Lucene search

K

647 matches found

cve
cve
added 2021/06/11 3:15 p.m.35 views

CVE-2021-25388

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

7.1CVSS7.3AI score0.00009EPSS
cve
cve
added 2021/06/11 3:15 p.m.35 views

CVE-2021-25389

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.

6.1CVSS6.2AI score0.0002EPSS
cve
cve
added 2021/07/08 2:15 p.m.35 views

CVE-2021-25427

SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information

6.5CVSS6.6AI score0.00059EPSS
cve
cve
added 2021/07/08 2:15 p.m.35 views

CVE-2021-25429

Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

4.3CVSS4.5AI score0.0003EPSS
cve
cve
added 2021/07/08 2:15 p.m.35 views

CVE-2021-25430

Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

4.3CVSS4.5AI score0.0003EPSS
cve
cve
added 2021/09/09 7:15 p.m.35 views

CVE-2021-25449

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

9.8CVSS9.6AI score0.00178EPSS
cve
cve
added 2021/10/06 6:15 p.m.35 views

CVE-2021-25474

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

4.9CVSS4.8AI score0.00049EPSS
cve
cve
added 2021/10/06 6:15 p.m.35 views

CVE-2021-25478

A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

7.2CVSS7.4AI score0.00231EPSS
cve
cve
added 2021/10/06 6:15 p.m.35 views

CVE-2021-25491

A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.

4.4CVSS4.9AI score0.00017EPSS
cve
cve
added 2021/12/15 7:15 p.m.35 views

CVE-2021-39639

In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. This could lead to local escalation of privilege with physical access to device internals with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andro...

7.2CVSS6.6AI score0.00013EPSS
cve
cve
added 2021/01/26 6:15 p.m.34 views

CVE-2020-27097

In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-14072...

5.5CVSS5.7AI score0.00014EPSS
cve
cve
added 2021/02/04 7:15 p.m.34 views

CVE-2021-0347

In ccu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: A...

4.4CVSS4.2AI score0.00017EPSS
cve
cve
added 2021/02/04 7:15 p.m.34 views

CVE-2021-0348

In vpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS0534...

7.2CVSS6.7AI score0.00014EPSS
cve
cve
added 2021/02/03 12:15 a.m.34 views

CVE-2021-0357

In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05442002.

6.7CVSS6.7AI score0.00019EPSS
cve
cve
added 2021/03/10 4:15 p.m.34 views

CVE-2021-0375

In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS5.7AI score0.00014EPSS
cve
cve
added 2021/10/25 2:15 p.m.34 views

CVE-2021-0410

In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.

5.5CVSS5AI score0.00015EPSS
cve
cve
added 2021/10/25 2:15 p.m.34 views

CVE-2021-0412

In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561366; Issue ID: ALPS05561366.

5.5CVSS5AI score0.00015EPSS
cve
cve
added 2021/08/18 3:15 p.m.34 views

CVE-2021-0416

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336700.

5.5CVSS5.4AI score0.00018EPSS
cve
cve
added 2021/08/18 3:15 p.m.34 views

CVE-2021-0417

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702.

5.5CVSS5.4AI score0.00018EPSS
cve
cve
added 2021/03/10 5:15 p.m.34 views

CVE-2021-0450

In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1751...

4.4CVSS4.3AI score0.00016EPSS
cve
cve
added 2021/03/10 5:15 p.m.34 views

CVE-2021-0454

In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-175117...

7.2CVSS6.7AI score0.00014EPSS
cve
cve
added 2021/06/11 5:15 p.m.34 views

CVE-2021-0491

In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid I...

7.8CVSS7.7AI score0.00013EPSS
cve
cve
added 2021/06/21 5:15 p.m.34 views

CVE-2021-0528

In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266

7.8CVSS7.8AI score0.00016EPSS
cve
cve
added 2021/06/22 11:15 a.m.34 views

CVE-2021-0534

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi...

7.8CVSS7.7AI score0.00015EPSS
cve
cve
added 2021/06/22 12:15 p.m.34 views

CVE-2021-0544

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11And...

6.7CVSS6.7AI score0.00016EPSS
cve
cve
added 2021/06/22 12:15 p.m.34 views

CVE-2021-0551

In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: Android...

