2082 matches found
CVE-2022-30725
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-33691
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
CVE-2022-33698
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
CVE-2022-36845
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-38678
In contacts service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-38680
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-38687
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service with no additional execution privileges needed.
CVE-2022-39081
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39086
In network service, there is a missing permission check. This could lead to local escalation of privilege with System execution privileges needed.
CVE-2022-39094
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39096
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39118
In sprd_sysdump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39123
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39126
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39127
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39851
Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.
CVE-2022-39897
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
CVE-2022-39906
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
CVE-2022-42760
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42782
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
CVE-2022-44423
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVE-2022-44445
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-47322
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-47345
In engineermode services, there is a missing permission check. This could lead to local denial of service in engineermode services.
CVE-2022-47363
In wlan driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-47364
In wlan driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in wlan services.
CVE-2022-47454
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
CVE-2022-47475
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
CVE-2022-48246
In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
CVE-2023-20633
In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.
CVE-2023-20679
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.
CVE-2023-35689
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-40644
In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed
CVE-2020-0327
In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407
CVE-2020-0346
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges needed. User interaction is not needed for exploitation.Pro...
CVE-2021-0382
In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...
CVE-2021-0403
In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05475124.
CVE-2021-0547
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional exe...
CVE-2021-0677
In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154.
CVE-2021-25516
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
CVE-2022-20021
In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. ...
CVE-2022-26459
In vow, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032634; Issue ID: ALPS07032634.
CVE-2022-32625
In display, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326216; Issue ID: ALPS07326216.
CVE-2022-32646
In gpu drm, there is a possible stack overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363501; Issue ID: ALPS07363501.
CVE-2022-36846
A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
CVE-2022-36868
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.
CVE-2022-38679
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.
CVE-2022-39097
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
CVE-2022-39121
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39884
Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.