Android@10.0 Security Vulnerabilities and Issues — Page 16 of Android@10.0 CVE List

CVE-2019-2066

In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117100617

CVE-2019-2170

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118615735

CVE-2019-9261

In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774214

5CVSS5.3AI score0.00017EPSS

CVE-2019-9344

In NFC server, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120845341

5CVSS5.3AI score0.00017EPSS

CVE-2019-9356

6.5CVSS6.5AI score0.00244EPSS

CVE-2019-9359

In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407302

6.5CVSS6.8AI score0.00294EPSS

CVE-2019-9420

In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481

CVE•added 2020/03/10 8:15 p.m.•56 views

CVE-2020-0032

In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...

9.3CVSS8.9AI score0.01848EPSS

CVE•added 2020/06/04 6:15 p.m.•56 views

CVE-2020-13838

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020).

3.6CVSS4.3AI score0.00017EPSS

CVE•added 2021/03/04 10:15 p.m.•56 views

CVE-2021-25340

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.

5.1CVSS4.2AI score0.00017EPSS

CVE•added 2022/06/06 6:15 p.m.•56 views

CVE-2022-21761

In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532.

4.9CVSS4.6AI score0.00021EPSS

CVE•added 2022/01/10 2:12 p.m.•56 views

CVE-2022-22271

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

5.5CVSS5.5AI score0.00041EPSS

CVE•added 2022/05/03 8:15 p.m.•56 views

CVE-2022-28780

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.

5.5CVSS5.3AI score0.00017EPSS

CVE•added 2022/06/07 6:15 p.m.•56 views

CVE-2022-28794

Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.

3.3CVSS3.8AI score0.00016EPSS

CVE•added 2022/07/12 2:15 p.m.•56 views

CVE-2022-30753

Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

3.3CVSS3.9AI score0.00015EPSS

CVE•added 2023/02/06 8:15 p.m.•56 views

CVE-2022-32595

In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236.

4.4CVSS4.2AI score0.0004EPSS

CVE•added 2022/08/05 4:15 p.m.•56 views

CVE-2022-33714

Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

6.2CVSS4AI score0.00018EPSS

CVE•added 2022/08/05 4:15 p.m.•56 views

CVE-2022-33719

Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.

9.8CVSS9.4AI score0.00159EPSS

CVE-2019-2059

CVE-2019-2139

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-117610049

CVE-2019-2150

7.3CVSS7.3AI score0.00012EPSS

CVE-2019-9269

In System Settings, there is a possible permissions bypass due to a cached Linux user ID. This could lead to a local permissions bypass with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-36899497

6.5CVSS6.4AI score0.00244EPSS

CVE-2019-9385

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956

7.3CVSS7.7AI score0.00013EPSS

CVE-2019-9386

In NFC server, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-...

CVE•added 2020/03/10 9:15 p.m.•55 views

CVE-2020-0049

In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID...

6.5CVSS6.6AI score0.00872EPSS

CVE•added 2020/03/10 9:15 p.m.•55 views

CVE-2020-0084

In several functions of NotificationManagerService.java, there are missing permission checks. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio...

7.8CVSS8.2AI score0.00034EPSS

CVE•added 2020/05/11 4:15 p.m.•55 views

CVE-2020-12753

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

9.8CVSS9.5AI score0.03899EPSS

CVE•added 2021/03/04 10:15 p.m.•55 views

CVE-2021-25345

Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.

5.5CVSS5.3AI score0.00016EPSS

CVE•added 2021/04/09 6:15 p.m.•55 views

CVE-2021-25365

An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.

7.8CVSS7.5AI score0.00013EPSS

CVE•added 2022/09/09 3:15 p.m.•55 views

CVE-2022-36863

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

7.8CVSS7.5AI score0.00017EPSS

CVE-2019-2080

CVE-2019-2145

7.8CVSS8.3AI score0.00015EPSS

CVE-2019-9290

In tzdata there is possible memory corruption due to a mismatch between allocation and deallocation functions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Androi...

7.3CVSS7.7AI score0.00015EPSS

CVE-2019-9358

In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401

7.5CVSS7.6AI score0.00501EPSS

CVE-2019-9400

In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589

CVE•added 2021/03/04 9:15 p.m.•54 views

CVE-2021-25336

Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.

4.3CVSS4.2AI score0.00049EPSS

CVE•added 2021/03/04 10:15 p.m.•54 views

CVE-2021-25344

Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.

6.2CVSS5.6AI score0.0002EPSS

CVE•added 2022/08/05 4:15 p.m.•54 views

CVE-2022-33720

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

2.4CVSS3.9AI score0.00031EPSS

CVE•added 2022/08/05 4:15 p.m.•54 views

CVE-2022-33724

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.

3.3CVSS4AI score0.00009EPSS

CVE•added 2022/08/05 4:15 p.m.•54 views

CVE-2022-33725

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

4CVSS4.1AI score0.00067EPSS

CVE•added 2023/03/10 9:15 p.m.•54 views

CVE-2022-47471

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

5.5CVSS5.2AI score0.00011EPSS

CVE•added 2023/05/09 2:15 a.m.•54 views

CVE-2022-47492

In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

5.5CVSS5.4AI score0.00023EPSS

CVE•added 2023/05/09 2:15 a.m.•54 views

CVE-2022-48369

In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.

7.8CVSS7.7AI score0.00036EPSS

CVE•added 2019/09/27 7:15 p.m.•53 views

CVE-2019-2070