Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2021/10/06 5:10 p.m.55 views

CVE-2021-25485

CVE-2021-25485 corresponds to a path-traversal vulnerability in FactoryAirCommnadManger, exploitable via a Bluetooth remote socket to write files as the system UID. Affected firmware/product versioning is described as prior to Samsung SMR Oct-2021 Release 1. The connected sources consistently ide...

8CVSS7.8AI score0.00177EPSS
CVE
CVE
added 2021/01/05 5:40 p.m.55 views

CVE-2021-3022

CVE-2021-3022 describes a lack of write protection for the MTK protect2 partition on LG mobile devices running Android 10 (LG ID LVE-SMP-200028). The issue is that protect2 could be written without protection, but exploitation details, affected models/versions beyond Android 10, and concrete reme...

5.5CVSS5.7AI score0.00129EPSS
CVE
CVE
added 2022/01/04 3:56 p.m.55 views

CVE-2022-20016

The CVE-2022-20016 issue affects the vow driver, where improper locking leads to memory corruption. This results in local privilege escalation to System level with no user interaction required. Public details consistently state the impact as local elevation of privilege and (in CVSS terms) high i...

6.7CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2022/08/11 3:11 p.m.55 views

CVE-2022-20257

CVE-2022-20257 affects Android 13 Bluetooth by allowing pairing of a display-only device without PIN confirmation due to a logic error in the Bluetooth code. This enables local privilege escalation with no additional execution privileges required and no user interaction. The issue is documented a...

3.3CVSS5.1AI score0.00092EPSS
CVE
CVE
added 2022/08/11 3:25 p.m.55 views

CVE-2022-20317

CVE-2022-20317 affects Android 13 SystemUI. A logic error in SystemUI could allow local information disclosure by enabling the external speaker; exploitation requires user interaction and no extra privileges. The issue is documented across multiple sources (NVD entry, RH Red Hat CVE page, CNVD/CN...

5.5CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2022/08/11 3:29 p.m.55 views

CVE-2022-20334

CVE-2022-20334 affects Android 13 via a Bluetooth null pointer dereference that can cause remote denial of service without user interaction. Affected product/module: Android Bluetooth stack on Android 13. Root cause: dereferencing a null pointer in Bluetooth processing leading to process crash. I...

6.5CVSS6.8AI score0.00218EPSS
CVE
CVE
added 2022/08/01 1:57 p.m.55 views

CVE-2022-26432

CVE-2022-26432 affects MediaTek-based devices where a mailbox out-of-bounds write due to a missing bounds check can enable local privilege escalation with System privileges. Public details consistently describe the issue without user interaction; no exploit details are provided in the documents. ...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.55 views

CVE-2022-26453

The CVE-2022-26453 issue affects the MediaTek teei module. A memory corruption caused by use-after-free is the root cause. Consequences stated are local escalation of privilege with System execution privileges required, and exploitation does not require user interaction. A patch is referenced: AL...

6.7CVSS6.8AI score0.00101EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.55 views

CVE-2022-26455

The CVE-2022-26455 entry concerns the gz module on MediaTek devices. A memory corruption fault arises from incorrect error handling, enabling local escalation of privilege with SYSTEM privileges required; no user interaction is needed. A patch is referenced (ALPS07177858 / ALPS07177858). Connecte...

6.7CVSS6.8AI score0.00101EPSS
CVE
CVE
added 2022/07/11 1:31 p.m.55 views

CVE-2022-30752

CVE-2022-30752 concerns an improper access control vulnerability in the SemWifiApClient’s sendDHCPACKBroadcast function. Affected software is SemWifiApClient prior to Samsung SMR Jul-2022 Release 1. The root cause is improper access control that could allow an attacker to obtain the MAC address o...

3.3CVSS4AI score0.00094EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.55 views

CVE-2022-32605

CVE-2022-32605 affects MediaTek’s isp (MediaTek ISP) with an out-of-bounds write caused by an incorrect bounds check. This could allow local escalation to System privileges without user interaction. Patch: ALPS07213898 (Issue ALPS07213898) is referenced; exploitation status is not provided in the...

