Android@9.0 Security Vulnerabilities and Issues — Page 16 of Android@9.0 CVE List

9.8CVSS9.5AI score0.00147EPSS

CVE-2019-20544

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos chipsets) software. There is an out-of-bounds write in the ICCC Trustlet. The Samsung ID is SVE-2019-15274 (November 2019).

CVE•added 2020/03/24 7:15 p.m.•30 views

CVE-2019-20567

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A up_parm heap overflow leads to code execution in the bootloader. The Samsung ID is SVE-2019-14993 (September 2019).

10CVSS9.7AI score0.00231EPSS

CVE•added 2020/03/24 7:15 p.m.•30 views

CVE-2019-20583

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the EXT_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14847 (August 2019).

10CVSS9.6AI score0.00195EPSS

6.8CVSS6.6AI score0.00017EPSS

CVE-2020-10839

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020).

7.1CVSS6.8AI score0.00016EPSS

CVE-2020-10840

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020).

10CVSS9.3AI score0.0017EPSS

CVE-2020-10848

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020).

CVE•added 2020/07/07 2:15 p.m.•30 views

CVE-2020-15577

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020).

5.5CVSS5.7AI score0.0004EPSS

CVE•added 2020/08/31 9:15 p.m.•30 views

CVE-2020-25046

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB driver leaks address information via kernel logging. The Samsung IDs are SVE-2020-17602, SVE-2020-17603, SVE-2020-17604 (August 2020).

5.5CVSS5.4AI score0.00019EPSS

CVE•added 2020/08/31 9:15 p.m.•30 views

CVE-2020-25049

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).

9.8CVSS9.4AI score0.00147EPSS

CVE•added 2021/01/05 6:15 p.m.•30 views

CVE-2021-22495

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).

7.1CVSS5.6AI score0.00053EPSS

CVE•added 2021/06/11 3:15 p.m.•30 views

CVE-2021-25386

An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

9.8CVSS9.6AI score0.00187EPSS

CVE•added 2021/12/08 3:15 p.m.•30 views

CVE-2021-25518

An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.

6.7CVSS6.8AI score0.00018EPSS

CVE•added 2018/11/14 6:29 p.m.•29 views

CVE-2018-9531

In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ...

9.3CVSS8.1AI score0.00212EPSS

CVE•added 2019/04/19 8:29 p.m.•29 views

CVE-2019-2037

In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android...

7.5CVSS6.9AI score0.00314EPSS

CVE•added 2020/03/24 7:15 p.m.•29 views

CVE-2019-20563

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. The SEC_FR trustlet has an out of bounds write. The Samsung ID is SVE-2019-15272 (October 2019).

9.8CVSS9.5AI score0.00147EPSS

CVE•added 2020/03/24 7:15 p.m.•29 views

CVE-2019-20579

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 (August 2019).

2.4CVSS4AI score0.00019EPSS

CVE•added 2020/03/24 7:15 p.m.•29 views

CVE-2019-20585

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (with TEEGRIS) software. There is type confusion in the SEC_FR Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2019-14851 (August 2019).

10CVSS9.6AI score0.00195EPSS

CVE•added 2019/08/20 8:15 p.m.•29 views

CVE-2019-2127

In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Vers...

7.8CVSS8.3AI score0.00015EPSS

5.3CVSS5.4AI score0.00091EPSS

CVE-2020-10834

An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020).

7.8CVSS7.7AI score0.00016EPSS

CVE-2020-10842

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020).

7.8CVSS7.8AI score0.00017EPSS

CVE-2020-10851

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020).

5.3CVSS5.4AI score0.00091EPSS

CVE-2020-10853

An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. The Samsung IDs are SVE-2019-16010, SVE-2019-16011, SVE-2019-16012 (January 2020).

CVE•added 2021/12/15 7:15 p.m.•29 views

CVE-2021-1038

In UserDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-1...

5.5CVSS5.3AI score0.0005EPSS

CVE•added 2021/06/11 3:15 p.m.•29 views

CVE-2021-25383

An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

9.8CVSS9.6AI score0.00187EPSS

CVE•added 2021/06/11 3:15 p.m.•29 views

CVE-2021-25407

A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.

7.8CVSS7.6AI score0.00019EPSS

CVE•added 2018/11/14 6:29 p.m.•28 views

CVE-2018-9533

In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID...

8.8CVSS8.8AI score0.00409EPSS

CVE•added 2020/03/24 6:15 p.m.•28 views

CVE-2019-20536

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).

9.8CVSS9.4AI score0.00129EPSS

CVE•added 2021/06/11 3:15 p.m.•28 views

CVE-2021-25384

An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

9.8CVSS9.6AI score0.00153EPSS

CVE•added 2021/06/11 3:15 p.m.•28 views

CVE-2021-25413

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

5.5CVSS5.4AI score0.00012EPSS

CVE•added 2021/09/09 7:15 p.m.•28 views

CVE-2021-25456

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

5.5CVSS5.6AI score0.00062EPSS

CVE•added 2021/12/08 3:15 p.m.•28 views

CVE-2021-25519

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.

4CVSS3.8AI score0.00016EPSS

7.8CVSS7.5AI score0.0005EPSS

CVE-2019-20541

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have a stack overflow. The Samsung IDs are SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-1498...

7.8CVSS8AI score0.0002EPSS

CVE-2020-10838

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020).

7.8CVSS7.7AI score0.00016EPSS

CVE-2020-10841

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020).