Lucene search
+L
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/06/06 2:0 p.m.52 views

CVE-2014-9943

CVE-2014-9943: In Core Kernel in CAF Android builds using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. The available connected documents describe this as a Core Kernel issue with a Null Pointer Dereference, affecting Android CAF/Linux kernel code paths, and ...

9.3CVSS7.1AI score0.00464EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.52 views

CVE-2014-9969

CVE-2014-9969 concerns Qualcomm GPS client cryptography on Android CAF builds using the Linux kernel, where the GPS client may use an insecure cryptographic algorithm. Connected documents corroborate this description (Android/Qualcomm stack). The provided sources do not include concrete patch ver...

10CVSS8.8AI score0.00415EPSS
CVE
CVE
added 2015/02/16 12:0 a.m.52 views

CVE-2015-1474

CVE-2015-1474 affects Android up to version 5.0, specifically the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp. The vulnerability arises from multiple integer overflows that can be triggered by inputs with a large number of file descriptors or large in...

10CVSS7.4AI score0.0374EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.52 views

CVE-2015-3861

CVE-2015-3861 targets Android mediaserver (libstagefright) via the Matroska MatroskaExtractor.cpp path. Multiple integer overflows in addVorbisCodecInfo cause memory corruption leading to a denial of service (device inoperability) when processing crafted Matroska data, affecting Android versions ...

5CVSS6.7AI score0.00818EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.52 views

CVE-2015-6599

CVE-2015-6599 affects libstagefright in Android prior to 5.1.1 LMY48T. A crafted media file can cause memory corruption in mediaserver, enabling remote code execution or a denial of service. The Android Nexus bulletin notes patches for builds after LMY48T (5.1.1+) and advises updating to at least...

10CVSS7.8AI score0.01858EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.52 views

CVE-2015-6629

CVE-2015-6629: Android 5.x before 5.1.1 LMY48Z contains a Wi‑Fi information disclosure flaw. The issue allows attackers to obtain sensitive information via unspecified vectors, demonstrated by access to Signature or SignatureOrSystem, per the description. The linked Android security bulletin indi...

5CVSS6.2AI score0.00435EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.52 views

CVE-2015-8937

CVE-2015-8937 concerns a privilege-escalation vulnerability in the Qualcomm component used by Android on Nexus devices (Nexus 5/6/7, 2013) due to mishandling a socket in drivers/char/diag/diagchar_core.c. The flaw allows a crafted application to gain privileges within the device context. Root cau...

7.8CVSS7.5AI score0.00466EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.52 views

CVE-2015-8938

CVE-2015-8938 affects the MSM camera driver in Qualcomm components on Nexus 6 devices, where input parameter validation is incomplete, enabling privilege escalation via a crafted application. The issue is documented across multiple sources (e.g., CNVD-2016-06244) as a Nexus 6 privilege-acquisitio...

9.3CVSS7.5AI score0.00544EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.52 views

CVE-2015-8941

CVE-2015-8941 affects Qualcomm components within Android on Nexus 6 and Nexus 7 (2013). The issue is in drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c where array index validation is improper, allowing a local attacker with a crafted app to gain privileges. The report notes an Androi...

9.3CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.52 views

CVE-2015-8996

CVE-2015-8996 describes a time-of-check time-of-use race condition in a TrustZone QFPROM routine affecting Android builds from CAF using the Linux kernel. The issue centers on the TrustZone protected QFPROM path; the root cause is a TOCTOU race in the QFPROM routine, potentially enabling incorrec...

7.6CVSS6.7AI score0.00443EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.52 views

CVE-2015-9001

Technical details, affected components, and remediation for CVE-2015-9001 are not publicly provided in the connected documents. Monitor updates from NVD/Android sources.

5.5CVSS5.5AI score0.00505EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.52 views

CVE-2016-0843

The CVE-2016-0843 issue affects the Qualcomm ARM processor performance-event manager used by Android. The vulnerability allows a locally executed, crafted application to elevate privileges to the kernel, described as an internal bug 25801197. Affected Android versions include 4.x prior to 4.4.4, ...

