1834 matches found
CVE-2019-2036
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Andro...
CVE-2019-9336
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112326322
CVE-2020-0102
In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Andr...
CVE-2020-13832
An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).
CVE-2020-28340
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020).
CVE-2020-28344
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November 2020).
CVE-2021-25334
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.
CVE-2021-25359
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
CVE-2021-25428
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
CVE-2022-30724
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-33687
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
CVE-2022-33704
Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.
CVE-2022-33726
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
CVE-2022-39117
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-42757
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42776
In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed.
CVE-2022-42779
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42780
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-47452
In gnss driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-48231
In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2022-48372
In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2019-20530
An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), P(9.0), and Q(10.0) software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 (December 2019).
CVE-2019-9402
In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550
CVE-2019-9474
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-79996267
CVE-2020-0036
In hasPermissions of PermissionMonitor.java, there is a possible access to restricted permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: A...
CVE-2020-0189
In ihevcd_decode() of ihevcd_decode.c, there is possible resource exhaustion due to an infinite loop. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139939283
CVE-2020-0201
In showSecurityFields of WifiConfigController.java there is a possible credential leak due to a confused deputy. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Andr...
CVE-2020-11873
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID is LVE-SMP-200005 (April 2020).
CVE-2020-26602
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).
CVE-2021-0367
In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05371580; Issue ID: ALP...
CVE-2021-0401
In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05418265.
CVE-2021-0623
In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489178; Issue ID: ALPS05585817.
CVE-2022-20015
In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862966; Issue ID: ALPS05862966.
CVE-2022-22267
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
CVE-2022-30752
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
CVE-2022-36847
Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
CVE-2022-36860
A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-38671
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39087
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39088
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39095
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39108
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.
CVE-2022-39883
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.
CVE-2022-39887
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.
CVE-2022-42765
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42773
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42774
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42783
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-47327
In wlan driver, there is a possible missing permission check. This could lead to local information disclosure.
CVE-2022-47358
In log service, there is a missing permission check. This could lead to local denial of service in log service.