Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/06/13 1:0 a.m.50 views

CVE-2016-2469

CVE-2016-2469 is an elevation of privilege vulnerability in the Qualcomm sound driver affecting Android on Nexus devices (pre-2016-06-01). The issue originates in the Qualcomm sound driver used by Android and could allow a local attacker, via a crafted application, to gain kernel-level privileges...

9.3CVSS7.6AI score0.00623EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.50 views

CVE-2016-2477

CVE-2016-2477 is an Android Mediaserver privilege-escalation vulnerability caused by mishandled pointers in mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp. A local attacker could exploit a crafted file or payload to gain Signature or SignatureOrSystem privileges. Affected Android versions inclu...

9.3CVSS8AI score0.00473EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.50 views

CVE-2016-2503

CVE-2016-2503 affects the Qualcomm KGSL GPU driver in Android devices (notably Nexus 5X/6P). The issue arises from a race condition and use-after-free in the GPU driver’s synchronization paths (kgsl_sync) and in kgsl_mem_entry handling, enabling a local attacker to escalate privileges via a craft...

9.3CVSS7.4AI score0.00479EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.50 views

CVE-2016-3820

The CVE-2016-3820 issue affects the ih264d decoder in Mediaserver (Android 6.x). The root cause is the decoder mishandling slice numbers, enabling a remote attacker to craft a media file that could trigger arbitrary code execution or memory corruption within Mediaserver. Public details confirm im...

9.8CVSS8.8AI score0.01339EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.50 views

CVE-2016-3828

CVE-2016-3828 affects Android Mediaserver (decoder/ih264d_api.c) in Android 6.x prior to the 2016-08-01 patch, where invalid PPS/SPS NAL units are mishandled, enabling a crafted media file to cause a denial of service (device hang or reboot). The issue is categorized as a Mediaserver DoS vulnerab...

7.1CVSS5.7AI score0.00574EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.50 views

CVE-2016-3860

CVE-2016-3860 affects the Qualcomm sound driver in Android, specifically the file sound/soc/msm/qdsp6v2/audio_calibration.c. The vulnerability allows a crafted application to disclose sensitive information due to an information-disclosure flaw in the Qualcomm sound device on Nexus 5X, Nexus 6P, a...

5.5CVSS5.8AI score0.00449EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.50 views

CVE-2016-3876

CVE-2016-3876 affects Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The issue, described in SettingsProvider.java, enables physically proximate attackers to bypass SAFE_BOOT_DISALLOWED and boot to safe mode via the Android Debug Bridge (ADB). Root cause is a local bypass of safe-boot p...

7.2CVSS6.7AI score0.00203EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.50 views

CVE-2016-3880

CVE-2016-3880 affects Android Mediaserver, specifically buffer overflows in rtsp/ASessionDescription.cpp within libstagefright. Root cause: memory corruption from multiple overflows when processing crafted media files. Impact: remote denial of service causing device hang or reboot. Affected versi...

7.1CVSS5.8AI score0.00758EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.50 views

CVE-2016-3881

CVE-2016-3881 affects libvpx in mediaserver (Android) where the decoder_peek_si_internal function in vp9/vp9_dx_iface.c can trigger a denial of service via a crafted media file. Affected products/versions include Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09...

7.1CVSS5.4AI score0.00875EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.50 views

CVE-2016-3914

CVE-2016-3914 describes a race condition in Telephony’s MmsProvider.java that could let a local attacker escalate privileges by crafting an app to manipulate the Telephony database between two open operations. Affected platforms include Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1....

9.3CVSS8AI score0.00421EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.50 views

CVE-2016-3940

CVE-2016-3940 affects the Android Synaptics touchscreen driver on Nexus 6P and Android One devices, prior to the 2016-10-05 patch level. The issue allows a local attacker to escalate privileges through a crafted application, due to a vulnerability in the Synaptics touchscreen driver (internal bug...

9.3CVSS8AI score0.00389EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.50 views

CVE-2016-5347

CVE-2016-5347 describes an information-disclosure vulnerability in Qualcomm components, specifically in the CAF Android/Linux kernel audio driver. The issue allows leakage of kernel stack data to userspace via the audio driver, affecting Qualcomm-based Android devices using CAF-released kernels. ...