8.4CVSS7.8AI score0.00207EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.52 views

CVE-2016-10335

CVE-2016-10335 involves Android CAF builds; connected documents indicate that the Linux kernel usage within CAF Android releases involves an update to libtomcrypt. The available sources do not provide explicit vulnerability details, affected vendor/product version ranges, root cause analysis, exp...

5.5CVSS5.6AI score0.00467EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.52 views

CVE-2016-10338

Technical details about CVE-2016-10338 are not publicly provided in the connected documents. The available descriptions simply note an RPMB processing issue in CAF Android kernels. Monitor for updates; no specifics on impact, affected versions, or fixes are provided.

9.3CVSS7.3AI score0.00578EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.52 views

CVE-2016-10340

CVE-2016-10340 affects CAF Android releases that use the Linux kernel, with an issue described as an integer underflow in a syscall handler that leads to a buffer overflow. The documents provided confirm the vulnerability description but do not give specific product/vendor versions, affected kern...

9.3CVSS7.6AI score0.00625EPSS
CVE
CVE
added 2020/04/07 1:45 p.m.52 views

CVE-2016-11029

CVE-2016-11029 affects Samsung mobile devices on L(5.0/5.1), M(6.0), and N(7.0). The vulnerability arises from an unprotected intent that allows attackers to read the Mobile Hotspot password from logs. The description in multiple sources confirms the root cause and the impact: disclosure of hotsp...

7.5CVSS7.6AI score0.00397EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.52 views

CVE-2016-2416

CVE-2016-2416 is an information-disclosure flaw in Android mediaserver where libs/gui/BufferQueueConsumer.cpp does not check android.permission.DUMP, enabling a dump request to bypass protection and obtain signatures. Affected: Mediaserver component in Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, ...

10CVSS7.9AI score0.01058EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.52 views

CVE-2016-2452

CVE-2016-2452 affects Android mediaserver (libstagefright) — specifically codecs/amrnb/dec/SoftAMR.cpp — where buffer sizes are not properly validated. The issue resides in the AMR-NB decoding path and can allow a local attacker to escalate privileges to Signature or SignatureOrSystem by deliveri...

9.3CVSS7.7AI score0.00492EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.52 views

CVE-2016-2464

CVE-2016-2464 affects libvpx/libwebm in android mediaserver. A crafted MKV file can trigger memory corruption, enabling remote code execution or a denial of service. Affected: Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01. Root cause unspecified in pr...

9.3CVSS8AI score0.01753EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.52 views

CVE-2016-2499

Technical details (affected products, root cause, remediation) are not publicly provided in the supplied documents for CVE-2016-2499. Monitor for updates.

5.5CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.52 views

CVE-2016-3856

CVE-2016-3856 affects Android’s netd daemon, where versions prior to 2016-08-05 mishandle tethering and stdio streams. The root cause is a handling flaw in tethering/stdio data processing, which can be exploited by a crafted application to cause a denial of service and potentially other unspecifi...

7.8CVSS7.8AI score0.00474EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.52 views

CVE-2016-3876

CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...

7.2CVSS6.7AI score0.00203EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.52 views

CVE-2016-3885

The CVE-2016-3885 entry concerns the Android debuggerd (Debuggerd) component, specifically debuggerd/debuggerd.cpp. The root cause is a mishandling of the interaction between PTRACE_ATTACH operations and thread exits in Debuggerd, which can allow a privileged escalation when a crafted app is run ...

9.3CVSS7.5AI score0.01214EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.52 views

CVE-2016-3924

Technical details beyond the initial description are not provided in the connected documents. Public information about affected products, specific versions, root cause, or patch status is not available here. Monitor for updates and new disclosures.

5.5CVSS5.8AI score0.00454EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.52 views

CVE-2016-3928

CVE-2016-3928 concerns the MediaTek video driver in Android prior to the 2016-10-05 patch level. The issue is an elevation of privilege: a local, crafted application could gain elevated privileges. The entry explicitly notes Android internal bug 30019362 and MediaTek internal bug ALPS02829384. No...

9.3CVSS7.6AI score0.00501EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.52 views

CVE-2016-3933

Summary (CVE-2016-3933): Elevation of privilege in Mediaserver on Android allowed a crafted application to gain privileged execution. Affected devices include Nexus 9 and Pixel C. The issue is described in Android security bulletins as part of the October 2016 patch set, with security patch level...

