Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
•added 2020/04/07 1:45 p.m.•51 views

CVE-2016-11029

CVE-2016-11029 affects Samsung mobile devices on L(5.0/5.1), M(6.0), and N(7.0). The vulnerability arises from an unprotected intent that allows attackers to read the Mobile Hotspot password from logs. The description in multiple sources confirms the root cause and the impact: disclosure of hotsp...

7.5CVSS7.6AI score0.00397EPSS
CVE
CVE
•added 2020/04/07 12:44 p.m.•51 views

CVE-2016-11049

CVE-2016-11049 affects Samsung mobile devices with software up to 2016-01-16 on Shannon333/308/310 chipsets. The vulnerability arises from an error in managing key information, enabling retrieval and modification of IMEI. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE re...

9.1CVSS9.1AI score0.00401EPSS
CVE
CVE
•added 2023/10/30 5:1 p.m.•51 views

CVE-2023-21373

CVE-2023-21373 affects Android Telephony: a missing permission check lets a guest user change the preferred SIM, enabling local elevation of privilege with no user interaction. Exploitation is local; impact is described as high (confidentiality, integrity, availability). No exploitation details i...

7.8CVSS7.8AI score0.00084EPSS
CVE
CVE
•added 2024/01/02 2:49 a.m.•51 views

CVE-2023-32876

CVE-2023-32876 involves the keyInstall function where a missing bounds check can cause information disclosure, requiring local privileges (PR:H) with no user interaction. Affected context appears to be media/SoC environments (MediaTek-related references appear across multiple connected sources), ...

4.4CVSS4.3AI score0.00089EPSS
CVE
CVE
•added 2023/07/12 8:32 a.m.•51 views

CVE-2023-33887

CVE-2023-33887 affects the telephony service due to a missing permission check, enabling local information disclosure without additional execution privileges. The core issue is a privilege-check gap in the telephony component, with the impact described as local data leakage and no user interactio...

5.5CVSS5.2AI score0.00099EPSS
CVE
CVE
•added 2023/11/01 9:8 a.m.•51 views

CVE-2023-42631

CVE-2023-42631 affects validationtools due to a missing permission check, enabling local information disclosure with no privileges required. Connected documents corroborate the description but do not specify affected versions, vendor patches, or remediation steps. Exploitation status and in-the-w...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
•added 2023/11/01 9:8 a.m.•51 views

CVE-2023-42653

CVE-2023-42653 affects the faceid service in UNISOC chipsets. The root cause is a missing bounds check that enables an out-of-bounds write, potentially causing a local denial of service with no additional execution privileges. According to the provided documents, the issue is a local impact (AV:L...

5.5CVSS5.5AI score0.00083EPSS
CVE
CVE
•added 2023/09/27 8:36 a.m.•51 views

CVE-2023-44121

CVE-2023-44121 describes an intent redirection in LG ThinQ Service (com.lge.lms2), specifically in NotificationManager.java, exploitable by a third‑party app via a broadcast with action com.lge.lms.things.notification.ACTION. The vulnerability is dangerous because LG ThinQ Service is a system app...

6.3CVSS5.4AI score0.00102EPSS
Web
CVE
CVE
•added 2024/10/07 2:35 a.m.•51 views

CVE-2024-20095

Summary: CVE-2024-20095 affects the MediaTek m4u component, with a likely out-of-bounds read caused by a missing bounds check, leading to local information disclosure. The impact is described as requiring system-level privileges, with no user interaction needed. The vulnerability is associated wi...

4.4CVSS6.2AI score0.00099EPSS
CVE
CVE
•added 2024/12/02 3:6 a.m.•51 views

CVE-2024-20129

CVE-2024-20129 affects Telephony with a missing bounds check leading to an out-of-bounds read and potential remote denial of service. The vulnerability is exploitable over the network without privileges or user interaction, per the provided description. A patch is identified as ALPS09289881 (Issu...

