Lucene search
+L
AndroidMost viewed

612 matches found

android
android
•added 2017/03/01 12:0 a.m.•53 views

CVE-2016-10200

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service use-after-free by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to...

6.9CVSS5.3AI score0.00296EPSS
Exploits0References3
android
android
•added 2016/05/01 12:0 a.m.•53 views

CVE-2015-0569

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlanhddwext.c in the WLAN aka Wi-Fi driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allows attackers to gain privileg...

9.3CVSS8.9AI score0.06468EPSS
Exploits4References2
android
android
•added 2011/01/06 12:0 a.m.•53 views

KillingInTheNameOf psneuter ashmem

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges...

7.2CVSS5.3AI score0.0032EPSS
Exploits1References4Affected Software1
android
android
•added 2018/04/01 12:0 a.m.•52 views

CVE-2017-13283

In avrcctrlparsvendorrsp of bluetooth avrcpctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions...

10CVSS6.9AI score0.02214EPSS
Exploits0References4Affected Software1
android
android
•added 2017/06/01 12:0 a.m.•52 views

CVE-2017-0637

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the...

9.3CVSS8.2AI score0.01486EPSS
Exploits0References4Affected Software1
android
android
•added 2016/11/01 12:0 a.m.•52 views

CVE-2016-2184

The createfixedstreamquirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service NULL pointer dereference or double free, and system crash via a crafted endpoints value in a USB device...

4.9CVSS5AI score0.01946EPSS
Exploits2References3
android
android
•added 2019/07/01 12:0 a.m.•51 views

CVE-2019-2330

...

4.9CVSS0.8AI score0.00177EPSS
Exploits0References3
android
android
•added 2019/04/01 12:0 a.m.•51 views

CVE-2018-11976

ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

4.9CVSS1.9AI score0.00204EPSS
Exploits0References3
android
android
•added 2015/03/12 12:0 a.m.•51 views

dhcpd buffer overrun

The specific flaw exists within the parsing of the DHCP options in a DHCP ACK packet. The vulnerability is triggered when the LENGTH of an option, when added to the current read position, exceeds the actual length of the DHCP options buffer. An attacker can leverage this vulnerability to execute...

6.8CVSS2.8AI score0.02652EPSS
Exploits0References3Affected Software1
android
android
•added 2019/04/01 12:0 a.m.•50 views

CVE-2019-2027

In floor0inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

9.3CVSS7.1AI score0.01224EPSS
Exploits0References4Affected Software1
android
android
•added 2019/04/01 12:0 a.m.•50 views

CVE-2018-13886

Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

10CVSS3.2AI score0.01112EPSS
Exploits0References2
android
android
•added 2018/09/01 12:0 a.m.•50 views

CVE-2018-9479

...

0.8AI score0.00368EPSS
Exploits0References4Affected Software1
android
android
•added 2018/09/01 12:0 a.m.•50 views

CVE-2017-18311

XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU...

7.2CVSS2.5AI score0.00208EPSS
Exploits0References2
android
android
•added 2016/11/01 12:0 a.m.•50 views

CVE-2015-8962

Double free vulnerability in the sgcommonwrite function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service memory corruption and system crash by detaching a device during an SGIO ioctl call...

9.3CVSS6.2AI score0.018EPSS
Exploits0References3
android
android
•added 2016/10/01 12:0 a.m.•50 views

CVE-2016-3928

The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384...

9.3CVSS9.1AI score0.00501EPSS
Exploits0References2
android
android
•added 2016/09/01 12:0 a.m.•50 views

CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

6.9CVSS6.3AI score0.00336EPSS
Exploits0References3
android
android
•added 2016/04/02 12:0 a.m.•50 views

CVE-2014-9322

arch/x86/kernel/entry64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment SS segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space...

7.2CVSS5.9AI score0.01447EPSS
Exploits8References13Affected Software1
android
android
•added 2016/03/01 12:0 a.m.•50 views

CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

7.2CVSS6.1AI score0.03646EPSS
Exploits14References2Affected Software1
android
android
•added 2013/09/24 12:0 a.m.•50 views

Defy republic init_runit

A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/initrunit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. Stack-based buffer overflow in the...

6.9CVSS5.7AI score0.00211EPSS
Exploits1References3Affected Software1
android
android
•added 2013/09/02 12:0 a.m.•50 views

levitator

Improper bounds checking in the PowerVR driver as used in versions of Android prior to 2.3.6 when copying user data to kernel memory allows a malicious local application to write to the same area of memory referenced in CVE-2011-1350, potentially allowing for arbitrary code execution and privileg...

7.1CVSS7.6AI score0.01109EPSS
Exploits3References4Affected Software1
android
android
•added 2012/12/28 12:0 a.m.•50 views

Diaggetroot

A vulnerability in the Qualcomm Innovation Center QuIC Diagnostics aka DIAG kernel-mode driver allows arbitrary code execution or denial of service via a call to diagcharioctl...

6.8CVSS5.8AI score0.03032EPSS
Exploits0References3Affected Software1
android
android
•added 2018/09/01 12:0 a.m.•49 views

CVE-2016-10394

...

0.8AI score0.00098EPSS
Exploits0References2
android
android
•added 2018/09/01 12:0 a.m.•49 views

CVE-2018-9478

...

0.8AI score0.00368EPSS
Exploits0References4Affected Software1
android
android
•added 2017/07/01 12:0 a.m.•49 views

CVE-2017-0681

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566...