9.3CVSS8AI score0.00411EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.52 views

CVE-2016-6678

Summary: CVE-2016-6678 affects the Motorola USBNet driver on Nexus 6 devices running Android prior to 2016-10-05. Vulnerability: The issue is an information-disclosure flaw in the USBNet driver that could allow a local malicious application to access data outside its normal permissions. Root caus...

5.5CVSS5.8AI score0.00475EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.52 views

CVE-2016-6689

CVE-2016-6689 affects the Android kernel Binder path. The description explicitly states that Binder in the kernel on Android devices (notably Nexus) prior to 2016-10-05 can allow a crafted application to obtain sensitive information, i.e., an information-disclosure vulnerability in the Binder sub...

5.5CVSS5.6AI score0.02EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.52 views

CVE-2016-6702

CVE-2016-6702 describes a remote code execution vulnerability in the libjpeg library used by Android. The issue allows an attacker to run arbitrary code in the context of an unprivileged process by feeding a specially crafted file. Affected Android versions are 4.x prior to 4.4.4, 5.0.x prior to ...

7.8CVSS7.7AI score0.01054EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.52 views

CVE-2016-6705

CVE-2016-6705 is an elevation of privilege in Android’s Mediaserver. The issue could let a local malicious app execute arbitrary code within the context of a privileged process. Affected Android versions are 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01....

9.3CVSS7.7AI score0.00751EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.52 views

CVE-2016-6707

CVE-2016-6707 affects Android System Server with a local privilege-escalation via ashmem-backed Bitmaps. The issue stems from mismatched memory sizes: ashmem (ASHMEM_SET_SIZE) defines the region size, but memory mappings (mmap) in Parcel::readBlob use a bitmap-derived len, and Bitmap creation sto...

9.3CVSS7.4AI score0.0415EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.52 views

CVE-2016-6717

CVE-2016-6717 corresponds to an elevation-of-privilege in Android’s Mediaserver. A local malicious app could execute code in a privileged process due to memory/parameter handling in Mediaserver when processing media data. Affected Android versions span 4.x up to 7.0 (pre-2016-11-01 and pre-2016-1...

7.6CVSS7AI score0.00645EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.52 views

CVE-2016-6783

CVE-2016-6783 is an elevation-of-privilege issue in the MediaTek driver on Android that could allow a local malicious app to execute arbitrary code in the kernel context. The vulnerability requires compromising a privileged process. Affected component: MediaTek driver in Android; Android ID A-313...

9.3CVSS6.8AI score0.00559EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.52 views

CVE-2016-7991

The CVE affects Samsung Galaxy S4 through S7 devices where the omacp app ignores security information embedded in OMACP messages. This allows remote unsolicited WAP Push SMS messages to be accepted, parsed, and acted upon, leading to unauthorized configuration changes. Root cause is the omacp han...

7.8CVSS7.2AI score0.00492EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.52 views

CVE-2017-0478

CVE-2017-0478 describes a remote code execution in the Android Framesequence library. A crafted file could cause an unprivileged process to execute arbitrary code within the attacker’s control. Affected Android versions include 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The available sources confi...

7.8CVSS7.5AI score0.0184EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.52 views

CVE-2017-0560

CVE-2017-0560 is an information-disclosure vulnerability in the Android factory reset process that could allow a local attacker to access data from the previous owner. The NVD description lists affected Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1, with Android ID A-30681079. ...

5.5CVSS5.3AI score0.00479EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.52 views

CVE-2017-0593

CVE-2017-0593 is an elevation of privilege vulnerability in Android Framework APIs that could allow a local malicious application to obtain access to custom permissions. Affected products/versions identified in the connected documents include Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID:...

9.3CVSS6.9AI score0.00456EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.52 views

CVE-2017-0601

CVE-2017-0601 is an Elevation of Privilege in Android Bluetooth, affecting Android 7.0/7.1.1/7.1.2 via the Bluetooth Share provider (content://com.android.bluetooth.opp/btopp). The vulnerability arises because an untrusted app could broadcast an ACCEPT action to the BluetoothOppReceiver, changing...