4.7CVSS5.1AI score0.00548EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.50 views

CVE-2016-5853

CVE-2016-5853 affects the Qualcomm Sound/Audio driver in Android CAF builds using the Linux kernel. The root cause is a sanity check: if a length value is out of the valid range, the code prints an error but continues as if the value were correct, potentially enabling unintended behavior. The CVE...

7.6CVSS7.1AI score0.00785EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.50 views

CVE-2016-6677

CVE-2016-6677 is an information-disclosure flaw in the NVIDIA GPU driver on Nexus 9 devices running Android prior to 2016-10-05. A crafted application can cause the driver to leak sensitive data. The connected NVIDIA/Android entries corroborate this as an information-disclosure issue tied to the ...

5.5CVSS5.8AI score0.00392EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.50 views

CVE-2016-6708

CVE-2016-6708 affects Android 7.0 System UI. It enables a local attacker to bypass the work-profile security prompt in Multi-Window mode, i.e., a local elevation of privilege without requiring user interaction. The issue is described as a local bypass of user interaction requirements and is categ...

5.5CVSS6AI score0.00152EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.50 views

CVE-2016-6723

CVE-2016-6723 is a denial-of-service vulnerability in Android’s Proxy Auto Config (PAC) handling. A specially crafted PAC file could cause a device to hang or reboot. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; 7.0 before 2016-11-01. Root cau...

5.4CVSS5.1AI score0.00611EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.50 views

CVE-2016-6730

CVE-2016-6730 describes an elevation-of-privilege vulnerability in the NVIDIA GPU driver for Android, where a local malicious app could execute arbitrary code in the kernel. The issue is rated Critical due to potential permanent device compromise. Affected software is the NVIDIA GPU driver on And...

9.3CVSS7AI score0.00666EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.50 views

CVE-2016-6742

CVE-2016-6742 describes an elevation of privilege in the Synaptics touchscreen driver on Android prior to 2016-11-05, enabling a local malicious app to execute arbitrary code in the kernel if it can compromise a privileged process. Affected: Android devices with affected Synaptics driver. Root ca...

9.3CVSS7.5AI score0.00724EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.50 views

CVE-2017-0389

CVE-2017-0389 is a denial-of-service vulnerability in Android’s core networking that could be triggered by a specially crafted network packet, leading to a device hang or reboot. Affected versions per the records are Android 6.0, 6.0.1, 7.0, and 7.1 (Android ID A-31850211). Public references in t...

7.8CVSS7.1AI score0.00655EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.50 views

CVE-2017-0425

Technical details about CVE-2017-0425 are not publicly provided in the connected documents. The materials confirm a moderate information-disclosure issue in Android Audioserver but lack specifics on affected builds, exploit vectors, or fixes.

5.5CVSS4.9AI score0.00564EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.50 views

CVE-2017-0487

CVE-2017-0487 describes a denial-of-service vulnerability in Android’s Mediaserver. A specially crafted media file could cause a device hang or reboot, impacting Android 6.0/6.0.1/7.0/7.1.1. The vulnerability is exposed via Mediaserver’s media processing path and is classified with higher risk du...

7.1CVSS5.4AI score0.00759EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.50 views

CVE-2017-0522

CVE-2017-0522 describes an elevation of privilege in a MediaTek APK on Android that could allow a local malicious app to execute code in a privileged process. The issue is characterized as High impact with local execution of arbitrary code within a privileged context. The affected component is th...

9.3CVSS7.2AI score0.00681EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.50 views

CVE-2017-0636

CVE-2017-0636 is an elevation of privilege in the MediaTek command queue driver on Android, enabling a local attacker to execute arbitrary code in the kernel context. Affected component: MediaTek command queue driver (MediaTek components in the 2017-06 Android bulletin). Root cause: vulnerability...

7.6CVSS6.9AI score0.00665EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.50 views

CVE-2017-0702

CVE-2017-0702 is a remote code execution vulnerability in Android System UI (Android 7.1.1/7.1.2). Connected CNVD-2017-21551 and NVD records describe a System UI RCE affecting these versions. Public exploit details are not provided in the documents. Android bulletin guidance indicates applying th...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.50 views

CVE-2017-0808

CVE-2017-0808 is an information-disclosure vulnerability in the Android framework file system affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-62301183). The issue is documented across multiple sources; the core detail is unauthorized access to sensitive information via the framework fil...

