Google : Security Vulnerabilities, CVEs, CVSS score between 4 and 4.99
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728
Max CVSS
4.9
EPSS Score
0.04%
Published
2019-09-27
Updated
2019-10-02
In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663
Max CVSS
4.9
EPSS Score
0.04%
Published
2019-09-27
Updated
2019-10-02
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179
Max CVSS
4.9
EPSS Score
0.07%
Published
2019-09-27
Updated
2019-09-30
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895
Max CVSS
4.9
EPSS Score
0.07%
Published
2019-09-27
Updated
2019-09-30
In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure via compromised device firmware with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139740814
Max CVSS
4.9
EPSS Score
0.07%
Published
2020-06-11
Updated
2020-06-12
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582
Max CVSS
4.9
EPSS Score
0.07%
Published
2020-09-18
Updated
2020-09-21
In ged, there is a possible system crash due to an improper input validation. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Patch ID: ALPS05342338.
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-02-04
Updated
2021-02-23
In sendNetworkConditionsBroadcast of NetworkMonitor.java, there is a possible way for a privileged app to receive WiFi BSSID and SSID without location permissions due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-175213041
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-07-14
Updated
2022-07-12
In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-06-22
Updated
2021-06-25
In ccu, there is a possible out of bounds read due to incorrect error handling. This could lead to information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827145; Issue ID: ALPS05827145.
Max CVSS
4.9
EPSS Score
0.06%
Published
2021-09-27
Updated
2021-10-01
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-10-06
Updated
2021-10-13
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-10-06
Updated
2021-10-13
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
Max CVSS
4.9
EPSS Score
0.10%
Published
2021-10-06
Updated
2021-10-13
In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-05-03
Updated
2022-05-12
In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel
Max CVSS
4.9
EPSS Score
0.05%
Published
2022-06-15
Updated
2022-06-23
In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-06-15
Updated
2022-06-23
In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-06-15
Updated
2022-06-24
In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-06-15
Updated
2022-06-24
In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-233230674References: N/A
Max CVSS
4.9
EPSS Score
0.08%
Published
2022-12-16
Updated
2022-12-21
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562.
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-06-06
Updated
2022-06-13
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532.
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-06-06
Updated
2022-06-13
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946.
Max CVSS
4.9
EPSS Score
0.04%
Published
2022-06-06
Updated
2022-06-13
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
4.9
EPSS Score
0.06%
Published
2023-12-08
Updated
2024-03-12
In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
4.9
EPSS Score
0.06%
Published
2023-12-08
Updated
2024-03-12
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
Max CVSS
4.7
EPSS Score
0.41%
Published
2016-01-31
Updated
2018-10-30