

In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-17404...

6.7CVSS6.5AI score0.00013EPSS
cve
cve
added 2021/06/11 5:15 p.m.35 views

CVE-2019-9475

In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-...

5.5CVSS5.6AI score0.00013EPSS
cve
cve
added 2021/02/04 7:15 p.m.35 views

CVE-2021-0343

In kisd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449962.

7.2CVSS6.7AI score0.00012EPSS
cve
cve
added 2021/02/04 7:15 p.m.35 views

CVE-2021-0349

In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS0...

7.2CVSS6.8AI score0.00019EPSS
cve
cve
added 2021/02/03 12:15 a.m.35 views

CVE-2021-0353

In kisd, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425247.

6.7CVSS6.9AI score0.0001EPSS
cve
cve
added 2021/02/03 12:15 a.m.35 views

CVE-2021-0355

In kisd, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05425581.

6.7CVSS6.7AI score0.0002EPSS
cve
cve
added 2021/02/03 12:15 a.m.35 views

CVE-2021-0358

In netdiag, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442022.

6.7CVSS6.9AI score0.00117EPSS
cve
cve
added 2021/03/10 4:15 p.m.35 views

CVE-2021-0368

In oggpack_look of bitwise.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-16982977...

6.5CVSS6.1AI score0.00215EPSS
cve
cve
added 2021/03/10 4:15 p.m.35 views

CVE-2021-0377

In DeltaPerformer::Write of delta_performer.cc, there is a possible use of untrusted input due to improper input validation. This could lead to a local bypass of defense in depth protections with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

5.5CVSS5.4AI score0.00015EPSS
cve
cve
added 2021/03/10 5:15 p.m.35 views

CVE-2021-0379

In getUpTo17bits of pvmp3_getbits.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A...

6.5CVSS6.3AI score0.00362EPSS
cve
cve
added 2021/03/10 5:15 p.m.35 views

CVE-2021-0460

In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-15...

4.4CVSS4.2AI score0.00016EPSS
cve
cve
added 2021/06/11 5:15 p.m.35 views

CVE-2021-0494

In memory management driver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461...

7.8CVSS7.7AI score0.00016EPSS
cve
cve
added 2021/06/22 12:15 p.m.35 views

CVE-2021-0538

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: ...

7.3CVSS7.2AI score0.00014EPSS
cve
cve
added 2021/06/22 12:15 p.m.35 views

CVE-2021-0549

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

4.4CVSS4.1AI score0.00016EPSS
cve
cve
added 2021/10/25 2:15 p.m.35 views

CVE-2021-0614

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05495528; Issue ID: ALPS05495528.

5.5CVSS5AI score0.00015EPSS
cve
cve
added 2021/10/25 2:15 p.m.35 views

CVE-2021-0630

In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05551397; Issue ID: ALPS05551397.

7.5CVSS7.3AI score0.00771EPSS
cve
cve
added 2021/10/25 2:15 p.m.35 views

CVE-2021-0633

In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05585423; Issue ID: ALPS05585423.

7.2CVSS6.7AI score0.00014EPSS
cve
cve
added 2021/10/25 2:15 p.m.35 views

CVE-2021-0662

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844434; Issue ID: ALPS05844434.

7.2CVSS6.9AI score0.00021EPSS
cve
cve
added 2021/11/18 3:15 p.m.35 views

CVE-2021-0671

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05664273; Issue ID: ALPS05664273.

7.2CVSS6.8AI score0.00013EPSS
cve
cve
added 2021/09/21 1:15 p.m.35 views

CVE-2021-0869

In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel...

9.8CVSS9.1AI score0.0137EPSS
cve
cve
added 2021/12/17 5:15 p.m.35 views

CVE-2021-0898

In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.

6.7CVSS6.8AI score0.00018EPSS
cve
cve
added 2021/12/17 5:15 p.m.35 views

CVE-2021-0903

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.

6.7CVSS6.7AI score0.00015EPSS
cve
cve
added 2021/12/15 7:15 p.m.35 views

CVE-2021-0986

In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interactio...

5.5CVSS5.1AI score0.00041EPSS
cve
cve
added 2021/12/15 7:15 p.m.35 views

CVE-2021-1002

In WT_Interpolate of eas_wtengine.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID:...

7.5CVSS7AI score0.00289EPSS
cve
cve
added 2021/06/11 3:15 p.m.35 views

CVE-2021-25385

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

9.8CVSS9.6AI score0.00187EPSS
Total number of security vulnerabilities647