8153 matches found
CVE-2022-36853
The CVE-2022-36853 issue affects Samsung Photo Editor (on Samsung mobile devices) prior to the SMR Sep-2022 Release 1. Root cause: intent redirection in Photo Editor that may disclose sensitive information. Impact: enables information disclosure to an attacker without user interaction (per NVD me...
CVE-2022-36861
CVE-2022-36861 affects Samsung SystemUI prior to SMR Sep-2022 Release 1. It is described as a custom permission misuse that lets an attacker use some protected functions with SystemUI privilege. Root cause: misuse of a custom permission in SystemUI. Impact: potential elevation of privileges withi...
CVE-2022-38674
The CVE-2022-38674 entry concerns a vulnerability in the wlan driver where a missing parameters check can allow a local denial of service against wlan services. Affected component: wlan driver (and associated Qualcomm wlan context in several records). Root cause: insufficient input/parameter vali...
CVE-2022-39097
CVE-2022-39097 concerns a missing permission check in the power management service. Root cause described as allowing setup with no additional execution privileges. CVSS v3.1 score 7.8 (HIGH) with LOCAL, LOW complexity, LOW privileges required; impacts on confidentiality, integrity, and availabili...
CVE-2022-42757
CVE-2022-42757 affects the wlan driver (notably in UNISOC chipsets). The root cause is a missing bounds check in the wlan driver, which could lead to local denial of service in wlan services. Documented impacts across multiple sources indicate a local attack vector with low overall risk (CVSS 3.1...
CVE-2022-42758
In CVE-2022-42758, multiple sources confirm a vulnerability in the WLAN driver (specifically a missing bounds check in the WLAN driver) that can cause local denial of service in WLAN services. Affected component is the WLAN driver (Unisoc chipset context appears in related tooling); root cause is...
CVE-2022-42761
CVE-2022-42761 concerns the WLAN driver in UNISOC chipsets, where a missing bounds check can enable local denial of service in WLAN services. The NVD/Red Hat/UNISOC‑linked entries describe the issue and assign CVSS v3.1 base score 5.5 (Medium) with LOCAL attack vector, LOW complexity and privileg...
CVE-2022-42777
CVE-2022-42777 concerns a missing permission check in the power management service, enabling setup of the service with no additional execution privileges. The issue is described as local attack vector with low attack complexity, requiring low privileges and no user interaction, and it is assessed...
CVE-2022-47325
The CVE-2022-47325 entry concerns the WLAN driver where a missing permission check could allow local information disclosure. Several connected sources (NVD, Red Hat, CVE listing, PRION, CNNVD) consistently describe this issue as a local-information-disclosure vulnerability in the WLAN driver, cau...
CVE-2022-47346
In CVE-2022-47346, the issue affects engineermode services where a missing permission check enables local denial of service. The CVE is described as a local vulnerability with a DoS impact, relying on local access to trigger the flaw. The provided metrics indicate a local attack vector with low c...
CVE-2022-47481
CVE-2022-47481 affects the telephony service where a missing permission check can allow a local denial-of-service without requiring extra privileges. The available documents consistently describe this as a local impact (AV:L/PR:L/UI:N) with a high availability impact and no confidentiality/integr...
CVE-2022-48235
The CVE-2022-48235 issue concerns the UNISOC MP3 encoder in chipsets, where a missing bounds check can cause an out-of-bounds write. This leads to a local denial of service with System execution privileges required. Affected component: MP3 encoder; root cause: missing bounds check leading to out-...
CVE-2022-48370
CVE-2022-48370 describes a local information disclosure in the Unisoc dialer service due to a missing permission check. The vulnerability affects Unisoc chipsets’ dialer component and could allow access to sensitive data without extra execution privileges. No explicit affected version ranges or p...
CVE-2023-20674
The CVE-2023-20674 issue affects the WLAN component in MediaTek devices, caused by an out-of-bounds read due to a missing bounds check. This vulnerability could allow local information disclosure and may enable system-level execution privileges, with no user interaction required. Multiple feeds (...
CVE-2023-20675
CVE-2023-20675 concerns MediaTek platforms where the kernel/wlan component is vulnerable to an out-of-bounds read caused by a missing bounds check. The issue can lead to local information disclosure, with potentially full System privileges if exploited, and does not require user interaction. Conn...
CVE-2023-20781
In keyinstall, a memory corruption vulnerability is caused by a missing bounds check, enabling local denial of service with SYSTEM privileges without user interaction. Affects the keyinstall component; exploitation details are not provided beyond the local-privilege context. The issue is associat...
