8153 matches found
CVE-2023-32884
In netdagent, the vulnerability is an information disclosure caused by an incorrect bounds check, enabling local escalation of privilege with System-level execution privileges. Affected component: netdagent (no specific versions provided in the connected docs). Impact is described as high for con...
CVE-2023-4164
CVE-2023-4164 affects Google Pixel Watch. It describes a local information-disclosure vulnerability caused by a missing permission check that could expose health data without extra privileges. Public details confirm the issue but do not provide exploit specifics. Impact is focused on confidential...
CVE-2023-42637
CVE-2023-42637 concerns the validationtools component, where a missing permission check could allow local information disclosure without additional execution privileges. The available connected documents confirm the issue but do not provide concrete product/version mappings, exploit details, or a...
CVE-2024-20012
The CVE-2024-20012 issue affects MediaTek’s keyInstall module, caused by a type-confusion bug that enables local privilege escalation to System level. Exploitation reportedly requires no user interaction. The available patch reference is ALPS08358566 (Issue ALPS08358566). No exploitation details ...
CVE-2024-20074
CVE-2024-20074 concerns the component “dmc,” with a possible out-of-bounds write caused by a missing bounds check. This could enable local escalation of privilege to System privileges, with no user interaction required. Reported patches include Patch ID ALPS08668110 and Issue ID MSV-1333. Multipl...
CVE-2024-20087
In vdec, there is an out-of-bounds write caused by a missing bounds check that could lead to local privilege escalation requiring System execution privileges. User interaction is not needed for exploitation. Patch ID: ALPS08932916; Issue ID: MSV-1550. References and related notes across multiple ...
CVE-2024-20097
CVE-2024-20097 concerns the vdec component in MediaTek chips, with an out-of-bounds read due to a missing bounds check. This could lead to local information disclosure and system-level privileges as stated in multiple sources. Exploitation details (e.g., affected versions or vectors) are not prov...
CVE-2024-20110
The CVE-2024-20110 entry describes a vulnerability in the ccu component (MediaTek-related) where an out-of-bounds write can occur due to a missing bounds check. This could enable local escalation of privilege, requiring System execution privileges and no user interaction for exploitation. Affecte...
CVE-2024-20136
CVE-2024-20136 describes a potential out-of-bounds read in the component named “da” due to a missing bounds check, which could lead to local information disclosure without requiring user interaction. The impact is limited to confidentiality (high) with no indicated impact on integrity or availabi...
CVE-2024-39427
CVE-2024-39427 affects the trusty service, where a missing bounds check enables an out-of-bounds write. This can cause local denial of service and may require system privileges for exploitation. Multiple connected sources (e.g., Red Hat advisory, NVD entry) confirm the same description; no explic...
CVE-2024-56192
CVE-2024-56192 affects Google Pixel Watch: a missing bounds check in wl_notify_gscan_event (wl_cfgscan.c) enables an out-of-bounds write that could allow local privilege escalation without user interaction. Exploitation status is not provided in the supplied documents; remediation is to apply pat...
CVE-2025-20639
The CVE refers to MediaTek DA module’s out-of-bounds write caused by a missing bounds check, enabling local privilege escalation with physical access and requiring user interaction. Affected: DA component; Root cause: bounds-check omission. Impact: confidentiality, integrity, and availability rat...
CVE-2025-32320
CVE-2025-32320 affects Android System UI and describes a confused-deputy issue that can lead to local elevation of privilege: an attacker could view other users’ images without extra execution privileges or user interaction. Affected component is Android System UI; root cause is improper access c...
CVE-2011-1352
The CVE-2011-1352 issue affects the PowerVR SGX driver used in Android prior to 2.3.6. A local attacker can trigger kernel memory corruption via the pvrsrvkm device by supplying crafted user data, enabling privilege escalation to root. Multiple connected sources (including Levitator exploit code,...
CVE-2014-7920
CVE-2014-7920 affects the Android mediaserver component. The entry describes a privilege-escalation flaw in mediaserver present on Android 2.2–5.x up to before 5.1, enabling attackers to gain privileges. The documents do not specify the exact root cause or exploit details, and no remediation/patc...
CVE-2014-7952
CVE-2014-7952 affects the Android backup/restore flow via ADB. The backup manager does not filter the data stream from apps’ BackupAgent, enabling a malicious BackupAgent (no Android permissions) to inject extra APKs into the backup archive. Upon restoration, the system installs the injected APKs...
CVE-2014-9779
CVE-2014-9779 affects the Android kernel component arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c (Qualcomm) on Nexus 5, where Android builds before 2016-07-05 allow an attacker to read kernel memory via a crafted offset. The entry identifies Android internal bug 28598347 and Qualcomm bug CR548679 as ...