6.7CVSS6.7AI score0.00131EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.55 views

CVE-2022-32609

CVE-2022-32609 affects the vcu component (MediaTek) and is caused by a race condition that enables a use-after-free. The issue can lead to local escalation of privilege with SYSTEM privileges required; exploitation does not require user interaction. Patch ALPS07203410/ALPS07203410 is referenced a...

6.4CVSS6.6AI score0.00123EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.55 views

CVE-2022-32652

CVE-2022-32652 (mtk-aie) : A use-after-free due to a logic error in MediaTek mtk-aie could allow local escalation to SYSTEM privileges with no user interaction required. Affected component: mtk-aie (MediaTek) with a local-exploit path implied by the CVE description. Public details in connected do...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/07/11 1:34 p.m.55 views

CVE-2022-33691

The CVE-2022-33691 entry describes a race-condition vulnerability in Samsung Mobile’s score driver (prior to SMR Jul-2022 Release 1). The issue stems from insufficient synchronization points, enabling local attackers to interleave malicious operations. Impact indicators in the sources point to lo...

6.2CVSS4.6AI score0.00071EPSS
CVE
CVE
added 2022/07/11 1:35 p.m.55 views

CVE-2022-33696

The vulnerability CVE-2022-33696 affects Samsung Telephony service on Samsung mobile devices. It permits a local attacker to access sensitive mobile identifiers (IMSI and ICCID) through logs due to an information-disclosure flaw in the Telephony service, prior to the SMR July 2022 Release 1. Impa...

4CVSS3.9AI score0.00099EPSS
CVE
CVE
added 2022/07/11 1:36 p.m.55 views

CVE-2022-33701

KnoxCustomManagerService on Samsung devices is affected by an improper access control vulnerability prior to SMR Jul-2022 Release 1, allowing an attacker to invoke PowerManaer.goToSleep by sending a broadcast intent despite the method being protected by system permissions. Root cause: lack of pro...

3.3CVSS4AI score0.00088EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.55 views

CVE-2022-36846

CVE-2022-36846 is a heap-based overflow in the ConstructDictionary function of libSDKRecognitionText.spensdk.samsung.so, affecting versions prior to Samsung SMR Sep-2022 Release 1. The overflow can cause memory access faults (memory corruption). The issue is documented across multiple sources (NV...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.55 views

CVE-2022-38679

CVE-2022-38679 affects the music service where a missing permission check could allow a local denial of service without extra privileges. The CVE entries (NVD, PRION, PRiON, CNNVD, CVELIST, VULNRICHMENT) consistently describe a local impact due to insufficient authorization in the music service, ...

5.5CVSS5.4AI score0.00081EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.55 views

CVE-2022-38687

CVE-2022-38687 describes a missing permission check in the messaging service, enabling local denial of service with no additional privileges. The available documents identify the affected component as the messaging service and note that the impact is local DoS; no exploitation details, affected p...

5.5CVSS5.4AI score0.00099EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.55 views

CVE-2022-39095

CVE-2022-39095 corresponds to a vulnerability in the power management service where a missing permission check allows setting up the service with no additional execution privileges. Reported as local access with low privileges required and no user interaction, and with impact on confidentiality, ...

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.55 views

CVE-2022-39118

CVE-2022-39118 affects the sprd_sysdump driver, where a missing bounds check can lead to an out-of-bounds write and potentially local denial of service in the kernel. The primary sources consistently describe this issue as a local vulnerability with a MEDIUM severity (CVSS 3.1: AV:L/AC:L/PR:L/UI:...

5.5CVSS5.4AI score0.00084EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.55 views

CVE-2022-39895

The CVE-2022-39895 entry concerns an improper access control vulnerability in ContactListUtils on Samsung Phone software prior to SMR Dec-2022 Release 1. The issue allows access to contact group information via implicit intents, attributed to the ContactListUtils component. Affected product scope...

4CVSS4AI score0.00082EPSS
CVE
CVE
added 2023/01/04 12:0 a.m.55 views

CVE-2022-44441

CVE-2022-44441 affects the WLAN driver with a missing bounds check in the driver code, causing local denial of service in WLAN services. The base CVSS v3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) yields a MEDIUM base score of 5.5. Multiple sources corroborate the description, including Red H...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/02/06 5:27 a.m.55 views

CVE-2022-47324

The CVE CVE-2022-47324 involves a missing permission check in a WLAN driver that could lead to local information disclosure. The connected documents reiterate this issue across multiple sources but do not provide concrete details on affected products, versions, or a fix. In the absence of explici...