6.5CVSS6.4AI score0.00345EPSS
cve
cve
added 2021/06/22 11:15 a.m.34 views

CVE-2021-0556

In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1...

5.5CVSS5.2AI score0.00017EPSS
cve
cve
added 2021/06/22 11:15 a.m.34 views

CVE-2021-0566

In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A...

4.4CVSS4.2AI score0.00014EPSS
cve
cve
added 2021/06/22 11:15 a.m.34 views

CVE-2021-0567

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

7.8CVSS7.7AI score0.00036EPSS
cve
cve
added 2021/06/22 11:15 a.m.34 views

CVE-2021-0572

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android I...

5.5CVSS5.1AI score0.00015EPSS
cve
cve
added 2021/06/22 12:15 p.m.34 views

CVE-2021-0608

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android ke...

7.8CVSS7.7AI score0.00015EPSS
cve
cve
added 2021/11/18 3:15 p.m.34 views

CVE-2021-0619

In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561395; Issue ID: ALPS05561395.

5.5CVSS5AI score0.00015EPSS
cve
cve
added 2021/11/18 3:15 p.m.34 views

CVE-2021-0656

In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05709376; Issue ID: ALPS05709376.

6.7CVSS6.8AI score0.00016EPSS
cve
cve
added 2021/11/18 3:15 p.m.34 views

CVE-2021-0666

In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672086; Issue ID: ALPS05672086.

4.4CVSS4.2AI score0.00016EPSS
cve
cve
added 2021/11/18 3:15 p.m.34 views

CVE-2021-0668

In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521.

7.2CVSS6.8AI score0.00011EPSS
cve
cve
added 2021/12/15 7:15 p.m.34 views

CVE-2021-0999

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi...

7.8CVSS7.6AI score0.00014EPSS
cve
cve
added 2021/12/15 7:15 p.m.34 views

CVE-2021-1003

In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: ...

7.8CVSS7.7AI score0.00015EPSS
cve
cve
added 2021/12/15 7:15 p.m.34 views

CVE-2021-1015

In getMeidForSlot of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction ...

3.3CVSS3.5AI score0.00013EPSS
cve
cve
added 2021/06/11 3:15 p.m.34 views

CVE-2021-25396

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.

6.7CVSS6.8AI score0.00018EPSS
cve
cve
added 2021/06/11 3:15 p.m.34 views

CVE-2021-25408

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.

7.8CVSS7.9AI score0.00018EPSS
cve
cve
added 2021/08/05 8:15 p.m.34 views

CVE-2021-25443

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.

5.3CVSS5.3AI score0.00018EPSS
cve
cve
added 2021/09/09 7:15 p.m.34 views

CVE-2021-25450

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

6.5CVSS6.5AI score0.0005EPSS
cve
cve
added 2021/10/06 6:15 p.m.34 views

CVE-2021-25471

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.

7.5CVSS7.4AI score0.00113EPSS
cve
cve
added 2021/10/06 6:15 p.m.34 views

CVE-2021-25479

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

7.2CVSS7.3AI score0.00231EPSS
cve
cve
added 2021/10/06 6:15 p.m.34 views

CVE-2021-25486

Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

3.3CVSS4AI score0.00018EPSS
cve
cve
added 2021/11/05 3:15 a.m.34 views

CVE-2021-25502

A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

7.9CVSS5.2AI score0.0001EPSS
cve
cve
added 2021/12/15 7:15 p.m.34 views

CVE-2021-39643

In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-in-depth due to missing validation of the return value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Produc...

6.7CVSS6.7AI score0.00017EPSS
cve
cve
added 2021/12/15 7:15 p.m.34 views

CVE-2021-39646

Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A

7.5CVSS7.4AI score0.00123EPSS
cve
cve
added 2021/02/03 12:15 a.m.33 views

CVE-2021-0361

In kisd, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05449968.

6.7CVSS6.6AI score0.00017EPSS
cve
cve
added 2021/03/10 4:15 p.m.33 views

CVE-2021-0370

In Write of NxpMfcReader.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

6.7CVSS6.7AI score0.00015EPSS
Total number of security vulnerabilities647