Android OS Security Vulnerabilities
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2...
6.5CVSS
6.2AI Score
0.001EPSS
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...
6.3CVSS
6.9AI Score
0.001EPSS
Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local...
5CVSS
4.5AI Score
0.0004EPSS
Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.8AI Score
0.001EPSS
Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.8AI Score
0.0005EPSS
Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network...
6.5CVSS
6.3AI Score
0.0004EPSS
Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network...
7.2CVSS
7.1AI Score
0.001EPSS
Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network...
8.8CVSS
8.9AI Score
0.001EPSS
Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network...
7.5CVSS
7.4AI Score
0.001EPSS
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network...
6.5CVSS
6.3AI Score
0.0004EPSS
Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local...
4.4CVSS
4.5AI Score
0.0004EPSS
Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local...
4.4CVSS
4.5AI Score
0.0004EPSS
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local...
5.5CVSS
5.1AI Score
0.0004EPSS
In cmd services, there is a OS command injection issue due to missing permission check. This could lead to local escalation of privilege with system execution privileges...
6.7CVSS
7AI Score
0.0004EPSS
FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the.....
6.3AI Score
0.001EPSS
Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows remote attackers to gain admin privilege access in linkplay...
9.8CVSS
9.5AI Score
0.004EPSS
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most....
5.3CVSS
5.2AI Score
0.001EPSS
cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash. This vulnerability occurred...
6.2CVSS
5.3AI Score
0.0004EPSS
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat's "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat's "link preview" feature, a malicio...
6.1CVSS
6.3AI Score
0.001EPSS
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4,...
7.5CVSS
8AI Score
0.002EPSS
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before...
9.8CVSS
9.2AI Score
0.004EPSS
JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and...
5.3CVSS
5.3AI Score
0.001EPSS
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download'...
6.1CVSS
6AI Score
0.001EPSS
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise...
7.9CVSS
7.6AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt6883. Attackers can change some of the NvRAM content by leveraging the misconfiguration of a debug command. The LG ID is LVE-SMP-210005 (August...
3.3CVSS
4.3AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April...
7.1CVSS
6.9AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-210002 (April...
5.5CVSS
5.6AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March...
6.8CVSS
6.5AI Score
0.0005EPSS
An issue was discovered on LG Wing mobile devices with Android OS 10 software. The biometric sensor has weak security properties. The LG ID is LVE-SMP-200030 (February...
9.8CVSS
9.3AI Score
0.001EPSS
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February...
9.8CVSS
9.2AI Score
0.001EPSS
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. In preloaded applications, the HostnameVerified default is mishandled. The LG ID is LVE-SMP-200029 (February...
9.8CVSS
9.2AI Score
0.001EPSS
Insufficient policy enforcement in networking in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially bypass firewall controls via a crafted HTML...
8.8CVSS
8AI Score
0.001EPSS
An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protection for the MTK protect2 partition. The LG ID is LVE-SMP-200028 (January...
5.5CVSS
5.7AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December...
7.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December...
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System services may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200024 (November...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may crash because of the lack of a NULL parameter check. The LG ID is LVE-SMP-200025 (November...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software. The Network Management component could allow an unauthorized actor to kill a TCP connection. The LG ID is LVE-SMP-200023 (October...
7.5CVSS
7.4AI Score
0.001EPSS
An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October...
7.5CVSS
7.4AI Score
0.001EPSS