Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/04/18 12:0 a.m.51 views

CVE-2016-2414

CVE-2016-2414 – Minikin DoS in Android . The Minikin library in Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-04-01) fails to properly handle negative size values in font data, enabling a local attacker to trigger memory corruption and a reboot loop via a crafted font, ...

6.2CVSS6.3AI score0.00405EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.51 views

CVE-2016-2416

CVE-2016-2416 is an information-disclosure flaw in Android mediaserver where libs/gui/BufferQueueConsumer.cpp does not check android.permission.DUMP, enabling a dump request to bypass protection and obtain signatures. Affected: Mediaserver component in Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, ...

10CVSS7.9AI score0.01058EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.51 views

CVE-2016-2460

CVE-2016-2460 is an information-disclosure vulnerability in Android’s mediaserver. Affected: Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-05-01. Root cause: mediaserver fails to initialize certain data structures in the IGraphicBufferConsumer.cpp/IGraphicBu...

5.5CVSS5.5AI score0.00418EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.51 views

CVE-2016-2461

CVE-2016-2461 affects OpenSSLCipher.java in Conscrypt on Android 6.x. The issue arises from mishandling resets of the AAD array, allowing a local attacker to spoof message authentication via unspecified vectors (internal bugs 27324690, 27696681). The vulnerability is tied to Conscrypt in the Andr...

7.6CVSS7.1AI score0.00455EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.51 views

CVE-2016-2476

CVE-2016-2476 affects Mediaserver in Android (versions 4.x up to 4.4.3, 5.0.x up to 5.0.1, 5.1.x up to 5.1.0, and 6.x prior to 2016-06-01). The issue is improper validation of OMX buffer sizes, enabling a local attacker with a crafted app to gain privileges (Signature or SignatureOrSystem). The v...

9.3CVSS8.1AI score0.00798EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.51 views

CVE-2016-2488

CVE-2016-2488 affects the Qualcomm camera driver in Android before 2016-06-01 on Nexus devices (N5, N5X, N6, N6P, N7 2013). The vulnerability is an elevation of privilege via a crafted application, linked to internal bug 27600832. The issue is addressed in the June 2016 Android bulletin; patch le...

9.3CVSS8AI score0.00412EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.51 views

CVE-2016-3826

The CVE-2016-3826 advisory affects Android’s Mediaserver component, specifically the AudioFlinger path (services/audioflinger/Effects.cpp). The root cause is that the reply size for an AudioFlinger effect command is not validated, enabling a crafted application to escalate privileges within the d...

7.8CVSS7.5AI score0.002EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.51 views

CVE-2016-3836

CVE-2016-3836 affects the Android SurfaceFlinger service. It is exploitable on Android 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, and 6.x prior to 2016-08-01, allowing a crafted application to disclose sensitive information. The root cause noted is a lack of a default constructor in include/ui/F...

5.5CVSS5.5AI score0.00454EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.51 views

CVE-2016-3844

CVE-2016-3844 is a Mediaserver elevation-of-privilege issue in Android. The provided documents consistently describe it as a local privilege escalation affecting Mediaserver on Nexus 9 and Pixel C devices, exploitable by a crafted application to gain privileges. Root cause is tied to Mediaserver ...

9.3CVSS7.5AI score0.00419EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.51 views

CVE-2016-3854

CVE-2016-3854 affects the Qualcomm MSMM driver path in Android: the file drivers/media/video/msm/msm_mctl_buf.c does not validate the image mode, enabling a crafted application to trigger a denial of service via out-of-bounds access, with potential unspecified additional impact. Reported as Qualc...

7.8CVSS7.8AI score0.00385EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.51 views

CVE-2016-3876

CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...

7.2CVSS6.7AI score0.00203EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.51 views

CVE-2016-3913

CVE-2016-3913 affects media/libmediaplayerservice/MediaPlayerService.cpp in Mediaserver on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, 6.x up to 2016-10-01, and 7.0 up to 2016-10-01. The root cause is that a certain static_cast is not validated, enabling privilege escalation vi...

9.3CVSS8AI score0.0053EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.51 views

CVE-2016-3924

Technical details beyond the initial description are not provided in the connected documents. Public information about affected products, specific versions, root cause, or patch status is not available here. Monitor for updates and new disclosures.

