Lucene search
+L
AndroidMost viewed

612 matches found

android
android
•added 2017/04/01 12:0 a.m.•39 views

CVE-2015-8995

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel...

9.3CVSS8.3AI score0.00606EPSS
Exploits0References2
android
android
•added 2017/04/01 12:0 a.m.•39 views

CVE-2014-9931

A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value...

9.3CVSS5.9AI score0.0063EPSS
Exploits0References2
android
android
•added 2017/04/01 12:0 a.m.•39 views

CVE-2014-9934

A PKCS1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding...

9.3CVSS8.3AI score0.00369EPSS
Exploits0References2
android
android
•added 2017/03/01 12:0 a.m.•39 views

CVE-2016-8485

An information disclosure vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823681...

5CVSS4AI score0.00745EPSS
Exploits0References2
android
android
•added 2017/01/01 12:0 a.m.•39 views

CVE-2016-8423

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

9.3CVSS9.3AI score0.00601EPSS
Exploits0References3
android
android
•added 2016/12/01 12:0 a.m.•39 views

CVE-2015-8966

arch/arm/kernel/sysoabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted 1 FOFDGETLK, 2 FOFDSETLK, or 3 FOFDSETLKW command in an fcntl64 system call...

7.2CVSS7AI score0.00535EPSS
Exploits0References3
android
android
•added 2016/12/01 12:0 a.m.•39 views

CVE-2016-6917

Buffer overflow in nvhostjob.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5...

7.2CVSS6.3AI score0.00448EPSS
Exploits0References2
android
android
•added 2016/11/01 12:0 a.m.•39 views

CVE-2016-6699

A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code...

9.3CVSS5.4AI score0.0132EPSS
Exploits0References3Affected Software1
android
android
•added 2016/11/01 12:0 a.m.•39 views

CVE-2016-6734

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

9.3CVSS9AI score0.00686EPSS
Exploits0References2
android
android
•added 2016/02/01 12:0 a.m.•39 views

CVE-2016-0806

The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453...

7.2CVSS9AI score0.00207EPSS
Exploits0References2Affected Software1
android
android
•added 2015/12/01 12:0 a.m.•39 views

CVE-2015-6633

The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23987307...

9.3CVSS8.6AI score0.01837EPSS
Exploits0References2Affected Software1
android
android
•added 2019/07/01 12:0 a.m.•38 views

CVE-2019-2111

In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9...

7.5CVSS5.9AI score0.00842EPSS
Exploits0References5Affected Software1
android
android
•added 2019/05/01 12:0 a.m.•38 views

CVE-2019-2255

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

10CVSS2.4AI score0.01529EPSS
Exploits0References2
android
android
•added 2019/05/01 12:0 a.m.•38 views

CVE-2018-5912

Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660...

7.2CVSS3.4AI score0.00228EPSS
Exploits0References3
android
android
•added 2019/04/01 12:0 a.m.•39 views

CVE-2018-11271

Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607,...

7.5CVSS1.9AI score0.00807EPSS
Exploits0References2
android
android
•added 2019/03/01 12:0 a.m.•38 views

CVE-2019-1989

In ih264dfmtconv420spto420p of ih264dformatconv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0...

9.3CVSS6.8AI score0.0137EPSS
Exploits0References3Affected Software1
android
android
•added 2018/12/01 12:0 a.m.•38 views

CVE-2017-18141

When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206,...

7.2CVSS2.6AI score0.00223EPSS
Exploits0References2
android
android
•added 2018/08/01 12:0 a.m.•38 views

CVE-2017-18296

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD...

7.2CVSS3.8AI score0.0026EPSS
Exploits0References2
android
android
•added 2018/06/01 12:0 a.m.•38 views

CVE-2017-18155

While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, an uninitialized variable can be used leading to a kernel fault...

4.6CVSS2.4AI score0.00226EPSS
Exploits0References2
android
android
•added 2018/06/01 12:0 a.m.•38 views

CVE-2018-5146

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...

6.8CVSS2.6AI score0.12054EPSS
Exploits0References3Affected Software1
android
android
•added 2018/04/01 12:0 a.m.•38 views

CVE-2017-13276

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

6.8CVSS7.4AI score0.00693EPSS
Exploits0References4Affected Software1
android
android
•added 2018/04/01 12:0 a.m.•38 views

CVE-2017-15822

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur...

8.3CVSS5.2AI score0.00379EPSS
Exploits0References3
android
android
•added 2018/01/01 12:0 a.m.•38 views

CVE-2017-13208

In receivepacket of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS7.5AI score0.08533EPSS
Exploits0References4Affected Software1
android
android
•added 2017/12/01 12:0 a.m.•38 views

CVE-2016-4429

Stack-based buffer overflow in the clntudpcall function in sunrpc/clntudp.c in the GNU C Library aka glibc or libc6 allows remote servers to cause a denial of service crash or possibly unspecified other impact via a flood of crafted ICMP and UDP packets...

4.3CVSS6.6AI score0.03922EPSS
Exploits0References4
android
android
•added 2017/12/01 12:0 a.m.•38 views

CVE-2017-0876

A remote code execution vulnerability in the Android media framework libavc. Product: Android. Versions: 6.0. Android ID A-64964675...