CVE-2023-20785
Summary: CVE-2023-20785 describes a potential out-of-bounds write in the audio component due to a missing bounds check, enabling local escalation of privilege to system execution level. The vulnerability is described with no user interaction required. Affected component: Audio subsystem (MediaTek...
CVE-2023-20806
CVE-2023-20806 affects the MediaTek chipset-embedded hcp module, where a missing bounds check can cause an out-of-bounds write. This can lead to local escalation of privilege with System execution privileges required, and no user interaction is needed for exploitation. The issue is tied to patch ...
CVE-2023-20823
CVE-2023-20823 affects the cmdq component and is caused by an incorrect status check that enables an out-of-bounds read. The vulnerability could allow local denial of service with SYSTEM privileges, and exploitation does not require user interaction. A patch is referenced as ALPS08021592 (Issue I...
CVE-2023-21234
CVE-2023-21234 is a Wear OS/Android System vulnerability involving a missing permission check in the launchConfirmationActivity of ChooseLockSettingsHelper.java that could allow enabling developer options without entering the lockscreen PIN. This enables a local escalation of privilege with no ex...
CVE-2023-21321
CVE-2023-21321 affects Android's Package Manager, enabling cross-user information disclosure due to a missing permission check. The vulnerability allows local information disclosure with no privileges and no user interaction required. The connected sources list this CVE as part of Android 14 secu...
CVE-2023-21329
CVE-2023-21329 describes an information disclosure in Android's Activity Manager caused by a missing permission check, enabling local access to whether an app is installed without user interaction. The Android 14 security release notes list this CVE under Framework with a Moderate severity and in...
CVE-2023-21352
CVE-2023-21352 affects NFA and is caused by a missing bounds check leading to an out-of-bounds read. This can result in local information disclosure without additional execution privileges, and exploitation does not require user interaction, per the provided description. Connected sources corrobo...
CVE-2023-21359
CVE-2023-21359 concerns Bluetooth: an out-of-bounds read due to a missing bounds check could disclose local information via the Bluetooth server. Exploitation requires SYSTEM privileges; no user interaction. Documented in NVD/Red Hat/CNVD entries and Android 14 notes corroborate a Bluetooth infor...
CVE-2023-21378
CVE-2023-21378 : In Telecomm, a missing permission check enables silencing the ring for calls of secondary users, causing a local elevation of privilege with no additional execution privileges needed. Exploitation does not require user interaction. CVSSv3.1 base score is 7.8 (High), with local at...
CVE-2023-32808
The CVE-2023-32808 entry concerns a Bluetooth driver issue where improper access control of the register interface allows read/write access to registers, enabling local leakage of sensitive information with system-level privileges required. The description notes no user interaction is needed for ...
CVE-2023-32824
The CVE-2023-32824 entry affects the rpmb module and describes a double-free issue caused by improper locking, enabling local escalation of privilege with System execution privileges required and no user interaction. Patch: ALPS07912966; Issue: ALPS07912961. Connected records consistently identif...
CVE-2023-40633
CVE-2023-40633 describes a vulnerability in the phasecheckserver where a missing permission check could allow local information disclosure without requiring additional execution privileges. Supported by multiple sources (NVD entry, CVE records, and related enrichments), the flaw is characterized ...
CVE-2023-42646
CVE-2023-42646 concerns UNISOC-based systems with an Ifaa service that lacks a required permission check, enabling local information disclosure without additional privileges. The root cause is insufficient access-control in the Ifaa service, leading to exposure of sensitive data to an attacker wi...
CVE-2023-42649
CVE-2023-42649 concerns UNISOC chipsets’ engineermode where a missing permission check allows local information disclosure without requiring execution privileges. Affected component: engineermode logic; root cause: inadequate permission validation leading to exposure of sensitive data to local at...
CVE-2023-44128
CVE-2023-44128 affects LGInstallService (com.lge.lginstallservies) on LG devices, where the exported AIDL-based InstallService exposes installPackage* methods that call installPackageVerify() for signature validation after a delete-file operation. An attacker can manipulate conditions so the secu...
CVE-2023-52534
This CVE concerns the ngmm component. The root cause is incorrect error handling that can lead to undefined behavior, resulting in remote denial of service. Affected software is ngmm; the exact versions are not specified in the provided documents. Impact is limited to availability (DoS) with no u...
CVE-2024-20084
CVE-2024-20084 affects MediaTek power components. The vulnerability is an out-of-bounds read caused by a missing bounds check, potentially enabling local information disclosure with System execution privileges required; exploitation is not user-initiated. Patch ALPS08944210 is noted (Issue MSV-15...
