Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39850 | 1 Google | 1 Android | 2022-10-08 | N/A | 3.3 LOW |
Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||||
CVE-2022-39848 | 1 Google | 1 Android | 2022-10-08 | N/A | 3.3 LOW |
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | |||||
CVE-2022-39854 | 2 Google, Samsung | 2 Android, Exynos | 2022-10-08 | N/A | 7.8 HIGH |
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. | |||||
CVE-2022-39856 | 1 Google | 1 Android | 2022-10-08 | N/A | 3.3 LOW |
Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. | |||||
CVE-2020-8899 | 1 Google | 1 Android | 2022-10-06 | 10.0 HIGH | 9.8 CRITICAL |
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. | |||||
CVE-2020-6563 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Android and 3 more | 2022-10-05 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page. | |||||
CVE-2020-11875 | 1 Google | 1 Android | 2022-10-05 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020). | |||||
CVE-2021-0561 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Android | 2022-09-30 | 2.1 LOW | 5.5 MEDIUM |
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 | |||||
CVE-2022-0802 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-0804 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2022-09-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2021-39714 | 1 Google | 1 Android | 2022-09-28 | 4.6 MEDIUM | 7.8 HIGH |
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel | |||||
CVE-2021-25472 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 3.3 LOW |
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. | |||||
CVE-2021-25489 | 2 Google, Samsung | 2 Android, Exynos | 2022-09-23 | 4.9 MEDIUM | 5.5 MEDIUM |
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | |||||
CVE-2021-25518 | 1 Google | 1 Android | 2022-09-23 | 4.6 MEDIUM | 6.7 MEDIUM |
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2022-09-23 | 2.1 LOW | 2.4 LOW |
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | |||||
CVE-2021-25360 | 1 Google | 1 Android | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
CVE-2021-25361 | 1 Google | 1 Android | 2022-09-23 | 7.2 HIGH | 8.8 HIGH |
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications. | |||||
CVE-2021-25340 | 1 Google | 1 Android | 2022-09-23 | 2.1 LOW | 2.4 LOW |
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||||
CVE-2021-25385 | 1 Google | 1 Android | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. | |||||
CVE-2021-25383 | 1 Google | 1 Android | 2022-09-23 | 7.5 HIGH | 9.8 CRITICAL |
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. |