5.5CVSS5.2AI score0.00383EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.52 views

CVE-2017-0671

CVE-2017-0671: A remote code execution vulnerability in the Android libraries affecting Android 4.4.4 (Library component). The available documents confirm RCE in the Libraries area of Android 4.4.4, but do not provide the exact root cause details, affected subcomponents, or concrete exploit vecto...

9.3CVSS7.7AI score0.00913EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.52 views

CVE-2017-0690

CVE-2017-0690 is a DoS vulnerability in Android’s media framework. Connected CNVD/NVD entries describe a denial of service that can be triggered by a remote attacker, with the backreference triggering a null pointer scenario. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,...

5.5CVSS5.6AI score0.00283EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.52 views

CVE-2017-0730

CVE-2017-0730 is described as a denial-of-service in the Android media framework h264 decoder affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected CNVD entry reiterates a DoS in the Media framework h264 decoder, but the provided documents do not specify the root cause, affected file...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.52 views

CVE-2017-0736

CVE-2017-0736 affects Android’s media framework libavc and is a DoS vulnerability in the component used for multimedia. Affected products/versions include Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The available connected sources describe the issue as a denial of service without detailing the exa...

7.1CVSS5.6AI score0.00331EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.52 views

CVE-2017-0746

CVE-2017-0746 is a privilege-escalation in the Qualcomm IPA driver within the Android kernel. The vulnerability affects Android before patched releases (Android 7.1.2 and earlier per CNVD-2017-23419), with a remote attacker able to exploit to gain privileges. Patches were released as part of the ...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2018/04/05 6:0 p.m.52 views

CVE-2017-0748

CVE-2017-0748 is an information-disclosure vulnerability in the Qualcomm audio driver affecting Android kernel. The issue is documented as an Android/Qualcomm component problem with Android ID A-35764875. Public references include QC-CR#2029798. The NVD entry confirms a partial confidentiality im...

5.3CVSS5.3AI score0.00432EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.52 views

CVE-2017-0789

CVE-2017-0789 is a local Elevation of Privilege in the Broadcom Wi‑Fi driver used by Android kernel. The vulnerability allows an attacker to gain elevated privileges within the device. Public references in the provided documents confirm Broadcom Wi‑Fi driver as the vulnerable component and Androi...

8.8CVSS8.6AI score0.00279EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.52 views

CVE-2017-0801

CVE-2017-0801 is a local elevation-of-privilege issue in MediaTek libmtkomxvdec (LibMtkOmxVdec) used by Android kernels. It’s classified as EoP (High) and is addressed in the Android/MediaTek stack by vendor patches released to AOSP; remediation is to apply the patched Android build or vendor upd...

9.3CVSS8AI score0.00416EPSS
CVE
CVE
added 2017/08/24 12:0 a.m.52 views

CVE-2017-0805

CVE-2017-0805 is an elevation-of-privilege vulnerability in the Android media framework (libstagefright) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0–6.0.1, 7.0, 7.1.1, 7.1.2. The issue allows local attackers to gain high privileges within a privileged process through media handling, as in...

9.3CVSS7.3AI score0.00434EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.52 views

CVE-2017-0835

CVE-2017-0835 is a remote code execution vulnerability in the Android media framework (libmpeg2) affecting Android 6.0–8.0. The issue is documented in the 2017-11 Android bulletin as exploitable by a specially crafted media file, with high impact (remote code execution) in a privileged context. A...

9.3CVSS7.7AI score0.01311EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.52 views

CVE-2017-0862

CVE-2017-0862 is an elevation of privilege in the Android upstream kernel (Kernel component). The connected records consistently describe it as a Kernel EoP issue affecting the Android kernel; no specific vulnerable version ranges or fixed versions are provided in the supplied documents. The mate...

7.8CVSS7.2AI score0.00165EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.52 views

CVE-2017-0876

CVE-2017-0876 is a remote code execution vulnerability in Android’s media framework (libavc) affecting Android 6.0. The Android bulletin groups it under the Media framework RCE family (CVE-2017-0872/0876/0877/0878/13151) and notes that security patches at 2017-12-01 or newer (and 2017-12-05 for s...

9.3CVSS8.4AI score0.01437EPSS
Total number of security vulnerabilities8153