8153 matches found
CVE-2018-21069
CVE-2018-21069 affects Samsung mobile devices running N(7.x) with MediaTek chipsets. The issue is an information disclosure of kernel stack memory in a MediaTek driver. Samsung reference ID SVE-2018-11852 (July 2018). Connected sources corroborate the vulnerability but do not provide exploit deta...
CVE-2018-9344
The CVE-2018-9344 entry describes a use-after-free in DescramblerImpl.cpp caused by improper locking, enabling local privilege escalation with no extra privileges and no user interaction. Connected sources associate this issue with Android’s Media framework and list affected context in the Androi...
CVE-2018-9359
CVE-2018-9359 describes an out-of-bounds read in Android’s L2CAP handling (process_l2cap_cmd in l2c_main.cc) that could lead to remote information disclosure without prior privileges or user interaction. Affected products span Android 6.0 through 8.1 (Android-6.0/6.0.1, 7.0/7.1.x, 8.0, 8.1). The ...
CVE-2018-9467
CVE-2018-9467 is a vulnerability in the getHost() path of UriTest.java where incorrect web origin determination could cause security decisions to be made incorrectly. It requires no user interaction and does not require privileges; exploitation is described as a network-vector issue with high imp...
CVE-2018-9477
CVE-2018-9477 is an Elevation of Privilege issue in Android’s Settings app (Development options) caused by a missing permission check. It enables a local attacker to bypass authentication and escalate privileges with no additional execution privileges required, though user interaction is needed f...
CVE-2018-9486
CVE-2018-9486 affects the Bluetooth stack component hidh_l2cif_data_ind in hidh_conn.cc, where a missing bounds check can cause an out-of-bounds read. This could lead to local information disclosure over Bluetooth with no additional execution privileges and without user interaction. Connected sou...
CVE-2018-9507
CVE-2018-9507 affects Android devices and relates to the Bluetooth stack. A vulnerability in bta_av_proc_meta_cmd (bta_av_act.cc) allows an out-of-bounds read due to an incorrect bounds check, enabling remote information disclosure over Bluetooth without extra privileges and without user interact...
CVE-2019-1997
CVE-2019-1997 affects Android’s random.c: In random_get_bytes, an insecure default value degrades randomness, enabling local information disclosure over an insecure wireless connection with no user interaction. Affected Android versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation context: netwo...
CVE-2019-1998
CVE-2019-1998 affects Android 9. In the event_handler of keymaster_app.c, a table can be lost on reboot causing resource exhaustion and a local denial of service, not mitigated by a factory reset. Exploitation does not require user interaction. The Android bulletin lists this issue under 2019-02-...
CVE-2019-2049
CVE-2019-2049 involves a memory corruption via a use-after-free in avrcp_service.cc (SendMediaUpdate/SendFolderUpdate), leading to local privilege escalation in the Android Bluetooth service on Android 9. The Android bulletin attributes this as an EoP (High) vulnerability in the System component;...
CVE-2019-20552
CVE-2019-20552 concerns FRP (Factory Reset Protection) bypass on Samsung mobile devices running Android P (9.0) via an RCS call. Connected sources corroborate a FRP bypass vulnerability affecting Samsung devices; one CNVD entry characterizes the underlying issue as an input validation error, whil...
CVE-2019-20619
CVE-2019-20619 affects Samsung mobile devices running Android P (9.0) with Secure Startup, where keyboard suggested words may be leaked during startup. Samsung ID SVE-2019-13773. No public exploitation details or fixes are provided in the connected documents.
CVE-2019-20780
CVE-2019-20780 relates to LG mobile devices running Android 7.x–8.1, where security settings governing package verification and acceptance from known sources are mishandled. The root cause is the mishandling of these security settings, as described across multiple sources (LG ID LVE-SMP-190002). ...
CVE-2019-2121
CVE-2019-2121 : A race condition in ActivityManagerService.attachApplication on Android 9 (Pie) can lead to local escalation of privilege without extra privileges; no user interaction required. Affected component is the framework entry point for app attachment. The core issue is a race in attachi...
CVE-2019-2137
CVE-2019-2137 affects Android 9 (Pie); the issue is in TelecomManager.java endCall() where a missing permission check allows a local DoS that can block access to Emergency Services with user execution privileges, and does not require user interaction. Exploitation details are not provided in the ...
CVE-2020-0017
CVE-2020-0017 is an information-disclosure flaw in the Android Framework where the primary user’s dictionary could be visible and modifiable by other local users. It affects Android 8.0–10 and requires no extra execution privileges, with exploitation requires user interaction. The Android 2020 se...
CVE-2020-0018
CVE-2020-0018 affects Android 8.x–10, in MotionEntry::appendDescription of InputDispatcher.cpp. The issue is an information-disclosure vulnerability: an attacker could cause local disclosure of user input with system-level privileges, and exploitation does not require user interaction (local atta...
