Lucene search

K
GoogleAndroid11.0

2082 matches found

CVE
CVE
added 2021/06/22 11:15 a.m.38 views

CVE-2021-0571

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privile...

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.38 views

CVE-2021-0676

In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.

4.4CVSS4.2AI score0.00014EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.38 views

CVE-2021-0897

In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.

6.7CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2021/12/15 7:15 p.m.38 views

CVE-2021-1040

In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Androi...

7.8CVSS7.6AI score0.00031EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.38 views

CVE-2021-25393

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.

6.6CVSS6.7AI score0.00028EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.38 views

CVE-2021-25459

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

5.5CVSS5.4AI score0.00018EPSS
CVE
CVE
added 2021/10/06 6:15 p.m.38 views

CVE-2021-25476

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

4.4CVSS4.5AI score0.00019EPSS
CVE
CVE
added 2022/01/04 4:15 p.m.38 views

CVE-2022-20013

In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05837742.

6.4CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2022/09/06 6:15 p.m.38 views

CVE-2022-26462

In vow, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032660; Issue ID: ALPS07032660.

4.4CVSS4.2AI score0.0002EPSS
CVE
CVE
added 2022/06/07 6:15 p.m.38 views

CVE-2022-30714

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

3.3CVSS3.9AI score0.00015EPSS
CVE
CVE
added 2022/07/12 2:15 p.m.38 views

CVE-2022-33695

Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

7.8CVSS7.5AI score0.00016EPSS
CVE
CVE
added 2022/09/09 3:15 p.m.38 views

CVE-2022-36842

A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

7.8CVSS7.5AI score0.00039EPSS
CVE
CVE
added 2022/09/09 3:15 p.m.38 views

CVE-2022-36855

A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

7.8CVSS7.5AI score0.00039EPSS
CVE
CVE
added 2022/12/06 7:15 a.m.38 views

CVE-2022-39093

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.

7.8CVSS7.5AI score0.00035EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.38 views

CVE-2022-39104

In contacts service, there is a missing permission check. This could lead to local denial of service in Contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS
CVE
CVE
added 2022/10/14 7:15 p.m.38 views

CVE-2022-39111

In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.

7.8CVSS7.6AI score0.00131EPSS
CVE
CVE
added 2022/10/07 3:15 p.m.38 views

CVE-2022-39848

Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.

4CVSS3.7AI score0.00023EPSS
CVE
CVE
added 2022/12/08 4:15 p.m.38 views

CVE-2022-39896

Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.

4CVSS4.1AI score0.00032EPSS
CVE
CVE
added 2022/12/06 7:15 a.m.38 views

CVE-2022-42764

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.0003EPSS
CVE
CVE
added 2022/12/06 7:15 a.m.38 views

CVE-2022-42766

In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.

6.6CVSS5.1AI score0.00027EPSS
CVE
CVE
added 2022/12/06 7:15 a.m.38 views

CVE-2022-42781

In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00025EPSS
CVE
CVE
added 2023/01/04 10:15 a.m.38 views

CVE-2022-44424

In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.

5.5CVSS5.4AI score0.00023EPSS
CVE
CVE
added 2023/04/11 12:15 p.m.38 views

CVE-2022-47362

In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/02/12 4:15 a.m.38 views

CVE-2022-47370

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.

5.5CVSS5.3AI score0.00034EPSS
CVE
CVE
added 2023/04/11 12:15 p.m.38 views

CVE-2022-47464

In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/04/11 12:15 p.m.38 views

CVE-2022-47465

In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service.

5.5CVSS5.3AI score0.00022EPSS
CVE
CVE
added 2023/05/09 2:15 a.m.38 views

CVE-2022-47485

In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

4.4CVSS4.7AI score0.0001EPSS
CVE
CVE
added 2023/05/09 2:15 a.m.38 views

CVE-2022-48240

In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.

4.4CVSS4.7AI score0.0001EPSS
CVE
CVE
added 2023/05/09 2:15 a.m.38 views

CVE-2022-48375

In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.

5.5CVSS5.4AI score0.00022EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.38 views

CVE-2023-20673

In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.

6.7CVSS6.8AI score0.0002EPSS
CVE
CVE
added 2023/05/15 10:15 p.m.38 views

CVE-2023-20708

In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.

6.7CVSS6.6AI score0.00012EPSS
CVE
CVE
added 2023/07/12 9:15 a.m.38 views

CVE-2023-33884

In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.

5.5CVSS5.2AI score0.00021EPSS
CVE
CVE
added 2023/10/08 4:15 a.m.38 views

CVE-2023-40633

In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.00016EPSS
CVE
CVE
added 2023/11/01 10:15 a.m.38 views

CVE-2023-42651

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.0004EPSS
CVE
CVE
added 2023/12/04 1:15 a.m.38 views

CVE-2023-42679

In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

4.4CVSS4.8AI score0.00007EPSS
CVE
CVE
added 2023/11/01 10:15 a.m.38 views

CVE-2023-42750

In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

4.4CVSS4.8AI score0.00018EPSS
CVE
CVE
added 2020/06/11 3:15 p.m.37 views

CVE-2020-0202

In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploi...

7.8CVSS8.1AI score0.00049EPSS
CVE
CVE
added 2020/09/18 4:15 p.m.37 views

CVE-2020-0268

In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643

6.4CVSS7AI score0.00013EPSS
CVE
CVE
added 2020/09/17 9:15 p.m.37 views

CVE-2020-0270

In tremolo, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145790628

6.5CVSS6.5AI score0.00244EPSS
CVE
CVE
added 2020/09/18 4:15 p.m.37 views

CVE-2020-0276

In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253586

5.5CVSS5.7AI score0.00015EPSS
CVE
CVE
added 2020/09/17 9:15 p.m.37 views

CVE-2020-0303

In the Media extractor, there is a possible use after free due to improper locking. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148223229

8.8CVSS9AI score0.00372EPSS
CVE
CVE
added 2020/09/17 9:15 p.m.37 views

CVE-2020-0356

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559

6.7CVSS7.2AI score0.00015EPSS
CVE
CVE
added 2020/12/15 4:15 p.m.37 views

CVE-2020-0496

In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS6AI score0.00019EPSS
CVE
CVE
added 2021/02/04 7:15 p.m.37 views

CVE-2021-0344

In mtkpower, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05437558.

7.2CVSS6.8AI score0.00014EPSS
CVE
CVE
added 2021/02/03 12:15 a.m.37 views

CVE-2021-0354

In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID...

6.7CVSS6.7AI score0.0002EPSS
CVE
CVE
added 2021/02/03 12:15 a.m.37 views

CVE-2021-0362

In aee, there is a possible memory corruption due to a stack buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Patch ID: ALPS05457070.

6.7CVSS6.9AI score0.00009EPSS
CVE
CVE
added 2021/03/10 5:15 p.m.37 views

CVE-2021-0383

In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160871056

7.8CVSS7.6AI score0.00015EPSS
CVE
CVE
added 2021/06/22 12:15 p.m.37 views

CVE-2021-0550

In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2021/06/22 11:15 a.m.37 views

CVE-2021-0564

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665

6.4CVSS6.5AI score0.00013EPSS
CVE
CVE
added 2021/12/17 5:15 p.m.37 views

CVE-2021-0679

In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.

6.7CVSS6.8AI score0.00015EPSS
Total number of security vulnerabilities2082