40 matches found
CVE-2019-9455
CVE-2019-9455: In the Android kernel video driver, there is a kernel pointer leak caused by a WARN_ON statement, leading to local information disclosure with System execution privileges needed. Local exploitation is possible without user interaction. The connected Nessus advisories corroborate th...
CVE-2022-20240
CVE-2022-20240 affects Android 12 and Android 12L via the function in AppOpsManager.java, specifically sOpAllowSystemRestrictionBypass. The issue is a leakage of location information caused by a missing permission check, enabling local elevation of privilege with System execution privileges requi...
CVE-2020-0382
CVE-2020-0382 affects Android 10/11. In RunInternal of dumpstate.cpp, an uncaught exception enables a possible user-consent bypass, allowing local disclosure of bug report data with System privileges. No user interaction is required for exploitation, and the impact is limited to information discl...
CVE-2022-20543
CVE-2022-20543 affects Android-13 on Google Pixel devices. The issue is a display crash loop caused by improper input validation in multiple locations, enabling local denial of service with system execution privileges required. Exploitation is local with no user interaction. The Pixel bulletin in...
CVE-2022-20529
CVE-2022-20529 affects Android 13, specifically the WifiDialogActivity.java code, where a logic error can cause a limited lockscreen bypass and local escalation of privilege in wifi settings without user interaction. The CVE severity per the initial data is Low (CVSS v3.1: 2.4). No exploitation d...
CVE-2024-20045
CVE-2024-20045 concerns MediaTek devices where an incorrect calculation of audio buffer size enables an out-of-bounds read. This vulnerability could lead to local information disclosure with system privileges required; exploitation does not require user interaction. The patch referenced is ALPS08...
CVE-2024-20051
In flashc, an uncaught exception can cause a system crash, enabling local denial of service with system execution privileges required. No user interaction is needed. A patch is referenced (ALPS08541757; ALPS08541758).
CVE-2022-20261
The CVE-2022-20261 entry concerns the Android LocationManager component. A missing permission check could allow an attacker to obtain location information, causing local information disclosure. Exploitation requires System privileges but not user interaction, with a local attack vector. Affected ...
CVE-2022-20245
CVE-2022-20245 affects Android 13 and involves the WindowManager component. An insecure default value in WindowManager may allow a recorded lock-screen capture, leading to local information disclosure. Exploitation requires user interaction, and no additional execution privileges are needed. The ...
CVE-2022-33699
CVE-2022-33699 affects Samsung TelephonyUI’s getDsaSimImsi, where IMSI can be disclosed through logs due to insufficient protection in TelephonyUI. The issue is a local disclosure vulnerability, enabling a local attacker to access IMSI data. Affected component is Samsung TelephonyUI prior to SMR ...
CVE-2022-33720
CVE-2022-33720 concerns Samsung AppLock. The vulnerability is an improper authentication issue in AppLock prior to SMR Aug-2022 Release 1, which could let a physical attacker bypass the lock and access Chrome secured by AppLock via a new tap shortcut. Affected component: AppLock’s Chrome access c...
CVE-2021-0991
CVE-2021-0991 affects Android 12 via the OnMetadataChangedListener in AdvancedBluetoothDetailsHeaderController.java, causing a log information disclosure that could leak Bluetooth MAC addresses. The root cause is information disclosure through verbose/loggable data, enabling local information dis...
CVE-2022-36857
CVE-2022-36857 affects Samsung Photo Editor prior to SMR Sep-2022 Release 1. The root cause is improper authorization that allows physical attackers to read internal application data. Affected component is the Photo Editor within Samsung mobile devices running the referenced Software Maintenance ...
CVE-2022-33686
CVE-2022-33686 affects Samsung GsmAlarmManager where sensitive information (ICCID) can be disclosed via logs due to insufficient protection. The issue is local in scope and is tied to GsmAlarmManager behavior prior to the SMR July 2022 Release 1. Public descriptions in NVD/Red Hat/CNVD and relate...
CVE-2021-25335
Technical details about CVE-2021-25335 are not publicly available in the provided connected documents. No affected product/version specifics or exploitation details are given here. Monitor for updates from Samsung security advisories and NVD entries.
CVE-2022-20327
The CVE-2022-20327 entry concerns Android 13 where there is a vulnerability allowing retrieval of the WiFi SSID without location permissions due to a missing permission check. This enables local information disclosure with user execution privileges, and exploitation requires user interaction. The...
CVE-2015-6627
CVE-2015-6627 affects the Android Audio component prior to 5.1.1 LMY48Z and 6.0 before 2015-12-01. A crafted audio file could disclose sensitive information, demonstrated by gaining Signature or SignatureOrSystem access via the mediaserver/media framework path. The issue is categorized as an info...
CVE-2011-2343
Technical details about CVE-2011-2343 are not publicly provided in the connected documents. Monitor for updates.
CVE-2022-33693
The vulnerability CVE-2022-33693 affects Samsung Mobile CID Manager prior to the SMR July 2022 release, allowing a local attacker to access ICCID information via logs. The issue is described as an information disclosure originating from CID Manager logging behavior, with the impact limited to con...
CVE-2011-3975
CVE-2011-3975 involves an HTC update for Android 2.3.4 (build GRJ22) used with Sense on HTC EVO 3D, EVO 4G, ThunderBolt, and other devices. The HtcLoggers.apk component is exposed via android.permission.INTERNET and can be leveraged by user-assisted remote attackers to extract sensitive data, inc...
