Lucene search

K
GoogleAndroid

7579 matches found

CVE
CVE
added 2018/03/15 9:29 p.m.37 views

CVE-2017-15821

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite.

7.8CVSS7.2AI score0.00028EPSS
CVE
CVE
added 2018/12/07 2:29 p.m.37 views

CVE-2017-15835

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.

6.5CVSS6.3AI score0.00038EPSS
CVE
CVE
added 2018/04/03 5:29 p.m.37 views

CVE-2017-15853

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is inval...

5.3CVSS5AI score0.00091EPSS
CVE
CVE
added 2018/03/15 9:29 p.m.37 views

CVE-2017-18056

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read.

7.8CVSS7.1AI score0.00016EPSS
CVE
CVE
added 2018/03/16 10:29 p.m.37 views

CVE-2017-18066

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().

7.8CVSS7.1AI score0.00016EPSS
CVE
CVE
added 2020/04/08 1:15 p.m.37 views

CVE-2017-18646

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).

4.6CVSS5AI score0.00018EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18654

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0, 7.1) software. An unauthenticated attacker can register a new security certificate. The Samsung ID is SVE-2017-9659 (September 2017).

7.5CVSS7.6AI score0.00131EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18662

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 (July 2017).

7.5CVSS7.6AI score0.00123EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18664

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017).

7.5CVSS7.5AI score0.00114EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18669

An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).

7.5CVSS7.6AI score0.00081EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18672

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).

5.5CVSS5.5AI score0.00015EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18673

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).

2.4CVSS4.1AI score0.00019EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18676

An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software. There is an RKP kernel protection bypass (in which unwanted memory mappings may occur) because of a lack of MSR trapping. The Samsung ID is SVE-2016-7901 (April 2017).

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.37 views

CVE-2017-18678

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. An attacker can crash system processes via a Serializable object because of missing exception handling. The Samsung IDs are SVE-2017-8109, SVE-2017-8110, SVE-2017-8115, SVE-2017-8118, and SVE-20...

7.5CVSS7.5AI score0.00113EPSS
CVE
CVE
added 2017/11/14 4:29 p.m.37 views

CVE-2017-6274

An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274.

9.8CVSS8.2AI score0.00141EPSS
CVE
CVE
added 2018/05/10 2:29 p.m.37 views

CVE-2017-6293

In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-6937736...

7.8CVSS5.3AI score0.00016EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.37 views

CVE-2017-7373

In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.

9.3CVSS7.5AI score0.00044EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.37 views

CVE-2017-8254

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.

5.5CVSS5.7AI score0.00063EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.37 views

CVE-2017-8265

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.

7CVSS6.6AI score0.00041EPSS
CVE
CVE
added 2017/08/18 7:29 p.m.37 views

CVE-2017-9680

In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.

7.5CVSS7.1AI score0.00111EPSS
CVE
CVE
added 2017/08/18 7:29 p.m.37 views

CVE-2017-9685

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.

9.3CVSS7.5AI score0.00118EPSS
CVE
CVE
added 2017/11/16 10:29 p.m.37 views

CVE-2017-9690

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.

7.8CVSS7.3AI score0.0005EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.37 views

CVE-2018-11260

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a fast Initial link setup (FILS) connection request, integer overflow may lead to a buffer overflow when the key length is zero.

7.8CVSS6.8AI score0.00054EPSS
CVE
CVE
added 2018/09/18 6:29 p.m.37 views

CVE-2018-11852

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.

7.8CVSS7.4AI score0.00015EPSS
CVE
CVE
added 2018/09/19 2:29 p.m.37 views

CVE-2018-11878

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function.

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2018/12/20 3:29 p.m.37 views

CVE-2018-11985

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer.

7.8CVSS7.5AI score0.00019EPSS
CVE
CVE
added 2020/04/08 5:15 p.m.37 views

CVE-2018-21038

An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018).

9.8CVSS9.5AI score0.00156EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.37 views

CVE-2018-21076

An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).

5.5CVSS5.3AI score0.00019EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.37 views

CVE-2018-21077

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018).

2.4CVSS4.1AI score0.00018EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.37 views

CVE-2018-21078

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-20...

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2018/04/03 5:29 p.m.37 views

CVE-2018-5826

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver.

5.9CVSS5.4AI score0.00112EPSS
CVE
CVE
added 2018/07/06 5:29 p.m.37 views

CVE-2018-5834

In __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

7.8CVSS7.4AI score0.00073EPSS
CVE
CVE
added 2018/07/06 5:29 p.m.37 views

CVE-2018-5890

If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

7.8CVSS7.2AI score0.00016EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.37 views

CVE-2018-5904

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while list traversal in LPM status driver for clean up, use after free vulnerability may occur.

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.37 views

CVE-2018-9355

In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Androi...

10CVSS8.8AI score0.07792EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.37 views

CVE-2018-9357

In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Andro...

7.8CVSS7.7AI score0.00095EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.37 views

CVE-2018-9360

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

7.8CVSS6.9AI score0.03247EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.37 views

CVE-2018-9436

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6....

7.8CVSS6.3AI score0.02686EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.37 views

CVE-2018-9438

When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Version...

5CVSS5.3AI score0.00092EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.37 views

CVE-2018-9508

In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr...

6.5CVSS6.1AI score0.00288EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.37 views

CVE-2018-9532

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9538

In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...

7.8CVSS7.6AI score0.00022EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9560

In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: An...

7.8CVSS7.7AI score0.00026EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9565

In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16...

7.5CVSS6.9AI score0.00587EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9566

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exp...

5.7CVSS5.6AI score0.003EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.37 views

CVE-2018-9573

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. An...

9.3CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2020/02/04 4:15 p.m.37 views

CVE-2019-19273

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

7.8CVSS7.7AI score0.00014EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.37 views

CVE-2019-1996

In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versio...

6.5CVSS6.1AI score0.00164EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.37 views

CVE-2019-2038

In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-...

5.5CVSS5AI score0.00062EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.37 views

CVE-2019-2041

In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Produ...

7.3CVSS7.3AI score0.00013EPSS
Total number of security vulnerabilities7579