5.5CVSS5.8AI score0.00454EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.51 views

CVE-2016-5859

CVE-2016-5859 involves a vulnerability in the Qualcomm sound driver across Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when a function is called with a very large length, triggering an integer overflow that is followed by a buffer overflow. The description identifies me...

7.6CVSS7.2AI score0.00616EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.51 views

CVE-2016-6683

CVE-2016-6683 is an information-disclosure vulnerability in the Android kernel affecting Nexus devices running before the 2016-10-05 patch. The issue, associated with internal bug 30143283, allows a crafted application to obtain sensitive information from kernel components. Connected documents co...

5.5CVSS5.6AI score0.00419EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.51 views

CVE-2016-6686

CVE-2016-6686 is an information-disclosure vulnerability in the NVIDIA profiler on Android/Nexus 9 prior to 2016-10-05. A locally run, crafted application could leak sensitive information from the profiler. Connected sources indicate this issue is part of the Android 2016-10-01/2016-10-05 patch s...

5.5CVSS5.8AI score0.00392EPSS
CVE
CVE
added 2016/12/13 7:0 p.m.51 views

CVE-2016-6699

CVE-2016-6699 is a remote code execution in Mediaserver’s libstagefright on Android 7.0 (before 2016-11-01). The issue allows memory corruption during media file and data processing when a specially crafted file is processed. Impact is remote code execution within Mediaserver. The vulnerability i...

9.3CVSS7.7AI score0.0132EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.51 views

CVE-2016-6704

CVE-2016-6704 is an elevation-of-privilege issue in Android’s Mediaserver. The vulnerability could allow a local malicious app to execute arbitrary code within a privileged process. It affects multiple Android releases (4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, 6.x up to 2016-11-01, ...

9.3CVSS7.4AI score0.0091EPSS
CVE
CVE
added 2016/12/13 7:0 p.m.51 views

CVE-2016-6711

CVE-2016-6711 affects Android's Mediaserver libvpx component. A remote DoS can be triggered by a specially crafted file, causing device hang or reboot. Affected Android versions: 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01. No remediation details are provid...

7.1CVSS5.2AI score0.0083EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.51 views

CVE-2016-6725

CVE-2016-6725 is a remote-code-execution vulnerability in the Qualcomm crypto driver affecting Android before the 2016-11-05 patch level. The Android kernel context could be compromised by a remote attacker, with CVSS-style impact described as critical (kernel context, remote exploit). The vulner...

10CVSS9.1AI score0.026EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.51 views

CVE-2016-6737

CVE-2016-6737 is an elevation of privilege in the Android kernel ION subsystem. A local malicious app could execute arbitrary code in kernel context on pre-2016-11-05 devices. The issue is deemed Critical and may enable a permanent device compromise, potentially requiring reflashing. Public remed...

9.3CVSS7.3AI score0.00649EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.51 views

CVE-2016-6738

CVE-2016-6738 is an elevation of privilege vulnerability in the Qualcomm crypto engine driver for Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context, requiring initial compromise of a privileged process. The description and related records...

9.3CVSS7.1AI score0.00724EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.51 views

CVE-2016-6746

CVE-2016-6746 describes an information-disclosure vulnerability in the NVIDIA GPU driver on Android devices prior to 2016-11-05, enabling a local malicious app to access data outside its permission set. The issue is categorized as High/Medium impact depending on source, with the NVD noting data e...

5.5CVSS5.2AI score0.00359EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.51 views

CVE-2016-6765

CVE-2016-6765 is a denial-of-service vulnerability in Android’s Mediaserver component libstagefright. The issue allows a specially crafted file to cause a device hang or reboot, via Mediaserver when processing media data. Affected products/versions cited in the documents include Android 4.4.4, 5....

7.1CVSS5.5AI score0.00529EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.51 views

CVE-2016-6766

CVE-2016-6766 is a denial-of-service vulnerability affecting Mediaserver components (libmedia/libstagefright) in Android. The issue allows a specially crafted file to cause a device hang or reboot. Connected Nessus data reiterates the same vulnerability and notes that there is no vendor patch ava...