7.5CVSS6.8AI score0.00622EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.50 views

CVE-2017-0850

The CVE-2017-0850 entry affects Android’s media framework (libstagefright) and is an information-disclosure vulnerability in Android 7.0, 7.1.1, and 7.1.2. The issue is documented in the Pixel/Nexus security bulletin under the Media framework section with Android IDs and notes that a patch level ...

5.3CVSS5.4AI score0.00431EPSS
CVE
CVE
added 2018/01/12 3:0 p.m.50 views

CVE-2017-0869

CAVEAT: CVE-2017-0869 is tied to the NVIDIA driver. The vulnerability is described as an integer overflow in the driver that can lead to a use-after-free and a potential elevation of privilege enabling code execution as a privileged process. Affected component: NVIDIA driver (Android context). Im...

7.8CVSS7.6AI score0.00195EPSS
CVE
CVE
added 2018/03/30 3:0 p.m.50 views

CVE-2017-11010

CVE-2017-11010 affects Qualcomm closed-source components in Android (devices using Snapdragon IoT and listed SD/mobiles). Description from the CVE: leaving a configuration space unprotected due to faulty access control. Impact as per CVSS: Critical/HIGH on confidentiality, integrity, and availabi...

10CVSS8.3AI score0.01358EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.50 views

CVE-2017-11012

The CVE-2017-11012 issue is described across multiple sources as a stack-based buffer overflow in Qualcomm WLAN components used by Android on MSM platforms, triggered by processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_ENCRYPTION_TEST cfg80211 vendor command. Connected CNVD entry attribut...

7.8CVSS7.3AI score0.00105EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.50 views

CVE-2017-11024

CVE-2017-11024 describes a race condition in the rmnet USB control driver within Android/CAF Linux-kernel based builds on MSM platforms, which can lead to a Use-After-Free condition. Affected: Android MSM, Firefox OS for MSM, and QRD Android releases using CAF Linux kernel. Impact is described as...

7.8CVSS7AI score0.00138EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.50 views

CVE-2017-11026

CVE-2017-11026 affects Android on Qualcomm MSM devices with CAF Linux kernel during FRP partition flashing. Descriptions in NVD/CNVD indicate an authentication flaw where the authentication method can be compromised for static keys when flashing the FRP partition using a reference FRP unlock. Thi...

7.8CVSS7.2AI score0.00135EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.50 views

CVE-2017-11051

CVE-2017-11051 affects Android for MSM and related CAF/Linux kernel builds. The root cause is that hb_params in __wlan_hdd_cfg80211_testmode is not zero-initialized, enabling an information-disclosure vulnerability. Impact is described as information disclosure with network attack vector; exploit...

7.5CVSS6.8AI score0.00514EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.50 views

CVE-2017-11079

Technical details for CVE-2017-11079 are not publicly available in the provided documents. Monitor for updates from authoritative sources.

9.8CVSS7.8AI score0.00442EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.50 views

CVE-2017-11090

CVE-2017-11090 involves a buffer overread in the WLAN PMKID handling path (__wlan_hdd_cfg80211_set_pmksa) when a PMKID shorter than WLAN_PMKID_LEN is provided. Affected platforms include Android for MSM, Firefox OS for MSM, QRD Android, and CAF-based Android builds using the Linux kernel. The roo...

7.5CVSS7.3AI score0.00412EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.50 views

CVE-2017-11091

CVE-2017-11091 concerns a Use-After-Free condition in the Android MSM/CAF Linux kernel driver path /dev/mdss_rotator, triggered in the function mdss_rotator_ioctl. The issue is described as a Use-After-Free potentially occurring due to a fence being installed too early, affecting Android builds a...

7.8CVSS7AI score0.00138EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.50 views

CVE-2017-13154

CVE-2017-13154 is an elevation-of-privilege vulnerability in Android’s media framework (libstagefright) affecting Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue is documented across multiple sources (NVD, CVE lists, Android Pixel/Nexus bulletin) and is categorized as Eo...

7.8CVSS7.5AI score0.00148EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.50 views

CVE-2017-13174

CVE-2017-13174 is documented in the Android kernel (EDL) as an Elevation of Privilege issue. Connected sources confirm it is part of the 2017-12-05 patch level kernel fixes, but no detailed affected versions or explicit remediation steps are provided beyond this bulletin reference.

7.8CVSS7.4AI score0.0018EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.50 views

CVE-2017-13183

The CVE-2017-13183 issue is a race condition in the Media framework of Android 8.1 affecting OMXNodeInstance::useBuffer and IOMX::freeBuffer, causing a use-after-free that can lead to local elevation of privilege and code execution in a privileged process. Exploitation is described as requiring u...