CVE-2019-20534
CVE-2019-20534 affects Samsung mobile devices running Android P (9.0). The issue allows an attacker to view the home-screen wallpaper by adjusting the brightness on a locked screen. The description repeatedly mirrors Samsung’s SVE-2019-15540 identifier; Red Hat and CNVD/EUVD/CVE records corrobora...
CVE-2018-21077
CVE-2018-21077 affects Samsung mobile devices running Android M(6.0), N(7.x), and O(8.x). The issue is a clipboard content disclosure in the locked state when the keyboard may be used during an emergency call. Samsung internal ID: SVE-2017-11107 (April 2018). Public details: CVSSv3.1 base score 2...
CVE-2016-11027
CVE-2016-11027 affects Samsung mobile devices running M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The entry provides the Samsung ID SVE-2016-7132 but does not specify exploit details, affected models, versions beyond Andro...
CVE-2018-21073
The CVE-2018-21073 entry affects Samsung mobile devices running N(7.x) and O(8.0) on Galaxy S9+/S9/S8+/S8/Note 8. The root issue is access to clipboard content in the locked state via the Edge panel, enabling potential information disclosure without unlocking the device. If present in connected d...
CVE-2017-18673
CVE-2017-18673 affects Samsung mobile devices running N(7.x) software. The issue allows an attacker to disable the Location service on a locked device, preventing the rightful owner from locating a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). Public documents do not provide details ...
CVE-2021-25513
CVE-2021-25513 affects the Apps Edge application prior to Samsung SMR Dec-2021 Release 1. The root cause is improper privilege management, enabling unauthorized access to certain lockscreen data. Impact is limited to exposure of device data on the lockscreen; CVSS scores (NVD 2.4/3.1, Low) reflec...
CVE-2021-25409
CVE-2021-25409 describes an improper access in the Notification setting prior to Samsung SMR June‑2021 Release 1, allowing physically proximate attackers to set arbitrary notifications by physically configuring the device. The NVD entry indicates a low overall impact (CVSS v2: AV:L/AC:L/Au:N/I:P/...
CVE-2020-11606
The CVE-2020-11606 entry concerns Samsung mobile devices running Q (10.0). Affected component is information exposure within the Secure Folder’s application preview on a locked device, leading to partial confidentiality impact. The root cause and exact vulnerable code path are not detailed in the...
CVE-2018-21046
CVE-2018-21046 affects Samsung mobile devices running O(8.x) software. The issue is a clipboard data exposure via the Emergency Dialer when a USB device is connected. The connected documents do not provide a concrete root cause, exploit details, or remediation steps. No public mitigation details ...
CVE-2019-20595
CVE-2019-20595 concerns Samsung mobile devices running P(9.0) where the Quick Panel can enable or disable the Bluetooth stack without authentication. Affected: Samsung mobile devices with P(9.0) software (as cited in the CVE records). Root cause: an insecure Quick Panel action allows state change...
CVE-2020-0029
CVE-2020-0029 affects Android 10 WifiConfigManager by allowing storage of location history that can only be erased via a factory reset. The issue enables local information disclosure with System-level privileges and requires no user interaction. The vulnerability is tied to the WifiConfigManager c...
CVE-2016-3888
CVE-2016-3888 affects Android 4.x (4.4.4+), 5.0.x (5.0.2+), 5.1.x (5.1.1+), 6.x (before 2016-09-01) and 7.0 (before 2016-09-01). The issue, in internal/telephony/SMSDispatcher.java, lets physically proximate attackers bypass Factory Reset Protection and trigger premium SMS sending during Setup Wi...
CVE-2019-20559
CVE-2019-20559 affects Samsung mobile devices running Android P (9.0). The vulnerability is in the Gallery application, permitting viewing of photos on the lock screen. The Samsung ID is SVE-2019-15055 (October 2019). The connected documents do not specify the exact root cause, vulnerable compone...
CVE-2020-11602
Technical details about CVE-2020-11602 are not publicly available in the provided documents. Monitor for updates from NVD/Red Hat/CVE sources as more information may be released.
CVE-2019-20598
The CVE-2019-20598 entry concerns Samsung mobile devices running O(8.x) software where Bixby can leak the keyboard’s learned words and clipboard contents through the lock screen. The vulnerability is documented with Samsung IDs SVE-2018-12896 and SVE-2018-12897. Connected records (e.g., Red Hat C...
CVE-2022-33700
CVE-2022-33700 affects Samsung TelephonyUI, specifically the putDsaSimImsi path. The vulnerability arises from inadequate protection of sensitive information in TelephonyUI, enabling a local attacker to read IMSI values via logs. The issue is rooted in information disclosure within the putDsaSimI...
CVE-2019-20579
Samsung reports a vulnerability in the Gallery app on Galaxy devices running N(7.x), O(8.x), and P(9.0) that allows attackers to enable location information sharing from the lock screen. The entry references Samsung ID SVE-2019-14462 (August 2019). No concrete exploit details, affected specific m...
CVE-2020-10830
The CVE-2020-10830 entry concerns Samsung mobile devices running P(9.0) and Q(10.0) software. In Lockdown mode, an attacker can view notifications by entering multiple PINs, impacting user privacy. The issue is documented with Samsung ID SVE-2019-16590 (March 2020). The provided metrics show a lo...
CVE-2026-0121
In VPU, a race condition enables a use-after-free read, causing local information disclosure without requiring privileges or user interaction. The issue is documented across multiple sources (NVD/Red Hat/OSV/ENISA/Android Pixel bulletin), with no publicly provided technical details on affected ve...
CVE-2026-0115
Technical details for CVE-2026-0115 are not publicly available in the provided documents. Monitor for updates.