7.1CVSS5.6AI score0.00626EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.51 views

CVE-2016-6774

CVE-2016-6774 is an information-disclosure vulnerability in Android’s Package Manager for Android 7.0. A local malicious application could bypass OS protections that isolate app data if it can compromise a privileged process, leading to data exposure. The issue is categorized as Moderate, reflect...

4.7CVSS4.5AI score0.00308EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.51 views

CVE-2016-8418

CVE-2016-8418 is a Critical remote code execution vulnerability in the Qualcomm crypto driver on Android, allowing an attacker to run arbitrary code in the kernel context. The 2017-02-05 Android bulletin documents the issue (references include A-32652894 and QC-CR#1077457) and indicates a patch w...

10CVSS8.6AI score0.0273EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.51 views

CVE-2016-8445

CVE-2016-8445 describes an elevation of privilege in MediaTek components used by Android, specifically the thermal and video drivers. A local malicious application could execute arbitrary code in the kernel context, requiring a compromised privileged process first. The vulnerability is associated...

7.6CVSS7AI score0.00609EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.51 views

CVE-2017-0401

CVE-2017-0401 is an information-disclosure vulnerability in the Qualcomm audio post-processor path (lvm/wrapper/Bundle/EffectBundle.cpp in libeffects). A locally running malicious application could access data outside its permissions on Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. T...

5.5CVSS5.2AI score0.00471EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.51 views

CVE-2017-0471

CVE-2017-0471 is a remote code execution in Mediaserver affecting Android 6.0–7.1.1. A specially crafted media file could trigger memory corruption during media/file processing, allowing an attacker to execute code within the Mediaserver process. The vulnerability is listed in the 2017-03-01 Andr...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.51 views

CVE-2017-0600

CVE-2017-0600 describes a denial-of-service vulnerability in Android’s Mediaserver, specifically in the libstagefright component. A specially crafted media file could cause the Mediaserver process to hang or reboot, potentially impacting affected Android versions. Affected products/versions inclu...

7.1CVSS5.4AI score0.00444EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.51 views

CVE-2017-0638

Technical details regarding CVE-2017-0638 are not publicly provided in the connected documents. Monitor for updates.

7.8CVSS7.8AI score0.00906EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.51 views

CVE-2017-0669

Technical details about CVE-2017-0669 are not publicly provided in the supplied documents. The records confirm an information-disclosure issue in the Android framework affecting Android 6.0–7.1.x, but do not specify root cause, vulnerable component, or fixes. Monitor for updates.

5.5CVSS5.5AI score0.00391EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.51 views

CVE-2017-0689

CVE-2017-0689 is a denial-of-service vulnerability in the Android media framework. It affects Android devices running versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 and 7.1.2. The connected documents corroborate that the issue is a DoS in the media framework, with attacker-controlled input possibl...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.51 views

CVE-2017-0705

CVE-2017-0705 is described here as an elevation of privilege in the Broadcom Wi-Fi driver within Android kernels. The connected sources identify the affected component as the Broadcom Wi‑Fi driver used in Android, with the impact stated as Elevation of Privilege (local). The root cause specifics ...

7.2CVSS6.7AI score0.00185EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.51 views

CVE-2017-0706

CVE-2017-0706 is an Elevation of Privilege in the Broadcom Wi‑Fi driver used in Android kernel. Public sources describe a boundary-detection failure in the Broadcom Wi‑Fi driver that can lead to memory corruption and privilege escalation. The vulnerability affects Android-related Broadcom Wi‑Fi c...

7.2CVSS6.7AI score0.00185EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.51 views

CVE-2017-0735

CVE-2017-0735 represents a denial-of-service vulnerability in Android’s media framework libavc affecting Android 6.0–7.2 (6.0, 6.0.1, 7.0, 7.1.1, 7.1.2). Multiple sources (NVD entry, CNVD-2017-23406) describe a DoS in the libavc component of the Media framework, with no publicly disclosed exploit...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.51 views

CVE-2017-0742

CVE-2017-0742 is an Elevation of Privilege vulnerability in the MediaTek Video driver used by Android kernel. The issue affects Android devices with MediaTek video components and could allow a local attacker to execute arbitrary code within a privileged context (EoP). Public detail across connect...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.51 views

CVE-2017-0755

CVE-2017-0755 is an Elevation of Privilege in Android’s libminikin library affecting Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0. The CVSSv3 base score is 7.8 (High) with LOCAL attack vector, LOW complexity, no privileges required, user interaction required, and impact to...