7CVSS7.1AI score0.00147EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.50 views

CVE-2017-13217

CVE-2017-13217 affects the LG Bootloader’s DisplayFtmItem in Android. It is an out-of-bounds write caused by reading a string without verifying it is null-terminated, enabling a local elevation of privilege and a secure-boot bypass that could let code execute with high privileges. Exploitation is...

7.8CVSS7.7AI score0.00202EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.50 views

CVE-2017-13221

CVE-2017-13221 is an Elevation of Privilege (EoP) vulnerability affecting the Upstream kernel WiFi driver in Android devices (Android kernel). The connected documents consistently describe a local vulnerability that could allow a non-privileged attacker to escalate privileges via the kernel WiFi ...

7.8CVSS7.3AI score0.0018EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.50 views

CVE-2017-13268

The CVE-2017-13268 entry corresponds to an Information Disclosure in the Android system Bluetooth stack. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is categorized as a System vulnerability with Moderate severity in the Pixel/Android bulletin. P...

4.3CVSS4.2AI score0.00195EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.50 views

CVE-2017-13278

CVE-2017-13278 affects Android’s MediaPlayerService::Client::notify in MediaPlayerService.cpp, with a use-after-free that can allow local elevation of privilege without extra execution privileges. Impacted Android versions: 6.0–8.1 (6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1). Description notes no u...

7.8CVSS7.6AI score0.00456EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.50 views

CVE-2017-14902

CVE-2017-14902 describes a race condition in the GLink kernel driver across Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The vulnerability is a Use-After-Free in the GLink driver that can potentially allow a local attacker to compromise the device (as indic...

7CVSS6.5AI score0.00113EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.50 views

CVE-2017-14908

CVE-2017-14908 concerns the SafeSwitch test application on Android for MSM/CAF Linux builds (including Qualcomm components) not properly validating the number of blocks. Connected sources confirm the issue affects Android stacks (CAF Linux kernel-based builds) and can involve Qualcomm closed-sour...

10CVSS7.7AI score0.00726EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.50 views

CVE-2017-15815

CVE-2017-15815 describes a potential buffer overflow in the WLAN processing path of Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel, specifically when handling 802.11 MGMT frames (e.g., Auth) inside limProcessAuthFrame. The issue is triggered during processing o...

10CVSS9AI score0.01468EPSS
CVE
CVE
added 2018/01/10 7:0 p.m.50 views

CVE-2017-15849

CVE-2017-15849 affects Qualcomm Display in Android/CAF builds for MSM, where a LayerStack can be destroyed between Validate and Commit by the application, causing a Use-After-Free condition. The issue is described in multiple sources (NVD entry and related CVEs) as a high-severity (EoP) vulnerabi...

9.3CVSS7.2AI score0.00614EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.50 views

CVE-2017-15852

CVE-2017-15852 is an information-disclosure vulnerability affecting Qualcomm MSM camera components, specifically an ISPIF/base address exposure in the camera driver (Framebuffer path referenced in Pixel/Qualcomm mappings). The NVD entry describes an information leak of the ISPIF base address that...

7.8CVSS7.3AI score0.00158EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.50 views

CVE-2017-17764

CVE-2017-17764 describes an integer overflow in the firmware-driven buffer-size calculation inside Qualcomm WLAN’s wma_rx_aggr_failure_event_handler() for CAF Android/Linux-kernel builds. The flaw can allow a crafted failure-info value to cause a buffer overflow, enabling local elevation of privi...

7.8CVSS7.4AI score0.00174EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.50 views

CVE-2017-17767

CVE-2017-17767 affects Qualcomm Media framework on Android CAF builds using the Linux kernel. The underlying issue is a use-after-free in the IL client where an OMX Video Encoder Component buffer is freed and then subsequently accessed, enabling Elevation of Privilege by a local attacker. Affecte...

7.8CVSS7.4AI score0.00161EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.50 views

CVE-2017-18050

The CVE-2017-18050 entry affects Android for MSM, Firefox OS for MSM, QRD Android, and CAF-based Android with the Linux kernel. The root cause is improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which processes data from firmware, risking a buffer overwrite and an ...

7.8CVSS7.3AI score0.0016EPSS
Total number of security vulnerabilities8153