Android@10.0 Security Vulnerabilities and Issues — Page 12 of Android@10.0 CVE List

Lucene search

GoogleAndroid10.0

1834 matches found

CVE•added 2021/07/14 2:15 p.m.•68 views

CVE-2021-0596

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersion...

7.8CVSS7AI score0.00884EPSS

CVE•added 2021/10/06 3:15 p.m.•68 views

CVE-2021-0644

In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Prod...

5.5CVSS5.1AI score0.00036EPSS

CVE•added 2022/04/11 8:15 p.m.•68 views

CVE-2022-20065

In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658.

6.7CVSS5.9AI score0.00015EPSS

CVE•added 2022/06/06 6:15 p.m.•68 views

CVE-2022-21746

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698.

4.4CVSS4.6AI score0.00017EPSS

CVE•added 2022/01/10 2:12 p.m.•68 views

CVE-2022-22264

Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

7.7CVSS6.7AI score0.00016EPSS

CVE•added 2022/04/11 8:15 p.m.•68 views

CVE-2022-26092

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.

7.8CVSS7.8AI score0.00016EPSS

CVE•added 2022/04/11 8:15 p.m.•68 views

CVE-2022-27576

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission

4.3CVSS3.8AI score0.00057EPSS

CVE•added 2022/04/11 8:15 p.m.•68 views

CVE-2022-27826

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

8.5CVSS7.5AI score0.00014EPSS

CVE•added 2022/12/06 7:15 a.m.•68 views

CVE-2022-39133

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00022EPSS

CVE•added 2019/09/27 7:15 p.m.•67 views

CVE-2019-9367

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112106425

7.5CVSS7.2AI score0.00312EPSS

CVE•added 2020/09/17 4:15 p.m.•67 views

CVE-2020-0393

In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 A...

5.5CVSS5AI score0.00017EPSS

CVE•added 2020/09/17 4:15 p.m.•67 views

CVE-2020-0396

In various places in Telephony, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 And...

5.5CVSS5AI score0.00014EPSS

CVE•added 2020/10/14 2:15 p.m.•67 views

CVE-2020-0421

In appendFormatV of String8.cpp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 ...

7.8CVSS7.7AI score0.00013EPSS

CVE•added 2020/11/10 1:15 p.m.•67 views

CVE-2020-0438

In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is no...

7.8CVSS7.9AI score0.00015EPSS

CVE•added 2020/11/10 1:15 p.m.•67 views

CVE-2020-0451

In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Androi...

9.3CVSS8.9AI score0.02865EPSS

CVE•added 2021/01/11 9:15 p.m.•67 views

CVE-2020-27059

In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Prod...

7.8CVSS7.8AI score0.00081EPSS

CVE•added 2021/03/10 4:15 p.m.•67 views

CVE-2021-0390

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User interacti...

7.8CVSS7.6AI score0.00067EPSS

CVE•added 2021/04/13 7:15 p.m.•67 views

CVE-2021-0436

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android...

5.5CVSS5AI score0.00029EPSS

CVE•added 2021/04/13 7:15 p.m.•67 views

CVE-2021-0443

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. This could lead to local information disclosure across user profiles with no additional execution privileges needed. User interaction is needed for exploitation...

4.7CVSS4.3AI score0.00025EPSS

CVE•added 2021/10/06 3:15 p.m.•67 views

CVE-2021-0686

In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is ...

5.5CVSS5AI score0.00033EPSS

CVE•added 2022/02/09 11:15 p.m.•67 views

CVE-2022-20044

In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814.

7.8CVSS7.7AI score0.00017EPSS

CVE•added 2022/03/10 5:46 p.m.•67 views

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission

7.9CVSS7.8AI score0.00015EPSS

CVE•added 2022/11/08 9:15 p.m.•67 views

CVE-2022-32601

In telephony, there is a possible permission bypass due to a parcel format mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07319132; Issue ID: ALPS07319132.

7.8CVSS7.7AI score0.00004EPSS

CVE•added 2022/08/05 4:15 p.m.•67 views

CVE-2022-33723

A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

6.1CVSS6.3AI score0.00035EPSS

CVE•added 2022/10/14 7:15 p.m.•67 views

CVE-2022-38669

In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.

