1834 matches found
CVE-2022-39094
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39096
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39097
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39118
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39123
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39126
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39897
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
CVE-2022-39906
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
CVE-2022-42758
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42760
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42777
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-42782
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
CVE-2022-44445
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-47322
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-47345
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47363
In wlan driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-47364
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-47454
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-47475
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-47481
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.
CVE-2022-48246
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2019-2164
In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113263695
CVE-2020-0024
In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...
CVE-2020-0098
In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-...
CVE-2020-0115
In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitat...
CVE-2020-0121
In updateUidProcState of AppOpsService.java, there is a possible permission bypass due to a logic error. This could lead to local information disclosure of location data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Androi...
CVE-2021-25397
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
CVE-2021-25516
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
CVE-2022-20014
In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308.
CVE-2022-36846
A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-36854
Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.
CVE-2022-38679
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.
CVE-2022-39121
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39847
Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.
CVE-2022-39884
Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.
CVE-2022-39895
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.
CVE-2022-39904
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.
CVE-2022-44440
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-44442
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-47334
In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.
CVE-2022-47348
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47361
In firewall service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.
CVE-2022-48371
In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.
CVE-2022-48379
In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.
CVE-2023-20809
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198.
CVE-2023-40631
In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
CVE-2019-2061
In libxaac, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112610994
CVE-2019-9282
In skia, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113211371
CVE-2019-9431
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Andro...
CVE-2020-0015
In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...