9.3CVSS8AI score0.00414EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.51 views

CVE-2017-0801

CVE-2017-0801 is a local elevation-of-privilege issue in MediaTek libmtkomxvdec (LibMtkOmxVdec) used by Android kernels. It’s classified as EoP (High) and is addressed in the Android/MediaTek stack by vendor patches released to AOSP; remediation is to apply the patched Android build or vendor upd...

9.3CVSS8AI score0.00416EPSS
CVE
CVE
added 2017/08/24 12:0 a.m.51 views

CVE-2017-0805

CVE-2017-0805 is an elevation-of-privilege vulnerability in the Android media framework (libstagefright) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0–6.0.1, 7.0, 7.1.1, 7.1.2. The issue allows local attackers to gain high privileges within a privileged process through media handling, as in...

9.3CVSS7.3AI score0.00434EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.51 views

CVE-2017-0838

CVE-2017-0838 is an elevation of privilege in Android’s media framework (libstagefright). Affected products are Android 7.0, 7.1.1, and 7.1.2 (Pixel/Nexus devices). The vulnerability is in the Media framework (libstagefright) and is classified as EoP with High severity in the Pixel/Nexus security...

7.8CVSS7.3AI score0.00148EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.51 views

CVE-2017-0865

CVE-2017-0865 is an elevation of privilege in the MediaTek SoC driver within Android kernel. The issue is categorized as EoP in the MediaTek SoC driver component; details across connected records confirm the affected element is the MediaTek SoC driver on Android devices (Pixel/Nexus context cited...

7.8CVSS7.3AI score0.00138EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.51 views

CVE-2017-0879

CVE-2017-0879 is an information disclosure vulnerability in the Android Media framework affecting Pixel/Nexus devices. The Android Bulletin (Dec 2017) places this issue under the Media framework with a Moderate severity and lists affected AOSP updates up to 8.0, specifically noting updated AOSP v...

9.1CVSS8.2AI score0.0059EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.51 views

CVE-2017-10996

CVE-2017-10996 affects Qualcomm devices running CAF Android builds that use the Linux kernel. The vulnerability is an out-of-bounds access in c_show() caused by compat_hwcap_str[] not being NULL-terminated. The issue could cause device crashes/reboots (memory violation/out-of-bounds access). The ...

7.1CVSS6AI score0.00432EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.51 views

CVE-2017-11047

CVE-2017-11047 applies to Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel; the issue is in a graphics-driver ioctl handler where missing copy_from_user() calls can allow writes to kernel memory. Impact per CVSS indicates LOCAL access with LOW user interaction an...

7.8CVSS7AI score0.00138EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.51 views

CVE-2017-11055

CVE-2017-11055 affects Qualcomm WLAN in Android/CAF Linux-kernel stacks (Android for MSM, Firefox OS for MSM, QRD Android). A buffer over-read can occur when processing the QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION vendor command, potentially exposing memory contents. Affected components a...

7.5CVSS7AI score0.00514EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.51 views

CVE-2017-11057

CVE-2017-11057 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel in compatibility mode. The vulnerability arises from flash_data handling in 64-bit userspace, where a userspace-provided address can lead to kernel memory disclosure or a fault. Impact is inf...

7.8CVSS6.9AI score0.00151EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.51 views

CVE-2017-11063

CVE-2017-11063 describes a race condition between two userspace processes that interact with a driver in Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF/Linux kernel. The race condition can lead to a null pointer dereference, i.e., a potential crash; exploitation details, af...

5.9CVSS5.8AI score0.00473EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.51 views

CVE-2017-11075

CVE-2017-11075 concerns a use-after-free in wdsp_glink_write() when cmd_pkt and reg_pkt are invoked from different userspace threads on Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds prior to the CAF kernel patch level 2018-04-05. Affected components include the Audio DSP dr...

7.8CVSS7.2AI score0.00158EPSS
Total number of security vulnerabilities8153