Lucene search

K

525 matches found

CVE
CVE
added 2016/11/25 4:59 p.m.31 views

CVE-2016-6702

A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of...

7.8CVSS7.7AI score0.01572EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.31 views

CVE-2016-6719

An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is r...

5.5CVSS5.8AI score0.00041EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.30 views

CVE-2014-9800

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.

9.3CVSS7.6AI score0.00145EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.30 views

CVE-2016-0850

The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to bypass intended pairing restrictions via a crafted device, aka internal bug 26551752.

8.8CVSS7.5AI score0.00085EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.30 views

CVE-2016-2423

server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mech...

6.6CVSS6.2AI score0.00017EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.30 views

CVE-2016-2444

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332.

7.6CVSS7AI score0.00058EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.30 views

CVE-2016-2450

codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig...

9.3CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.30 views

CVE-2016-2495

SampleTable.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28076789.

7.1CVSS6AI score0.00284EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.30 views

CVE-2016-2501

The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.30 views

CVE-2016-3750

libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate the return value of the dup system call, which allows attackers to bypass an isolation protection mechanism via a crafted application...

7.8CVSS7.3AI score0.0003EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.30 views

CVE-2016-3761

NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969.

4CVSS4.6AI score0.00018EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.30 views

CVE-2016-3765

decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before 2016-07-01 allows attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted application, aka internal bug 28168413.

7.7CVSS7.1AI score0.00062EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.30 views

CVE-2016-3768

The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.30 views

CVE-2016-3797

The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.30 views

CVE-2016-3800

The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.30 views

CVE-2016-3816

The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28402240.

5.5CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.30 views

CVE-2016-3848

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.

7.6CVSS7AI score0.0006EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.30 views

CVE-2016-3855

drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm in...

7.8CVSS7.8AI score0.00083EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.30 views

CVE-2016-3869

The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.

9.3CVSS7.5AI score0.00133EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.30 views

CVE-2016-3888

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Set...

2.1CVSS4.5AI score0.00022EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.30 views

CVE-2016-3900

cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260...

9.3CVSS8AI score0.00135EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.30 views

CVE-2016-3905

CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449.

9.3CVSS8AI score0.00061EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.30 views

CVE-2016-3908

The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.

5.5CVSS6.2AI score0.0009EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.30 views

CVE-2016-3917

The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668.

7.8CVSS8.2AI score0.00065EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.30 views

CVE-2016-6685

The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628.

5.5CVSS5.7AI score0.00063EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.30 views

CVE-2016-6695

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.

9.8CVSS9.4AI score0.00217EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.30 views

CVE-2016-6696

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.

9.8CVSS9.5AI score0.00217EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.29 views

CVE-2016-2445

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.

7.6CVSS7AI score0.00043EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.29 views

CVE-2016-2456

The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.

7CVSS7AI score0.00061EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.29 views

CVE-2016-2472

The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.29 views

CVE-2016-2490

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.29 views

CVE-2016-2502

drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.

9.3CVSS7.5AI score0.00088EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.29 views

CVE-2016-3745

Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or SignatureOrSystem access...

9.8CVSS8.1AI score0.00182EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.29 views

CVE-2016-3792

CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 and Qualcomm internal bug CR561022.

9.3CVSS7.5AI score0.00088EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.29 views

CVE-2016-3801

The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug ALPS02688853.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.29 views

CVE-2016-3803

The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.

9.3CVSS7.4AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.29 views

CVE-2016-3818

libc in Android 4.x before 4.4.4 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 28740702.

7.1CVSS5.7AI score0.00145EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.29 views

CVE-2016-3868

The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.

9.3CVSS7.5AI score0.00134EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.29 views

CVE-2016-3878

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 mishandles the case of decoding zero MBs, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29493002.

7.1CVSS5.7AI score0.00406EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.29 views

CVE-2016-3882

Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811...

6.5CVSS6.7AI score0.00208EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.29 views

CVE-2016-3895

Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.

5.5CVSS5.7AI score0.00154EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.29 views

CVE-2016-3903

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29513227 and Qualcomm inter...

9.3CVSS8AI score0.00059EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.29 views

CVE-2016-6673

The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201.

9.3CVSS8AI score0.00044EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.29 views

CVE-2016-6716

An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requ...

5.5CVSS5.8AI score0.00041EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.29 views

CVE-2016-6718

An elevation of privilege vulnerability in the Account Manager Service in Android 7.0 before 2016-11-01 could enable a local malicious application to retrieve sensitive information without user interaction. This issue is rated as Moderate because it is a local bypass of user interaction requirement...

5.5CVSS5.6AI score0.00054EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.29 views

CVE-2016-6752

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

5.5CVSS5.1AI score0.00072EPSS
CVE
CVE
added 2016/10/31 10:59 a.m.29 views

CVE-2016-7988

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-...

7.8CVSS7.2AI score0.00091EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.28 views

CVE-2016-2440

libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896.

9.3CVSS7.4AI score0.00043EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.28 views

CVE-2016-2458

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java...

5.5CVSS5.5AI score0.00125EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.28 views

CVE-2016-2478

mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or Signatur...

9.3CVSS8AI score0.00043EPSS
Total number of security vulnerabilities525