7.5CVSS7.2AI score0.00298EPSS
CVE
CVE
•added 2024/07/01 8:40 a.m.•51 views

CVE-2024-39427

CVE-2024-39427 affects the trusty service, where a missing bounds check enables an out-of-bounds write. This can cause local denial of service and may require system privileges for exploitation. Multiple connected sources (e.g., Red Hat advisory, NVD entry) confirm the same description; no explic...

5.1CVSS6.8AI score0.00093EPSS
CVE
CVE
•added 2024/10/09 6:43 a.m.•51 views

CVE-2024-39437

CVE-2024-39437 concerns the UNISOC/linkturbonative service, where improper input validation enables a possible command injection. The underlying effect is local privilege escalation to SYSTEM level. Documented impact: local execution with high privileges; attacked component/process is the linktur...

6.7CVSS7.7AI score0.00252EPSS
CVE
CVE
•added 2025/09/04 6:34 p.m.•51 views

CVE-2025-48539

CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc there is a possible out-of-bounds read due to a use-after-free, which could enable remote code execution with no additional privileges and no user interaction. Connected documents identify this as an Android System component issue with high se...

8CVSS6.9AI score0.00244EPSS
CVE
CVE
•added 2012/01/25 6:0 p.m.•50 views

CVE-2011-4276

The CVE-2011-4276 issue affects Android 2.3 before 2.3.6, where the Bluetooth service (com/android/phone/BluetoothHeadsetService.java) allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. Root cause is a flaw in the Bluetooth service handling AT phon...

4.3CVSS6.8AI score0.00579EPSS
CVE
CVE
•added 2016/07/11 1:0 a.m.•50 views

CVE-2013-7457

CVE-2013-7457 pertains to Android with Qualcomm components. Connected sources indicate a privilege-lifting vulnerability in the Qualcomm component in Android versions prior to 2016-07-05, which can be exploited by a crafted application to gain privileges. The initial description notes an unspecif...

10CVSS7.4AI score0.00417EPSS
CVE
CVE
•added 2018/03/27 4:0 p.m.•50 views

CVE-2014-4959

Technical details about CVE-2014-4959 are not publicly provided in the included documents; no affected products, root cause, impact, or remediation are specified. Monitor for updates.

9.8CVSS9.7AI score0.01507EPSS
CVE
CVE
•added 2016/07/11 1:0 a.m.•50 views

CVE-2014-9778

CVE-2014-9778 describes an elevation-of-privilege vulnerability in the Qualcomm MSM video driver (vid_dec_set_h264_mv_buffers) on Android devices running Nexus 5 and 7 (2013) prior to 2016-07-05. The root cause is failure to validate the number of buffers in vid_dec_set_h264_mv_buffers within dri...

9.3CVSS7.5AI score0.00571EPSS
CVE
CVE
•added 2016/07/11 1:0 a.m.•50 views

CVE-2014-9783

The CVE-2014-9783 entry affects the Qualcomm component in Android on Nexus 7 (2013) devices, specifically the drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c. The root cause is that the code path does not validate certain values, enabling a local attacker with a crafted application to g...

9.3CVSS7.5AI score0.00584EPSS
CVE
CVE
•added 2016/08/06 10:0 a.m.•50 views

CVE-2014-9890

CVE-2014-9890 describes an off-by-one error in the MSM camera_v2 CCI driver (Qualcomm components) used on Nexus 5 and Nexus 7 (2013). The vulnerability allows a local attacker to gain privileges by sending a crafted I2C command, due to a boundary handling flaw in msm_cci.c. Affected firmware is A...

9.3CVSS7.5AI score0.0053EPSS
CVE
CVE
•added 2017/06/06 2:0 p.m.•50 views

CVE-2014-9951

Technical details about CVE-2014-9951 are not provided in the supplied documents. Please monitor for updates.

5.5CVSS5.7AI score0.00407EPSS
CVE
CVE
•added 2017/06/13 8:0 p.m.•50 views

CVE-2014-9960

CVE-2014-9960 is a documented buffer‑overflow vulnerability in the PlayReady API present in Android releases from CAF using the Linux kernel. The issue affects the PlayReady API component (buffer overflow in PlayReady) and is supported by multiple entries (NVD, CNVD, CVELIST, PRION, etc.). The CV...

9.3CVSS7.6AI score0.00632EPSS
CVE
CVE
•added 2017/08/18 6:0 p.m.•50 views

CVE-2014-9973

CVE-2014-9973 describes a buffer-length validation flaw in the PlayReady DRM routine within Qualcomm closed‑source components used in Qualcomm/CAF Android builds on the Linux kernel. The underlying issue is missing validation of buffer length in the DRM pathway, which could enable a remote attack...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
•added 2020/01/24 5:11 p.m.•50 views

CVE-2015-1525

CVE-2015-1525 (Android prior to 5.1) targets the AudioPolicyManagerBase.cpp. The vulnerability arises when the system processes a crafted application that provides a NULL device address, allowing a denial of service (audio_policy outage). Root cause is indicated as a NULL-pointer/invalid device a...

5.5CVSS5.2AI score0.00269EPSS
CVE
CVE
•added 2015/10/06 5:0 p.m.•50 views

CVE-2015-3872

CVE-2015-3872 involves libstagefright in Android before 5.1.1 LMY48T. A crafted media file could cause memory corruption, enabling remote code execution or a denial of service. Root cause referenced as internal bug 23346388. The Nexus security bulletin (Android 2015-10-01) confirms libstagefright...

10CVSS7.8AI score0.01858EPSS
CVE
CVE
•added 2015/10/06 5:0 p.m.•50 views

CVE-2015-6600

CVE-2015-6600 affects Android’s media stack: libstagefright vulnerable on Android versions before 5.1.1 LMY48T due to a memory-corruption flaw when processing crafted media files, enabling remote code execution or a denial of service in mediaserver. Root cause referenced as internal bug 22882938....

10CVSS7.8AI score0.0182EPSS
CVE
CVE
•added 2015/10/06 5:0 p.m.•50 views

CVE-2015-6603

CVE-2015-6603 affects libstagefright in Android prior to 5.1.1 LMY48T. A crafted media file could cause memory corruption in mediaserver and allow remote code execution or a denial of service. The issue is identified as internal bug 23227354. Android’s October 2015 bulletin documents multiple Rem...

10CVSS7.8AI score0.01858EPSS
CVE
CVE
•added 2015/10/06 5:0 p.m.•50 views

CVE-2015-6606

CVE-2015-6606 affects the Secure Element Evaluation Kit (SEEK/SmartCard API) plugin in Android up to 5.1.1 LMY48T. The flaw allows a crafted application to gain elevated privileges (Signature or SignatureOrSystem) due to a code-injection flaw in SEEK, enabling privilege escalation. Affected: SEEK...

9.3CVSS6.8AI score0.00773EPSS
CVE
CVE
•added 2015/11/03 11:0 a.m.•50 views

CVE-2015-6610

CVE-2015-6610 is a libstagefright elevation-of-privilege in Android (Stagefright) that can let a local malicious app cause memory corruption and potentially execute code inside the mediaserver service. Affected are Android versions prior to 5.1.1 LMY48X and 6.0 before 2015-11-01; exploitation is ...

10CVSS6.7AI score0.00785EPSS
CVE
CVE
•added 2016/07/11 1:0 a.m.•50 views

CVE-2015-8893

CVE-2015-8893 concerns the Qualcomm bootloader (aboot.c) in Android on Nexus 5 and Nexus 7 (2013) devices. A crafted application can cause a denial of service (OS outage or buffer over-read). The issue affects Android platforms pre-dating the 2016-07-05 patch level; the available connected docume...

5.5CVSS5.8AI score0.0036EPSS
CVE
CVE
•added 2018/04/04 6:0 p.m.•50 views

CVE-2015-9011

CVE-2015-9011 is a privilege-escalation vulnerability reported in Qualcomm closed-source components affecting the Android kernel. The connected sources confirm the issue as elevation of privilege, with Android kernel involvement and no publicly disclosed exploit details in the provided documents....

10CVSS8.8AI score0.01154EPSS
CVE
CVE
•added 2017/08/18 6:0 p.m.•50 views

CVE-2015-9054

Technical details for CVE-2015-9054 are not provided in the connected documents; no explicit affected products, versions, root cause, or fixes are disclosed here. Monitor for updates.

10CVSS7.8AI score0.00861EPSS
CVE
CVE
•added 2017/08/18 6:0 p.m.•50 views

CVE-2015-9061

The connected CNVD entry (CNVD-2017-26846) describes CVE-2015-9061 as a vulnerability in Android’s Qualcomm closed‑source components, where the PlayReady DRM fails to detect length, enabling unauthorized access to secure memory. Affected software is the Qualcomm closed‑source component used withi...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
•added 2017/08/18 6:0 p.m.•50 views

CVE-2015-9067

CVE-2015-9067 concerns Qualcomm products with Android CAF builds using the Linux kernel. The description indicates a potential compiler optimization of memset() that is addressed in these releases. The connected documents do not provide concrete technical details such as affected versions, exact ...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
•added 2017/08/18 6:0 p.m.•50 views

CVE-2015-9069

CVE-2015-9069 corresponds to a memory corruption vulnerability in Qualcomm closed‑source components used in Android CAF builds, which can lead to corruption of the Secure File System. Connected CNVD entries describe it as a Qualcomm component memory corruption vulnerability affecting Android, wit...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
•added 2016/02/07 1:0 a.m.•50 views

CVE-2016-0812

The CVE-2016-0812 entry concerns the Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and Android 6.0 before 2016-02-01. The vulnerability arises from the interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java, where setup completion is not ...

6.6CVSS6.6AI score0.0018EPSS
CVE
CVE
•added 2017/05/16 2:0 p.m.•50 views

CVE-2016-10238

CVE-2016-10238 concerns the QSEE component in CAF Android builds. The issue stems from a page-alignment problem that could potentially bypass the Linux kernel access control. The vulnerability is described as a local issue within QSEE across Android releases from CAF, with the impact explicitly s...

9.3CVSS7.2AI score0.00582EPSS
CVE
CVE
•added 2017/05/12 3:0 p.m.•50 views

CVE-2016-10282

CVE-2016-10282 is an elevation of privilege in the MediaTek thermal driver on Android. A local malicious application could execute arbitrary code in the kernel context by exploiting this driver after compromising a privileged process. Affected component: MediaTek thermal driver (Android). The pro...

7.6CVSS6.6AI score0.00528EPSS
CVE
CVE
•added 2017/06/06 2:0 p.m.•50 views

CVE-2016-10297

CVE-2016-10297 affects TrustZone in CAF Android kernels, describing a Time-of-Check Time-of-Use race condition. Impact is rated High for confidentiality, integrity, and availability; exploitation is local with high complexity and user interaction required. The connected documents do not provide a...

9.3CVSS6.5AI score0.00343EPSS
CVE
CVE
•added 2020/04/07 1:49 p.m.•50 views

CVE-2016-11026

CVE-2016-11026 affects Samsung mobile devices running KK (4.4), L (5.0/5.1) and M (6.0). The issue is in BootReceiver where improper exception handling can trigger a system crash (DoS). Public details across NVD, Red Hat, CNVD, and CVE listings consistently describe the crash trigger but do not d...

7.8CVSS7.5AI score0.00422EPSS
CVE
CVE
•added 2020/04/07 1:48 p.m.•50 views

CVE-2016-11027

CVE-2016-11027 affects Samsung mobile devices running M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The entry provides the Samsung ID SVE-2016-7132 but does not specify exploit details, affected models, versions beyond Andro...

2.4CVSS4.1AI score0.00139EPSS
CVE
CVE
•added 2020/04/07 1:26 p.m.•50 views

CVE-2016-11034

CVE-2016-11034 affects Samsung mobile devices running L/5.0–5.1 and M/6.0 where the decode function in Qjpeg (Qt 5.7) can trigger a system crash via a malformed image. Root cause: improper handling in Qjpeg decoding. Affected component: Qt 5.7 Qjpeg on Samsung devices (SVE-2016-6560). Impact: sys...

7.1CVSS6.4AI score0.00346EPSS
CVE
CVE
•added 2020/04/07 12:53 p.m.•50 views

CVE-2016-11043

Affected product: Samsung mobile devices running M(6.0) software. Issue: S/MIME in EAS uses DES instead of the intended 3DES, enabling weaker cryptographic protection. Documented as Samsung ID SVE-2016-5871 (June 2016). Impact per sources: design weakness in encryption; CVSS notes indicate higher...

7.5CVSS7.5AI score0.00218EPSS
CVE
CVE
•added 2016/04/18 12:0 a.m.•50 views

CVE-2016-2424

CVE-2016-2424 affects Android’s SyncStorageEngine (server/content/SyncStorageEngine.java) in Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-04-01. The vulnerability stems from mismanagement of certain authority data in SyncStorageEngine, enabling a local atta...

7.1CVSS5.6AI score0.00358EPSS
CVE
CVE
•added 2016/05/09 10:0 a.m.•50 views

CVE-2016-2457

CVE-2016-2457 affects Android Wi‑Fi, specifically server/pm/UserManagerService.java, and is described as a bypass against restrictions on Wi‑Fi configuration changes via guest access in Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-05-01). The connected documents confir...

5.5CVSS6.2AI score0.0019EPSS
CVE
CVE
•added 2016/06/13 1:0 a.m.•50 views

CVE-2016-2469

CVE-2016-2469 is an elevation of privilege vulnerability in the Qualcomm sound driver affecting Android on Nexus devices (pre-2016-06-01). The issue originates in the Qualcomm sound driver used by Android and could allow a local attacker, via a crafted application, to gain kernel-level privileges...

9.3CVSS7.6AI score0.00623EPSS
CVE
CVE
•added 2016/06/13 1:0 a.m.•50 views

CVE-2016-2477

CVE-2016-2477 is an Android Mediaserver privilege-escalation vulnerability caused by mishandled pointers in mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp. A local attacker could exploit a crafted file or payload to gain Signature or SignatureOrSystem privileges. Affected Android versions inclu...

9.3CVSS8AI score0.00473EPSS
CVE
CVE
•added 2016/07/11 1:0 a.m.•50 views

CVE-2016-2503

CVE-2016-2503 affects the Qualcomm KGSL GPU driver in Android devices (notably Nexus 5X/6P). The issue arises from a race condition and use-after-free in the GPU driver’s synchronization paths (kgsl_sync) and in kgsl_mem_entry handling, enabling a local attacker to escalate privileges via a craft...

9.3CVSS7.4AI score0.00479EPSS
CVE
CVE
•added 2016/08/05 8:0 p.m.•50 views

CVE-2016-3828

CVE-2016-3828 affects Android Mediaserver (decoder/ih264d_api.c) in Android 6.x prior to the 2016-08-01 patch, where invalid PPS/SPS NAL units are mishandled, enabling a crafted media file to cause a denial of service (device hang or reboot). The issue is categorized as a Mediaserver DoS vulnerab...

7.1CVSS5.7AI score0.00574EPSS
CVE
CVE
•added 2016/10/10 10:0 a.m.•50 views

CVE-2016-3860

CVE-2016-3860 affects the Qualcomm sound driver in Android, specifically the file sound/soc/msm/qdsp6v2/audio_calibration.c. The vulnerability allows a crafted application to disclose sensitive information due to an information-disclosure flaw in the Qualcomm sound device on Nexus 5X, Nexus 6P, a...

5.5CVSS5.8AI score0.00449EPSS
CVE
CVE
•added 2016/09/11 9:0 p.m.•50 views

CVE-2016-3876

CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...

7.2CVSS6.7AI score0.00203EPSS
Total number of security vulnerabilities8153