CVE-2020-0026
CVE-2020-0026 affects Android 8.0–10 via Parcel::continueWrite in Parcel.cpp, where a use-after-free causes memory corruption and local elevation of privilege without user interaction. Documented impact is elevated privileges in a local context; no remote code execution details are provided. Affe...
CVE-2020-0043
CVE-2020-0043 involves the FPC Fingerprint TEE on Android. In authorize_enrol of fpc_ta_hw_auth.c there is a missing bounds check causing an out-of-bounds read, leading to possible local information disclosure with system privileges and no user interaction required. Affected class: Android kernel...
CVE-2020-0219
CVE-2020-0219 affects Android 10. The issue is in onCreate of SliceDeepLinkSpringBoard.java, where an insecure Intent could allow local elevation of privilege with no additional execution privileges and without user interaction. The provided documents corroborate the vulnerability and its local-p...
CVE-2020-0327
CVE-2020-0327 affects Android 11: a missing permission check in core networking could allow local information disclosure of app network usage. Exploitation reportedly requires user execution but no user interaction, and the impact is local information disclosure with HIGH confidentiality impact p...
CVE-2020-0346
The CVE-2020-0346 entry affects Android 11 media framework/Mediaserver. The vulnerability is an out-of-bounds write caused by an integer overflow in a Mediaserver component, enabling local elevation of privilege without user interaction. Impacted version: Android 11 (Android device context). Expl...
CVE-2020-12752
CVE-2020-12752 affects Samsung mobile devices running P(9.0)/Q(10.0) with TEEGRIS. The issue allows attackers to determine user credentials via a brute-force attack against the Gatekeeper Trustlet, as described in multiple sources (Samsung ID SVE-2020-16908). The attack surface is the Gatekeeper ...
CVE-2020-13829
CVE-2020-13829 affects Samsung mobile devices running Android P (9.0) and Q (10.0). The issue enables attackers to disable SEAndroid protection within the RKP (Recovery Kernel Patch). Root cause: SEAndroid enforcement can be turned off in RKP, per the available descriptions. Impact: disabling SEA...
CVE-2021-0356
CVE-2021-0356 affects Android 10 and Android 11 in the netdiag component, where improper input validation enables a local command-injection that can grant SYSTEM-level privileges without user interaction. The issue’s impact is described as local escalation with high confidentiality, integrity, an...
CVE-2021-0383
CVE-2021-0383 affects CaptivePortalLoginActivity.java on Android 11. Root cause: a confused deputy could lead to local escalation of privilege in carrier settings without additional execution privileges; no user interaction required. Impact: partial confidentiality/integrity/availability (HIGH fo...
CVE-2021-0492
The CVE-2021-0492 entry concerns Android’s memory management driver, where an out-of-bounds write due to a missing bounds check could enable local privilege escalation without user interaction. Concrete details across connected sources identify the affected component as the memory management driv...
CVE-2021-25461
CVE-2021-25461 concerns a stack-based buffer overflow caused by an improper length check in APAService prior to Samsung SMR Sep-2021 Release 1. The vulnerability affects the APAService component and has documented impact in CVSS: CVSSv3.1 base score 7.8 (HIGH) with LOCAL attack vector, LOW attack...
CVE-2022-20213
CVE-2022-20213 affects Android 10–12, specifically the ApplicationsDetailsActivity in AndroidManifest.xml. The issue permits a local DoS via tapjacking/overlay with user interaction required and no additional execution privileges. CVSS v3.1 base score 5.5 (Medium). Exploitation status is not prov...
CVE-2022-20214
CVE-2022-20214 (Android) affects the Car Settings app on Android 10–12. The vulnerability is a tapjacking issue where an attacker can overlay the “Modify system settings” toggle, potentially allowing apps to modify system settings without user consent. The CVSS 3.1 base metrics indicate: Attack V...
CVE-2022-20215
CVE-2022-20215 describes a tapjacking/overlay attack in the MasterClearConfirmFragment.java on Android 10–12 that could trigger a local factory reset, causing a denial of service without extra privileges. Exploitation requires user interaction and can occur locally; no exploit details or likeliho...
CVE-2022-20294
CVE-2022-20294 affects Google Android 13. The issue stems from a missing permission check in Content, allowing local information disclosure of accounts present on the device. Exploitation would require local access with no user interaction (per the description), and the CVSS score is 5.5 (Medium)...
CVE-2022-26474
The CVE-2022-26474 entry describes a local privilege escalation in MediaTek sensorhub due to an out-of-bounds write from an incorrect buffer size calculation. Vulnerable component: sensorhub in affected MediaTek chips; root cause is incorrect buffer size calculation leading to out-of-bounds write...
