Google: >> Android >> 10.0 Security Vulnerabilities
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-03-10
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
CVSS Score
4.1
EPSS Score
0.0
Published
2022-03-10
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-03-10
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-03-10
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
CVSS Score
4.2
EPSS Score
0.0
Published
2022-03-10
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
CVSS Score
7.9
EPSS Score
0.0
Published
2022-03-10
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
CVSS Score
4.1
EPSS Score
0.0
Published
2022-03-10
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-03-10
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-03-10
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-03-10