9.3CVSS9.3AI score0.01096EPSS
Exploits0References4Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•49 views

Stagefright2

Meet Stagefright 2.0, a set of two vulnerabilities that manifest when processing specially crafted MP3 audio or MP4 video files. The first vulnerability in libutils impacts almost every Android device since version 1.0 released in 2008. We found methods to trigger that vulnerability in devices...

9.3CVSS3.8AI score0.03187EPSS
Exploits0References3Affected Software1
android
android
•added 2019/07/01 12:0 a.m.•48 views

CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

9.3CVSS7.1AI score0.01199EPSS
Exploits0References2Affected Software1
android
android
•added 2019/07/01 12:0 a.m.•48 views

CVE-2019-2322

...

9.3CVSS0.8AI score0.00903EPSS
Exploits0References2
android
android
•added 2018/08/01 12:0 a.m.•48 views

CVE-2017-18310

ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA66...

7.2CVSS2.1AI score0.0024EPSS
Exploits0References2
android
android
•added 2017/03/01 12:0 a.m.•48 views

CVE-2016-8488

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-31625756...

10CVSS6.9AI score0.01116EPSS
Exploits0References2
android
android
•added 2016/10/01 12:0 a.m.•48 views

CVE-2016-7117

Use-after-free vulnerability in the sysrecvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing...

10CVSS8.2AI score0.24299EPSS
Exploits0References3
android
android
•added 2018/11/01 12:0 a.m.•47 views

CVE-2017-18317

Restrictions related to the modem sim lock, sim kill can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A...

7.2CVSS4.5AI score0.00225EPSS
Exploits0References2
android
android
•added 2017/12/01 12:0 a.m.•47 views

CVE-2016-3706

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library aka glibc or libc6 allows remote attackers to cause a denial of service crash via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for...

5CVSS5.8AI score0.05926EPSS
Exploits1References4
android
android
•added 2017/05/01 12:0 a.m.•47 views

CVE-2016-10276

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

9.3CVSS9.3AI score0.006EPSS
Exploits0References4
android
android
•added 2016/11/01 12:0 a.m.•47 views

CVE-2016-6828

The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service tcpxmitretransmitqueue use-after-free and system crash via a crafted SACK option...

4.9CVSS4.4AI score0.01181EPSS
Exploits5References3
android
android
•added 2016/09/01 12:0 a.m.•47 views

CVE-2016-3134

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service heap memory corruption via an IPTSOSETREPLACE setsockopt call...

7.2CVSS6.1AI score0.01234EPSS
Exploits1References3
android
android
•added 2016/02/01 12:0 a.m.•47 views

CVE-2016-0801

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted wireless control message packets, aka internal bug 25662029...

8.3CVSS8.7AI score0.33367EPSS
Exploits4References4Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•47 views

CVE-2015-3876

libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a 1 MP3 or 2 MP4 file...

9.3CVSS8.1AI score0.03137EPSS
Exploits0References3Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•47 views

CVE-2015-6598

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23306638...

10CVSS8.9AI score0.01858EPSS
Exploits0References3Affected Software1
android
android
•added 2013/04/08 12:0 a.m.•47 views

Motochopper

Integer overflow in the fbmmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9 QCIR-2013-00004-1...

6.9CVSS3.8AI score0.03373EPSS
Exploits1References3Affected Software1
android
android
•added 2019/07/01 12:0 a.m.•46 views

CVE-2019-2327

...

10CVSS0.8AI score0.0093EPSS
Exploits0References2
android
android
•added 2019/06/01 12:0 a.m.•46 views

CVE-2019-2287

...

7.5CVSS0.8AI score0.00937EPSS
Exploits0References4
android
android
•added 2019/03/01 12:0 a.m.•46 views

CVE-2019-2009

In l2clccprocpdu of l2cfcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0...

8.3CVSS6.8AI score0.0061EPSS
Exploits0References4Affected Software1
android
android
•added 2019/03/01 12:0 a.m.•46 views

CVE-2017-8252

Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdrago...

4.9CVSS1.9AI score0.00224EPSS
Exploits0References3
android
android
•added 2019/02/01 12:0 a.m.•46 views

CVE-2019-1988

In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in systemserver with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0...

9.3CVSS7.1AI score0.0191EPSS
Exploits0References4Affected Software1
android
android
•added 2016/04/02 12:0 a.m.•46 views

CVE-2016-0842

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation MMCO data, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 25818142...

10CVSS8.6AI score0.01667EPSS
Exploits0References3Affected Software1
android
android
•added 2016/02/01 12:0 a.m.•46 views

CVE-2016-0805

The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204...

7.2CVSS7.8AI score0.00435EPSS
Exploits0References2Affected Software1
android
android
•added 2015/11/01 12:0 a.m.•46 views

CVE-2015-6608

mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658148, a different vulnerability than...

10CVSS8.7AI score0.02359EPSS
Exploits0References8Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•46 views

CVE-2015-6602

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a 1 MP3 or 2 MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x...

9.3CVSS8.5AI score0.03187EPSS
Exploits0References4Affected Software1
android
android
•added 2019/07/01 12:0 a.m.•45 views

CVE-2019-2254

...

7.5CVSS0.8AI score0.00733EPSS
Exploits0References2
android
android
•added 2019/04/01 12:0 a.m.•45 views

CVE-2018-11940

Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD...

10CVSS2.5AI score0.00945EPSS
Exploits0References4
Total number of security vulnerabilities612