Android@10.0 Security Vulnerabilities and Issues — Page 12 of Android@10.0 CVE List

Lucene search

GoogleAndroid10.0

1834 matches found

CVE•added 2023/05/09 2:15 a.m.•81 views

CVE-2022-47487

In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.

5.5CVSS5.5AI score0.00014EPSS

CVE•added 2024/12/18 7:15 p.m.•81 views

CVE-2024-47039

In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

10CVSS6.1AI score0.00042EPSS

CVE•added 2019/09/27 7:15 p.m.•80 views

CVE-2019-9423

In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android I...

7.8CVSS7.7AI score0.0029EPSS

CVE•added 2020/01/08 7:15 p.m.•80 views

CVE-2020-0001

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, An...

7.8CVSS7.7AI score0.00104EPSS

CVE•added 2021/10/06 3:15 p.m.•80 views

CVE-2021-0635

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This problem may lead to hacker malicious code attacks, resulting in the loss of user rights.Product: Androidversion:Android-1...

7.8CVSS7.5AI score0.00055EPSS

CVE•added 2022/03/10 5:47 p.m.•80 views

CVE-2022-25817

Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.

4CVSS4.2AI score0.00019EPSS

CVE•added 2023/06/06 6:15 a.m.•80 views

CVE-2022-48392

In dialer service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

7.8CVSS7.7AI score0.00027EPSS

CVE•added 2020/03/10 9:15 p.m.•79 views

CVE-2020-0054

In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Produ...

7.8CVSS8.1AI score0.00032EPSS

CVE•added 2022/02/09 11:15 p.m.•79 views

CVE-2022-20042

In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487.

5.5CVSS5.1AI score0.00015EPSS

CVE•added 2022/04/11 8:15 p.m.•79 views

CVE-2022-20067

In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585.

6.7CVSS6.7AI score0.00014EPSS

CVE•added 2022/03/10 5:47 p.m.•79 views

CVE-2022-25815

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

7.8CVSS7.3AI score0.00015EPSS

CVE•added 2022/10/14 7:15 p.m.•79 views

CVE-2022-2984

In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

5.5CVSS5.4AI score0.00028EPSS

CVE•added 2020/03/10 9:15 p.m.•78 views

CVE-2020-0050

In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...

6.7CVSS7.2AI score0.00037EPSS

CVE•added 2020/03/10 9:15 p.m.•78 views

CVE-2020-0051

In onCreate of SettingsHomepageActivity, there is a possible tapjacking attack. This could lead to local escalation of privilege in Settings with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138442483

7.8CVSS8.1AI score0.00035EPSS

CVE•added 2021/02/06 12:15 a.m.•78 views

CVE-2020-11836

OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.

5.5CVSS5.4AI score0.00019EPSS

CVE•added 2021/12/15 7:15 p.m.•78 views

CVE-2021-0904

In SRAMROM, there is a possible permission bypass due to an insecure permission setting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06076938; Issue ID: ALPS06076938.

7.2CVSS6.8AI score0.00012EPSS

CVE•added 2022/03/10 5:45 p.m.•78 views

CVE-2022-20056

In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ...

6.6CVSS6.5AI score0.00015EPSS

CVE•added 2022/03/10 5:47 p.m.•78 views

CVE-2022-25816

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication

4.6CVSS4.8AI score0.00019EPSS

CVE•added 2022/04/11 8:15 p.m.•78 views

CVE-2022-27575

Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.

4.3CVSS3.9AI score0.00057EPSS

CVE•added 2022/04/11 8:15 p.m.•78 views

CVE-2022-27822

Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.

6.6CVSS5.3AI score0.00018EPSS

CVE•added 2020/06/05 12:15 a.m.•77 views

CVE-2020-13839

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).

10CVSS9.5AI score0.00231EPSS

CVE•added 2022/02/09 11:15 p.m.•77 views

CVE-2022-20029

In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150.

4.4CVSS4.2AI score0.00016EPSS

CVE•added 2022/05/03 9:15 p.m.•77 views

CVE-2022-20107

In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.

4.9CVSS4.7AI score0.00051EPSS

CVE•added 2022/04/11 8:15 p.m.•77 views

CVE-2022-27830

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

8.5CVSS7.5AI score0.00014EPSS

CVE•added 2022/04/11 8:15 p.m.•77 views

CVE-2022-27834

Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.