9.3CVSS9.1AI score0.01437EPSS
Exploits0References2Affected Software1
android
android
•added 2017/11/01 12:0 a.m.•38 views

CVE-2017-11015

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIRMACAUTHCHALLENGELENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge text of length up to 253 bytes, but the drive...

9.3CVSS3.2AI score0.00502EPSS
Exploits0References5
android
android
•added 2017/09/01 12:0 a.m.•38 views

CVE-2017-0756

A remote code execution vulnerability in the Android media framework libstagefright. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073...

9.3CVSS7.9AI score0.00824EPSS
Exploits0References3Affected Software1
android
android
•added 2017/05/01 12:0 a.m.•38 views

CVE-2014-9927

In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist...

9.3CVSS8AI score0.00402EPSS
Exploits0References2
android
android
•added 2017/05/01 12:0 a.m.•38 views

CVE-2017-0592

A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution...

9.3CVSS7.5AI score0.01532EPSS
Exploits0References3Affected Software1
android
android
•added 2017/04/01 12:0 a.m.•38 views

CVE-2015-8998

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel...

9.3CVSS8.3AI score0.00606EPSS
Exploits0References2
android
android
•added 2017/03/01 12:0 a.m.•38 views

CVE-2017-0503

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical...

9.3CVSS7.4AI score0.00806EPSS
Exploits0References3
android
android
•added 2017/03/01 12:0 a.m.•38 views

CVE-2017-0306

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

9.3CVSS9.8AI score0.01741EPSS
Exploits0References3
android
android
•added 2017/03/01 12:0 a.m.•38 views

CVE-2016-9806

Race condition in the netlinkdump function in net/netlink/afnetlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service double free or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation...

7.2CVSS5AI score0.00365EPSS
Exploits0References3
android
android
•added 2017/03/01 12:0 a.m.•38 views

CVE-2016-8487

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724...

10CVSS6.9AI score0.01116EPSS
Exploits0References2
android
android
•added 2017/02/01 12:0 a.m.•38 views

CVE-2017-0430

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing t...

9.3CVSS9.5AI score0.00888EPSS
Exploits0References2
android
android
•added 2017/01/01 12:0 a.m.•38 views

CVE-2016-8438

Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass Peripheral Image Loader PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR1023638...

10CVSS4.6AI score0.02251EPSS
Exploits0References2
android
android
•added 2017/01/01 12:0 a.m.•38 views

CVE-2016-8482

An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482...

7.2CVSS7.4AI score0.00211EPSS
Exploits0References3
android
android
•added 2016/12/01 12:0 a.m.•38 views

CVE-2016-6777

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

9.3CVSS9.8AI score0.0179EPSS
Exploits0References2
android
android
•added 2016/06/01 12:0 a.m.•38 views

CVE-2016-2474

The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603...

9.3CVSS9.2AI score0.00502EPSS
Exploits0References2
android
android
•added 2016/04/02 12:0 a.m.•38 views

CVE-2016-1503

dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a malform...

10CVSS8.2AI score0.06344EPSS
Exploits0References3Affected Software1
android
android
•added 2016/02/01 12:0 a.m.•38 views

CVE-2016-0802

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted wireless control message packets, aka internal bug 25306181...

8.3CVSS8.7AI score0.01701EPSS
Exploits0References3Affected Software1
android
android
•added 2016/01/01 12:0 a.m.•38 views

CVE-2015-6638

The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908...

9.3CVSS8AI score0.00473EPSS
Exploits0References2Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•38 views

CVE-2015-3823

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 21335999...

10CVSS8.9AI score0.022EPSS
Exploits0References3Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•38 views

CVE-2015-6599

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23416608...

10CVSS8.9AI score0.01858EPSS
Exploits0References3Affected Software1
android
android
•added 2015/10/01 12:0 a.m.•38 views

CVE-2014-9028

Heap-based buffer overflow in streamdecoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file...

7.5CVSS8.7AI score0.09849EPSS
Exploits0References4Affected Software1
android
android
•added 2015/08/01 12:0 a.m.•38 views

CVE-2015-3836

The Parsewave function in arm-wt-22k/libsrc/easmdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via crafted XMF...

10CVSS8.7AI score0.02804EPSS
Exploits0References3Affected Software1
android
android
•added 2014/06/23 12:0 a.m.•38 views

keystore buffer

Stack-based buffer overflow in the encodekey function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name...

5.1CVSS7AI score0.01757EPSS
Exploits1References4Affected Software1
android
android
•added 2011/07/31 12:0 a.m.•38 views

Browser Cross-App Scripting

Android browser could be tricked into running javascript in the domain of a different app...

4.3CVSS1.8AI score0.04615EPSS
Exploits3References3Affected Software1
android
android
•added 2019/06/01 12:0 a.m.•37 views

CVE-2019-2269

...

7.5CVSS0.8AI score0.00738EPSS
Exploits0References3
android
android
•added 2019/06/01 12:0 a.m.•37 views

CVE-2019-2093

In huffdec1D of nlcdec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-119292397...

9.3CVSS7AI score0.01153EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities612