8153 matches found
CVE-2016-11029
CVE-2016-11029 affects Samsung mobile devices on L(5.0/5.1), M(6.0), and N(7.0). The vulnerability arises from an unprotected intent that allows attackers to read the Mobile Hotspot password from logs. The description in multiple sources confirms the root cause and the impact: disclosure of hotsp...
CVE-2016-11049
CVE-2016-11049 affects Samsung mobile devices with software up to 2016-01-16 on Shannon333/308/310 chipsets. The vulnerability arises from an error in managing key information, enabling retrieval and modification of IMEI. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE re...
CVE-2023-21373
CVE-2023-21373 affects Android Telephony: a missing permission check lets a guest user change the preferred SIM, enabling local elevation of privilege with no user interaction. Exploitation is local; impact is described as high (confidentiality, integrity, availability). No exploitation details i...
CVE-2023-32876
CVE-2023-32876 involves the keyInstall function where a missing bounds check can cause information disclosure, requiring local privileges (PR:H) with no user interaction. Affected context appears to be media/SoC environments (MediaTek-related references appear across multiple connected sources), ...
CVE-2023-33887
CVE-2023-33887 affects the telephony service due to a missing permission check, enabling local information disclosure without additional execution privileges. The core issue is a privilege-check gap in the telephony component, with the impact described as local data leakage and no user interactio...
CVE-2023-42631
CVE-2023-42631 affects validationtools due to a missing permission check, enabling local information disclosure with no privileges required. Connected documents corroborate the description but do not specify affected versions, vendor patches, or remediation steps. Exploitation status and in-the-w...
CVE-2023-42653
CVE-2023-42653 affects the faceid service in UNISOC chipsets. The root cause is a missing bounds check that enables an out-of-bounds write, potentially causing a local denial of service with no additional execution privileges. According to the provided documents, the issue is a local impact (AV:L...
CVE-2023-44121
CVE-2023-44121 describes an intent redirection in LG ThinQ Service (com.lge.lms2), specifically in NotificationManager.java, exploitable by a third‑party app via a broadcast with action com.lge.lms.things.notification.ACTION. The vulnerability is dangerous because LG ThinQ Service is a system app...
CVE-2024-20095
Summary: CVE-2024-20095 affects the MediaTek m4u component, with a likely out-of-bounds read caused by a missing bounds check, leading to local information disclosure. The impact is described as requiring system-level privileges, with no user interaction needed. The vulnerability is associated wi...
CVE-2024-20129
CVE-2024-20129 affects Telephony with a missing bounds check leading to an out-of-bounds read and potential remote denial of service. The vulnerability is exploitable over the network without privileges or user interaction, per the provided description. A patch is identified as ALPS09289881 (Issu...
CVE-2024-39427
CVE-2024-39427 affects the trusty service, where a missing bounds check enables an out-of-bounds write. This can cause local denial of service and may require system privileges for exploitation. Multiple connected sources (e.g., Red Hat advisory, NVD entry) confirm the same description; no explic...
CVE-2024-39437
CVE-2024-39437 concerns the UNISOC/linkturbonative service, where improper input validation enables a possible command injection. The underlying effect is local privilege escalation to SYSTEM level. Documented impact: local execution with high privileges; attacked component/process is the linktur...
CVE-2025-48539
CVE-2025-48539: In SendPacketToPeer of acl_arbiter.cc there is a possible out-of-bounds read due to a use-after-free, which could enable remote code execution with no additional privileges and no user interaction. Connected documents identify this as an Android System component issue with high se...
CVE-2011-4276
The CVE-2011-4276 issue affects Android 2.3 before 2.3.6, where the Bluetooth service (com/android/phone/BluetoothHeadsetService.java) allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. Root cause is a flaw in the Bluetooth service handling AT phon...
CVE-2013-7457
CVE-2013-7457 pertains to Android with Qualcomm components. Connected sources indicate a privilege-lifting vulnerability in the Qualcomm component in Android versions prior to 2016-07-05, which can be exploited by a crafted application to gain privileges. The initial description notes an unspecif...
CVE-2014-4959
Technical details about CVE-2014-4959 are not publicly provided in the included documents; no affected products, root cause, impact, or remediation are specified. Monitor for updates.
CVE-2014-9778
CVE-2014-9778 describes an elevation-of-privilege vulnerability in the Qualcomm MSM video driver (vid_dec_set_h264_mv_buffers) on Android devices running Nexus 5 and 7 (2013) prior to 2016-07-05. The root cause is failure to validate the number of buffers in vid_dec_set_h264_mv_buffers within dri...
CVE-2014-9783
The CVE-2014-9783 entry affects the Qualcomm component in Android on Nexus 7 (2013) devices, specifically the drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c. The root cause is that the code path does not validate certain values, enabling a local attacker with a crafted application to g...
CVE-2014-9890
CVE-2014-9890 describes an off-by-one error in the MSM camera_v2 CCI driver (Qualcomm components) used on Nexus 5 and Nexus 7 (2013). The vulnerability allows a local attacker to gain privileges by sending a crafted I2C command, due to a boundary handling flaw in msm_cci.c. Affected firmware is A...
CVE-2014-9951
Technical details about CVE-2014-9951 are not provided in the supplied documents. Please monitor for updates.
CVE-2014-9960
CVE-2014-9960 is a documented buffer‑overflow vulnerability in the PlayReady API present in Android releases from CAF using the Linux kernel. The issue affects the PlayReady API component (buffer overflow in PlayReady) and is supported by multiple entries (NVD, CNVD, CVELIST, PRION, etc.). The CV...
CVE-2014-9973
CVE-2014-9973 describes a buffer-length validation flaw in the PlayReady DRM routine within Qualcomm closed‑source components used in Qualcomm/CAF Android builds on the Linux kernel. The underlying issue is missing validation of buffer length in the DRM pathway, which could enable a remote attack...
CVE-2015-1525
CVE-2015-1525 (Android prior to 5.1) targets the AudioPolicyManagerBase.cpp. The vulnerability arises when the system processes a crafted application that provides a NULL device address, allowing a denial of service (audio_policy outage). Root cause is indicated as a NULL-pointer/invalid device a...
CVE-2015-3872
CVE-2015-3872 involves libstagefright in Android before 5.1.1 LMY48T. A crafted media file could cause memory corruption, enabling remote code execution or a denial of service. Root cause referenced as internal bug 23346388. The Nexus security bulletin (Android 2015-10-01) confirms libstagefright...
CVE-2015-6600
CVE-2015-6600 affects Android’s media stack: libstagefright vulnerable on Android versions before 5.1.1 LMY48T due to a memory-corruption flaw when processing crafted media files, enabling remote code execution or a denial of service in mediaserver. Root cause referenced as internal bug 22882938....
CVE-2015-6603
CVE-2015-6603 affects libstagefright in Android prior to 5.1.1 LMY48T. A crafted media file could cause memory corruption in mediaserver and allow remote code execution or a denial of service. The issue is identified as internal bug 23227354. Android’s October 2015 bulletin documents multiple Rem...
CVE-2015-6606
CVE-2015-6606 affects the Secure Element Evaluation Kit (SEEK/SmartCard API) plugin in Android up to 5.1.1 LMY48T. The flaw allows a crafted application to gain elevated privileges (Signature or SignatureOrSystem) due to a code-injection flaw in SEEK, enabling privilege escalation. Affected: SEEK...
CVE-2015-6610
CVE-2015-6610 is a libstagefright elevation-of-privilege in Android (Stagefright) that can let a local malicious app cause memory corruption and potentially execute code inside the mediaserver service. Affected are Android versions prior to 5.1.1 LMY48X and 6.0 before 2015-11-01; exploitation is ...
CVE-2015-8893
CVE-2015-8893 concerns the Qualcomm bootloader (aboot.c) in Android on Nexus 5 and Nexus 7 (2013) devices. A crafted application can cause a denial of service (OS outage or buffer over-read). The issue affects Android platforms pre-dating the 2016-07-05 patch level; the available connected docume...
CVE-2015-9011
CVE-2015-9011 is a privilege-escalation vulnerability reported in Qualcomm closed-source components affecting the Android kernel. The connected sources confirm the issue as elevation of privilege, with Android kernel involvement and no publicly disclosed exploit details in the provided documents....
CVE-2015-9054
Technical details for CVE-2015-9054 are not provided in the connected documents; no explicit affected products, versions, root cause, or fixes are disclosed here. Monitor for updates.
CVE-2015-9061
The connected CNVD entry (CNVD-2017-26846) describes CVE-2015-9061 as a vulnerability in Android’s Qualcomm closed‑source components, where the PlayReady DRM fails to detect length, enabling unauthorized access to secure memory. Affected software is the Qualcomm closed‑source component used withi...
CVE-2015-9067
CVE-2015-9067 concerns Qualcomm products with Android CAF builds using the Linux kernel. The description indicates a potential compiler optimization of memset() that is addressed in these releases. The connected documents do not provide concrete technical details such as affected versions, exact ...
CVE-2015-9069
CVE-2015-9069 corresponds to a memory corruption vulnerability in Qualcomm closed‑source components used in Android CAF builds, which can lead to corruption of the Secure File System. Connected CNVD entries describe it as a Qualcomm component memory corruption vulnerability affecting Android, wit...
CVE-2016-0812
The CVE-2016-0812 entry concerns the Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and Android 6.0 before 2016-02-01. The vulnerability arises from the interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java, where setup completion is not ...
CVE-2016-10238
CVE-2016-10238 concerns the QSEE component in CAF Android builds. The issue stems from a page-alignment problem that could potentially bypass the Linux kernel access control. The vulnerability is described as a local issue within QSEE across Android releases from CAF, with the impact explicitly s...
CVE-2016-10282
CVE-2016-10282 is an elevation of privilege in the MediaTek thermal driver on Android. A local malicious application could execute arbitrary code in the kernel context by exploiting this driver after compromising a privileged process. Affected component: MediaTek thermal driver (Android). The pro...
CVE-2016-10297
CVE-2016-10297 affects TrustZone in CAF Android kernels, describing a Time-of-Check Time-of-Use race condition. Impact is rated High for confidentiality, integrity, and availability; exploitation is local with high complexity and user interaction required. The connected documents do not provide a...
CVE-2016-11026
CVE-2016-11026 affects Samsung mobile devices running KK (4.4), L (5.0/5.1) and M (6.0). The issue is in BootReceiver where improper exception handling can trigger a system crash (DoS). Public details across NVD, Red Hat, CNVD, and CVE listings consistently describe the crash trigger but do not d...
CVE-2016-11027
CVE-2016-11027 affects Samsung mobile devices running M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The entry provides the Samsung ID SVE-2016-7132 but does not specify exploit details, affected models, versions beyond Andro...
CVE-2016-11034
CVE-2016-11034 affects Samsung mobile devices running L/5.0–5.1 and M/6.0 where the decode function in Qjpeg (Qt 5.7) can trigger a system crash via a malformed image. Root cause: improper handling in Qjpeg decoding. Affected component: Qt 5.7 Qjpeg on Samsung devices (SVE-2016-6560). Impact: sys...
CVE-2016-11043
Affected product: Samsung mobile devices running M(6.0) software. Issue: S/MIME in EAS uses DES instead of the intended 3DES, enabling weaker cryptographic protection. Documented as Samsung ID SVE-2016-5871 (June 2016). Impact per sources: design weakness in encryption; CVSS notes indicate higher...
CVE-2016-2424
CVE-2016-2424 affects Android’s SyncStorageEngine (server/content/SyncStorageEngine.java) in Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-04-01. The vulnerability stems from mismanagement of certain authority data in SyncStorageEngine, enabling a local atta...
CVE-2016-2457
CVE-2016-2457 affects Android Wi‑Fi, specifically server/pm/UserManagerService.java, and is described as a bypass against restrictions on Wi‑Fi configuration changes via guest access in Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-05-01). The connected documents confir...
CVE-2016-2469
CVE-2016-2469 is an elevation of privilege vulnerability in the Qualcomm sound driver affecting Android on Nexus devices (pre-2016-06-01). The issue originates in the Qualcomm sound driver used by Android and could allow a local attacker, via a crafted application, to gain kernel-level privileges...
CVE-2016-2477
CVE-2016-2477 is an Android Mediaserver privilege-escalation vulnerability caused by mishandled pointers in mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp. A local attacker could exploit a crafted file or payload to gain Signature or SignatureOrSystem privileges. Affected Android versions inclu...
CVE-2016-2503
CVE-2016-2503 affects the Qualcomm KGSL GPU driver in Android devices (notably Nexus 5X/6P). The issue arises from a race condition and use-after-free in the GPU driver’s synchronization paths (kgsl_sync) and in kgsl_mem_entry handling, enabling a local attacker to escalate privileges via a craft...
CVE-2016-3828
CVE-2016-3828 affects Android Mediaserver (decoder/ih264d_api.c) in Android 6.x prior to the 2016-08-01 patch, where invalid PPS/SPS NAL units are mishandled, enabling a crafted media file to cause a denial of service (device hang or reboot). The issue is categorized as a Mediaserver DoS vulnerab...
CVE-2016-3860
CVE-2016-3860 affects the Qualcomm sound driver in Android, specifically the file sound/soc/msm/qdsp6v2/audio_calibration.c. The vulnerability allows a crafted application to disclose sensitive information due to an information-disclosure flaw in the Qualcomm sound device on Nexus 5X, Nexus 6P, a...
CVE-2016-3876
CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...