7CVSS7.1AI score0.00015EPSS

CVE•added 2020/03/10 9:15 p.m.•76 views

CVE-2020-0052

In smsSelected of AnswerFragment.java, there is a way to send an SMS from the lock screen due to a permissions bypass. This could lead to local escalation of privilege on the lock screen with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVers...

4.3CVSS5.6AI score0.0001EPSS

CVE•added 2020/06/05 12:15 a.m.•76 views

CVE-2020-13842

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).

7.8CVSS7.7AI score0.00016EPSS

CVE•added 2022/02/09 11:15 p.m.•76 views

CVE-2022-20043

In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177.

7.8CVSS7.6AI score0.00013EPSS

CVE•added 2022/04/11 8:15 p.m.•76 views

CVE-2022-20068

In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID: ALPS06308907.

6.7CVSS6.6AI score0.00019EPSS

CVE•added 2022/04/11 8:15 p.m.•76 views

CVE-2022-20074

In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patc...

6.6CVSS6.5AI score0.00015EPSS

CVE•added 2022/06/06 6:15 p.m.•76 views

CVE-2022-21747

In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078.

4.4CVSS4.6AI score0.00017EPSS

CVE•added 2022/10/14 7:15 p.m.•76 views

CVE-2022-39105

In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.

5.5CVSS5.4AI score0.00032EPSS

CVE•added 2020/03/10 9:15 p.m.•75 views

CVE-2020-0046

In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Androi...

7.8CVSS8.3AI score0.00035EPSS

CVE•added 2021/10/06 6:15 p.m.•75 views

CVE-2021-25477

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

4.9CVSS5.2AI score0.00199EPSS

CVE•added 2022/02/09 11:15 p.m.•75 views

CVE-2022-20030

In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793.

6.7CVSS6.8AI score0.00015EPSS

CVE•added 2022/03/10 5:45 p.m.•75 views

CVE-2022-20055

7.2CVSS6.6AI score0.00012EPSS

CVE•added 2022/01/10 2:12 p.m.•75 views

CVE-2022-22270

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

4.4CVSS4.1AI score0.00132EPSS

CVE•added 2022/04/11 8:15 p.m.•75 views

CVE-2022-27572

Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

10CVSS9.8AI score0.0117EPSS

CVE•added 2022/07/12 2:15 p.m.•75 views

CVE-2022-33703

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

8.5CVSS7.5AI score0.0001EPSS

CVE•added 2020/11/08 5:15 a.m.•74 views

CVE-2020-28343

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).

7.8CVSS7.9AI score0.00083EPSS

CVE•added 2021/10/11 4:15 p.m.•74 views

CVE-2021-0583

In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: A...

7.3CVSS7.2AI score0.00031EPSS

CVE•added 2022/02/09 11:15 p.m.•74 views

CVE-2022-20046

In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410.

5.5CVSS5.5AI score0.00013EPSS

CVE•added 2022/04/11 8:15 p.m.•74 views

CVE-2022-20076

In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556.

4.4CVSS4.5AI score0.00014EPSS

CVE•added 2022/05/03 8:15 p.m.•74 views

CVE-2022-20096

In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003.

4.4CVSS4.3AI score0.00017EPSS

CVE•added 2020/06/05 12:15 a.m.•73 views

CVE-2020-13840

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).

9.8CVSS9.6AI score0.00222EPSS

CVE•added 2022/02/09 11:15 p.m.•73 views

CVE-2022-20035

In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675.

4.4CVSS4.7AI score0.00034EPSS

CVE•added 2022/04/11 8:15 p.m.•73 views

CVE-2022-20075

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808.

7.2CVSS6.7AI score0.00051EPSS

CVE•added 2022/04/11 8:15 p.m.•73 views

CVE-2022-20077

In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812.

6.9CVSS6.7AI score0.0001EPSS

CVE•added 2022/04/11 8:15 p.m.•73 views

CVE-2022-27832

Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.

4CVSS4AI score0.00017EPSS

CVE•added 2019/09/27 7:15 p.m.•72 views

CVE-2019-9346

In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-128433933

8.8CVSS9.1AI score0.00761EPSS

Total number of security vulnerabilities1834