6.4CVSS5.1AI score0.00085EPSS
CVE
CVE
added 2023/04/11 11:9 a.m.55 views

CVE-2022-47466

CVE-2022-47466 is described across connected sources as a missing permission check in the telecom service that could cause local denial of service. Documents cite the root cause and impact (local DoS) but do not provide concrete vendor/product versions or a remediation. Exploitation details are n...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/03/07 1:31 a.m.55 views

CVE-2022-47483

The CVE-2022-47483 entry describes a missing permission check in the telephony service, enabling local denial of service with no additional privileges. Connected documents reaffirm this issue across multiple sources (e.g., Red Hat, NVD, PRION, CNNVD) but do not provide product/vendor/version or a...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/05/09 1:20 a.m.55 views

CVE-2022-48233

CVE-2022-48233 involves the FM service (notably in UNISOC Chipsets’ FM service module) with a missing parameters check that can lead to local denial of service. The linked sources consistently describe the issue as a local DoS due to insufficient input validation, with no public details on affect...

5.5CVSS5.3AI score0.00088EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.55 views

CVE-2022-48246

The CVE-2022-48246 entry concerns UNISOC/UNISOC-labeled audio service with a missing permission check in its local component. The underlying issue is a privilege check omission that could allow local escalation of privilege without requiring additional execution privileges. Publicly documented im...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.55 views

CVE-2022-48371

CVE-2022-48371 concerns UNISOC dialer service vulnerability due to a missing privilege check. The linked documents confirm the issue affects UNISOC chipsets’ dialer service module and enables local information disclosure without additional execution privileges. The CVSS 3.1 vector (AV:L/AC:L/PR:L...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.55 views

CVE-2022-48379

CVE-2022-48379 concerns UNISOC chipsets where the dialer service lacks a permission check, enabling local denial of service without elevated execution privileges. The common details across sources indicate the root cause is insufficient permission validation in the dialer component, with an impac...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/02/06 12:0 a.m.55 views

CVE-2023-20615

CVE-2023-20615 affects MediaTek ril with an out-of-bounds write caused by a missing bounds check, enabling local escalation of privilege with SYSTEM-level execution rights. Exploitation reportedly does not require user interaction. Public references consistently indicate the issue resides in ril ...

6.7CVSS6.7AI score0.001EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.55 views

CVE-2023-20646

Summary: CVE-2023-20646 affects the MediaTek ril module, with a vulnerability in a missing bounds check that enables an out-of-bounds read. This can lead to local information disclosure and, under the conditions stated, system-level execution privileges are implied. No user interaction is require...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/05/15 12:0 a.m.55 views

CVE-2023-20673

The CVE-2023-20673 entry describes a memory corruption via type confusion in the vcu module of MediaTek chips, enabling local escalation of privileges with System execution privileges required. Impact is high for confidentiality, integrity, and availability per CVSS, with local access and no user...

6.7CVSS6.8AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.55 views

CVE-2023-20676

CVE-2023-20676 is an out-of-bounds read vulnerability in the WLAN component of MediaTek devices (notably affecting Mediatek WLAN stacks such as MT5221 and similar chips). The underlying issue is a missing bounds check, enabling local information disclosure and, per the description, potentially al...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/06/06 8:2 a.m.55 views

CVE-2023-20727

CVE-2023-20727 affects the wlan component in MediaTek chips, with an out-of-bounds read caused by a missing bounds check. According to the records, this may lead to local information disclosure and potentially system-level execution privileges, with no user interaction required. Exploitation deta...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.55 views

CVE-2023-20789

CVE-2023-20789 is linked to a missing bounds check in the jpeg component, causing local information disclosure with the ability to execute with system privileges. Exploitation details are not provided in the documents. The patch referenced is ALPS07693193 (Issue ALPS07693193). The vulnerability a...