CVE-2024-20134
CVE-2024-20134 affects the RIL (Radio Interface Layer) with a possible out-of-bounds write caused by a missing bounds check. The issue could enable local privilege escalation to System level and does not require user interaction for exploitation. A patch is referenced (ALPS09154589) with an inter...
CVE-2024-20135
In soundtrigger, a missing bounds check can cause an out-of-bounds write, enabling local escalation to System privileges with no user interaction required. Several sources (NVD/Red Hat/CVE references) confirm the issue and patch ID ALPS09142526 (Issue MSV-1841) as the remediation. Affected produc...
CVE-2024-31328
CVE-2024-31328 is documented in Wear OS/Android Wear context. A logic error in the function broadcastIntentLockedTraced of BroadcastController.java may allow launching arbitrary activities from the background on the paired companion phone, resulting in local elevation of privilege without additio...
CVE-2024-39430
The CVE-2024-39430 issue affects the faceid service, described as an out-of-bounds write caused by a missing bounds check. The practical impact is local denial of service with no additional execution privileges required. Connected PT-2024-28491 notes affected versions are not specified and provid...
CVE-2025-20694
CVE-2025-20694 affects Bluetooth firmware (MediaTek chipsets). The issue is a fault due to an uncaught exception that can cause a system crash, enabling remote denial of service with no user interaction and with adjacent access as per the CVSS data. The vulnerability is tied to the Bluetooth FW c...
CVE-2025-36887
CVE-2025-36887 affects the function wl_cfgscan_update_v3_schedscan_results() in wl_cfgscan.c, where an out-of-bounds write results from an incorrect bounds check. This could enable local escalation of privilege with no extra execution privileges required and no user interaction. Multiple sources ...
CVE-2026-0059
Technical details about CVE-2026-0059 are not publicly available in the provided documents; no affected products, versions, root cause, or mitigations are disclosed here. Monitor for updates.
CVE-2014-1939
CVE-2014-1939 affects Android’s BrowserFrame.java (Android before 4.4). The vulnerability arises from using addJavascriptInterface with an instance of SearchBoxImpl, allowing attackers to perform arbitrary Java code execution via the searchBoxJavaBridge_ interface at certain API levels. Exploitat...
CVE-2014-9784
CVE-2014-9784 affects Qualcomm components in Android on Nexus 5 and Nexus 7 (2013) devices. The issue arises from multiple buffer overflows in drivers/char/diag/diag_debugfs.c, enabling a local attacker with a crafted application to gain privileges. Root cause: buffer overflow in the diag_debugfs...
CVE-2014-9876
CVE-2014-9876 affects Android with Qualcomm components on Nexus 5/5X/6/6P/7 (2013). The vulnerability is in drivers/char/diag/diagfwd.c, where mishandling of certain integer values allows privilege escalation via a crafted application (Android internal bug 28767796; Qualcomm CR483408). Exploitati...
CVE-2014-9879
The CVE-2014-9879 issue affects the mdss mdp3 driver in the Qualcomm components on Nexus 5 devices running Android prior to 2016-08-05. The vulnerability arises because user-space data is not validated, enabling a locally staged attacker to gain privileges via a crafted application (Android inter...
CVE-2014-9923
CVE-2014-9923 is described in the provided records as a buffer copy without checking the input size, located in NAS for CAF Android releases using the Linux kernel. The vulnerability path is not fully detailed beyond this memory-unsafe copy, and exploitation details are not provided in the suppli...
CVE-2014-9941
Technical details for CVE-2014-9941 are not publicly provided in the supplied documents. No specific affected products, root cause, or fixes are present here; monitor for updates from official sources.
CVE-2014-9942
CVE-2014-9942 affects the boot path in all Android releases from CAF that use the Linux kernel. The root cause is a Use of Uninitialized Variable in the boot code, which could lead to memory corruption or unpredictable behavior. The NVD CVSSv3 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a...
CVE-2014-9950
Technical details for CVE-2014-9950 are not publicly available in the provided documents; monitor for updates.
CVE-2015-3879
CVE-2015-3879 affects the Android Media Player Framework (Android 5.1.1 LMY48T and earlier). The issue allows an attacker via a crafted application to gain privileges in mediaserver through memory corruption in media processing paths. Connected sources frame this as an elevation-of-privilege vuln...
CVE-2015-6614
CVE-2015-6614 affects Android 5.x before 5.1.1 LMY48X in Telephony. The vulnerability is an elevation-of-privilege flaw that can allow a local malicious app to bypass intended network-interface restrictions, gain privileges, and enable actions such as bypassing restrictions, expensive data transf...