7.8CVSS7.6AI score0.00131EPSS

CVE•added 2022/10/14 7:15 p.m.•67 views

CVE-2022-38690

In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.

5.5CVSS5.5AI score0.00022EPSS

CVE•added 2022/12/06 7:15 a.m.•67 views

CVE-2022-39130

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

5.5CVSS5.4AI score0.00022EPSS

CVE•added 2022/12/06 7:15 a.m.•67 views

CVE-2022-42756

In sensor driver, there is a possible buffer overflow due to a missing bounds check. This could lead to local denial of service in kernel.

7.7CVSS5.6AI score0.00022EPSS

CVE•added 2023/01/26 9:18 p.m.•67 views

CVE-2023-20908

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 An...

5.5CVSS5.3AI score0.00037EPSS

CVE•added 2019/09/27 7:15 p.m.•66 views

CVE-2019-2072

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116117112

8.8CVSS9AI score0.00409EPSS

CVE•added 2019/09/27 7:15 p.m.•66 views

CVE-2019-2169

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492282

6.5CVSS6.4AI score0.00125EPSS

CVE•added 2019/09/27 7:15 p.m.•66 views

CVE-2019-9388

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ...

7.5CVSS7.2AI score0.00312EPSS

CVE•added 2020/10/14 2:15 p.m.•66 views

CVE-2020-0377

In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: And...

7.8CVSS7AI score0.02028EPSS

CVE•added 2021/06/11 5:15 p.m.•66 views

CVE-2021-0466

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVer...

7.5CVSS7.1AI score0.00576EPSS

CVE•added 2021/12/15 7:15 p.m.•66 views

CVE-2021-0650

In WT_InterpolateNoLoop of eas_wtengine.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Andro...

7.1CVSS6.1AI score0.00467EPSS

CVE•added 2021/10/25 2:15 p.m.•66 views

CVE-2021-0661

In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05844413; Issue ID: ALPS05844413.

7.2CVSS6.8AI score0.00021EPSS

CVE•added 2022/04/11 8:15 p.m.•66 views

CVE-2022-20063

In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715.

6.9CVSS6.6AI score0.00011EPSS

CVE•added 2022/04/11 8:15 p.m.•66 views

CVE-2022-25833

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

3.3CVSS4.2AI score0.00019EPSS

CVE•added 2022/04/11 8:15 p.m.•66 views

CVE-2022-26090

Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.

5.3CVSS3.9AI score0.00017EPSS

CVE•added 2022/04/11 8:15 p.m.•66 views

CVE-2022-27821

Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.

5.5CVSS5.3AI score0.0005EPSS

CVE•added 2022/05/03 8:15 p.m.•66 views

CVE-2022-28787

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

5.5CVSS5.5AI score0.00016EPSS

CVE•added 2022/06/07 6:15 p.m.•66 views

CVE-2022-30721

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

5.3CVSS5.2AI score0.00057EPSS

CVE•added 2023/01/04 10:15 a.m.•66 views

CVE-2022-44426

In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00035EPSS

CVE•added 2023/03/10 9:15 p.m.•66 views

CVE-2022-47462

In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.

6.7CVSS6.7AI score0.00025EPSS

CVE•added 2019/09/27 7:15 p.m.•65 views

CVE-2019-9401

In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115375248

7.5CVSS7.6AI score0.00499EPSS

CVE•added 2020/03/10 9:15 p.m.•65 views

CVE-2020-0047

In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311

3.3CVSS5AI score0.00031EPSS

CVE•added 2021/04/09 6:15 p.m.•65 views

CVE-2021-25363

An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

6.8CVSS6.1AI score0.00015EPSS

CVE•added 2022/05/03 8:15 p.m.•65 views

CVE-2022-20093

In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868...

7.8CVSS7.6AI score0.00014EPSS

CVE•added 2022/04/11 8:15 p.m.•65 views

CVE-2022-27569

Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

10CVSS9.8AI score0.0117EPSS

CVE•added 2022/06/07 6:15 p.m.•65 views

CVE-2022-30710

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

9.4CVSS9.1AI score0.00058EPSS

Total number of security vulnerabilities1834