CVE-2022-30755
CVE-2022-30755 affects Samsung AppLock prior to the SMR July 2022 Release 1. The issue is improper authentication resulting from insufficient authentication logic, enabling an attacker to bypass password confirmation by hijacking an implicit intent. The vulnerability is documented across multiple...
CVE-2022-32616
CVE-2022-32616 affects the isp component in MediaTek-based devices, causing an out-of-bounds write due to uninitialized data. This can enable local escalation of privilege with System execution privileges required, and no user interaction is needed. The entry lists patch ALPS07341258 / Issue ALPS...
CVE-2022-33695
The CVE-2022-33695 entry concerns Samsung InputManagerService on Samsung Android devices. The vulnerability arises from improper modification permissions in InputManagerService, allowing an attacker to access the service without authorization. Affected component: InputManagerService (Binder-like ...
CVE-2022-36858
CVE-2022-36858 is a heap-based overflow in GetCorrectDbLanguageTypeEsPKc() within libSDKRecognitionText.spensdk.samsung.so, affecting Samsung devices prior to SMR Sep-2022 Release 1. The vulnerability can cause a memory access fault due to heap overflow in the affected function. Available documen...
CVE-2022-39091
CVE-2022-39091 involves a missing permission check in the power management service. The root cause is insufficient authorization in the power management component, enabling setup of the service with no additional execution privileges required. Documented impact is a local attack surface with high...
CVE-2022-39108
CVE-2022-39108 affects the Music service: a missing permission check is the root cause, enabling elevation of privilege with no extra execution privileges required. According to the available data, the exploit is local with low privileges required and no user interaction, and the CVSSv3.1 base sc...
CVE-2022-39121
CVE-2022-39121 describes an out-of-bounds write in a sensor driver caused by a missing bounds check, potentially allowing a local denial of service in the kernel. Connected sources reference Unisoc chipset implementations and related sensor-driver context; no explicit affected versions or fix are...
CVE-2022-39128
CVE-2022-39128 corresponds to a vulnerability in the sensor driver that can cause a local denial of service in the kernel due to an out-of-bounds write from a missing bounds check. The connected documents consistently describe: (1) the flaw as a bounds-check omission in the sensor driver, (2) imp...
CVE-2022-39852
CVE-2022-39852 is a heap-based overflow in the makeContactAGIF function of libagifencoder.quram.so, vulnerable in Samsung devices prior to SMR Oct-2022 Release 1. This can allow local attacker-controlled code execution with high impact on confidentiality, integrity, and availability. Remediation ...
CVE-2022-39853
CVE-2022-39853 describes a use-after-free vulnerability in the Samsung perf-mgr driver, affecting versions prior to the SMR Oct-2022 Release 1. The underlying issue allows an attacker to cause a memory access fault (memory corruption) and is classified with a high impact in NVD, with local attack...
CVE-2022-39883
CVE-2022-39883 affects Samsung StorageManagerService prior to SMR Nov-2022 Release 1. The issue is an improper authorization that lets a local attacker call a privileged API. The NVD CVSSv3.1 base score is 7.8 (HIGH) with LOCAL attack vector, LOW complexity, and Privileges Required: LOW. Red Hat/...
CVE-2022-39898
CVE-2022-39898 affects Samsung IIccPhoneBook prior to SMR Dec-2022 Release 1 and is characterized by improper access control that could allow access to some information on the USIM. The vulnerability is documented across multiple feeds (NVD, Red Hat, CVE List) with a common description and a Sams...
CVE-2022-39904
CVE-2022-39904 affects Samsung Settings on Samsung mobile devices prior to SMR Dec-2022 Release 1. The issue is an information disclosure where the Network Access Identifier is exposed in logs, allowing local attackers to access it. Affected component: Samsung Settings; root cause: log exposure o...
CVE-2022-42540
CVE-2022-42540 is described as an Elevation of Privilege affecting Chromecast’s AMLogic Secure Monitor. The Chromecast Security Bulletin lists CVE-2022-42540 among issues addressed by the 2023-07-01 patch level, indicating a vendor-provided fix in Chromecast firmware. NVD assigns a 3.1 base score...
CVE-2022-44445
CVE-2022-44445 affects the WLAN driver, where a missing bounds check in the driver could allow local denial of service in WLAN services. The CVSS vector indicates local access, low attack complexity, and required privileges with a high availability impact, resulting in a base score of 5.5 (Medium...
CVE-2022-47330
CVE-2022-47330 is described as a possible missing permission check in the WLAN driver causing local information disclosure. The connected documents reiterate this description but do not provide concrete technical details such as affected products, versions, root cause specifics, exploitation stat...
CVE-2022-47341
The CVE-2022-47341 entry describes a vulnerability in engineermode services with a missing permission check that could allow local escalation of privilege to system execution privileges. Affected component: engineermode services. Root cause: inadequate permission validation leading to privilege e...