4.4CVSS4.3AI score0.00085EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.55 views

CVE-2023-20816

CVE-2023-20816 concerns MediaTek WLAN software, where an out-of-bounds write caused by improper input validation can enable local escalation of privilege with SYSTEM privileges required. The issue affects the WLAN service and does not require user interaction to exploit. Documentation notes a pat...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.55 views

CVE-2023-20833

The CVE-2023-20833 issue concerns MediaTek devices featuring the keyinstall component. A missing bounds check in keyinstall is reported to cause local information disclosure, with the prerequisite that system execution privileges are required and no user interaction is needed for exploitation. Th...

4.4CVSS4.3AI score0.00084EPSS
CVE
CVE
added 2023/08/14 9:11 p.m.55 views

CVE-2023-21229

CVE-2023-21229 concerns Google Wear OS (Framework/ManagedServices.java: registerServiceLocked) where an unsafe PendingIntent can bypass background activity launch restrictions. This vulnerability enables local escalation of privilege with no additional privileges and no user interaction required,...

7.8CVSS7.8AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.55 views

CVE-2023-21293

CVE-2023-21293 affects Android’s PackageManagerNative, enabling a side‑channel check to determine if an app is installed without query permissions. Impact: potential information disclosure leading to local elevation of privilege, with no extra execution privileges and no user interaction required...

5.5CVSS6.2AI score0.00103EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.55 views

CVE-2023-21310

CVE-2023-21310 affects Android Bluetooth, described as an out-of-bounds write caused by a heap buffer overflow in the Bluetooth component. The vulnerability allows local elevation of privilege with System execution privileges and does not require user interaction. The provided documents confirm t...

6.7CVSS7AI score0.00096EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.55 views

CVE-2023-21328

Technical details about CVE-2023-21328 (affected product/version, root cause, or fixes) are not publicly provided in the connected documents. Monitor for updates and future disclosures.

7.8CVSS7.8AI score0.0009EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.55 views

CVE-2023-21348

The CVE-2023-21348 entry concerns Android Window Manager side-channel leakage that allows an app to be detected as installed without query permissions, causing local information disclosure. Connected sources corroborate the issue as an information-disclosure vulnerability (Framework category) wit...

3.3CVSS4.4AI score0.00082EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.55 views

CVE-2023-21361

CVE-2023-21361 affects the Android Bluetooth stack, where a use-after-free in the Bluetooth component can allow code execution in the privileged Bluetooth process. The vulnerability enables an attacker with adjacent access to trigger execution with no additional privileges or user interaction, le...

8.8CVSS8.8AI score0.00147EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.55 views

CVE-2023-32826

CVE-2023-32826 concerns a vulnerability in camera middleware where missing input validation can cause an out-of-bounds write, enabling local escalation of privilege with System execution privileges required. The issue is described consistently across sources (NVD/Red Hat PRION/CNNVD, etc.). No us...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.55 views

CVE-2023-40645

CVE-2023-40645 concerns a missing permission check in the Messaging component of UNISOC chipsets. The root cause described across sources is an insufficient permission validation that can enable local information disclosure without requiring additional execution privileges. Affected environment i...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.55 views

CVE-2023-40648

The CVE-2023-40648 entry concerns the Messaging component where a missing permission check could allow local information disclosure without requiring additional execution privileges. Reported across multiple sources, the issue affects Information Confidentiality (per CVSS) with local attack vecto...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.55 views

CVE-2023-40654

CVE-2023-40654 affects FW-PackageManager due to a missing permission check, enabling local privilege escalation with System execution privileges. Public references describe the issue across multiple feeds (NVD, Red Hat, PRION, CVE list, CNNVD, PT-Security) but do not provide a product version or ...

6.7CVSS6.7AI score0.00083EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.55 views

CVE-2023-42641

CVE-2023-42641 affects the component validationtools . The root cause, as described in the connected records, is a missing permission check that could lead to local information disclosure without any additional execution privileges. The issue is consistently reported across multiple sources (NVD,...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.55 views

CVE-2023-42642

CVE-2023-42642 affects the validationtools component, where a missing permission check could allow local information disclosure without extra privileges. The vulnerability is documented across multiple feeds (NVD/RH/CVE lists) with a MEDIUM base score (AV:L, AC:L, PR:L, UI:N, C:H/I:N/A:N) and loc...

5.5CVSS5.2AI score0.0008EPSS
Total number of security vulnerabilities8153