CVE-2014-9798
CVE-2014-9798 concerns the Qualcomm bootloader on Nexus 5 running Android before 2016-07-05. The flaw arises in platform/msm_shared/dev_tree.c where the bootloader does not validate the relationship between tag addresses and aboot addresses, enabling a crafted application to cause a denial-of-ser...
CVE-2014-9865
CVE-2014-9865 affects Android on Nexus 5 and Nexus 7 (2013) due to improper input restriction in drivers/misc/qseecom.c within Qualcomm components, enabling privilege escalation via a crafted application. Affected description notes elevation of privilege through user-space input, linked to Androi...
CVE-2014-9874
CVE-2014-9874 is a buffer overflow in Qualcomm components of Android (before 2016-08-05) affecting Nexus 5, 5X, 6P and 7 (2013). The root cause is memory corruption in audio_utils.c and q6asm.c (Android internal bug 28751152; Qualcomm bug CR563086). Impact is privilege escalation via a crafted ap...
CVE-2014-9926
Technical details about CVE-2014-9926 (GNSS Use-After-Free in CAF Linux kernel) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2014-9957
CVE-2014-9957 is a privilege-escalation issue in Qualcomm closed-source components used by Android kernel. The NVD entry describes an Elevation of Privilege vulnerability affecting Qualcomm closed-source code; CVSSv3 vector indicates a network-exposed scenario with high impact to confidentiality,...
CVE-2014-9980
Technical details for CVE-2014-9980 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2015-1527
CVE-2015-1527 is tied to an integer overflow in IAudioPolicyService.cpp in Android, enabling local privilege escalation via a crafted app (Android Bug ID 19261727). Public records consolidate this as a local‑privilege‑escalation flaw in the Android audio policy service. The connected sources refe...
CVE-2015-3829
CVE-2015-3829 is an Android Stagefright vulnerability caused by an off-by-one error in MPEG4Extractor::parseChunk (libstagefright) that can allow remote code execution or memory corruption via crafted MPEG-4 covr atoms with size SIZE_MAX. Affected software: Android versions prior to 5.1.1 LMY48I....
CVE-2015-7889
CVE-2015-7889 affects the Samsung SecEmailComposer/EmailComposer on Galaxy S6 Edge prior to the October 2015 maintenance release. The vulnerability arises from weak permissions on the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service, allowing an unprivileged app with knowled...
CVE-2015-8073
CVE-2015-8073 concerns the Android mediaserver. The connected sources confirm a memory-corruption vulnerability in mediaserver that affects Android 4.4 and 5.1 prior to 5.1.1 LMY48X, with remote code execution or denial of service possible via a crafted media file. The root cause is described as ...
CVE-2015-8594
CVE-2015-8594 is a buffer over-read vulnerability reported for Qualcomm CAF Android builds using the Linux kernel, affecting Qualcomm components in the RFA-1x area. The NVD entry lists a highly severe impact (CVSSv3 base score 9.8, CRITICAL) with network attack vector and no user interaction, ind...
CVE-2015-8997
CVE-2015-8997 is described in the Connected documents as a time-of-check time-of-use race condition in the listener routine of TrustZone on Android CAF builds using the Linux kernel. The vulnerability is tied to TrustZone’s listener code, with public sources noting a TOCTOU race condition potenti...
CVE-2015-9014
CVE-2015-9014 is an Elevation of Privilege in Qualcomm closed‑source components affecting Android kernel. The vulnerability is described as a privilege escalation within Qualcomm components integrated into Android; impact is elevated privileges without user interaction. The Connected documents co...
CVE-2015-9029
CVE-2015-9029 is an Android CAF/Linux kernel vulnerability affecting the access control settings of modem memory. The issue is described as a memory-access control flaw in CAF Android releases, with a CVSS v3 base score of 7.8 (HIGH) and local attack vector requiring user interaction, impacting c...
CVE-2015-9064
CVE-2015-9064 affects Qualcomm components used in Android CAF builds on the Linux kernel. The issue enables a UE to send its IMEI or IMEISV to the network in response to a network request before NAS security is activated. This vulnerability is described consistently across multiple sources (NVD/N...
CVE-2016-0832
The CVE-2016-0832 issue is a Setup Wizard vulnerability in Android: versions 5.1.x prior to LMY49H and 6.x prior to 2016-03-01 are affected. A physically proximate attacker could bypass Factory Reset Protection and delete data via unspecified vectors (internal bug 25955042). The connected sources...
CVE-2016-0836
CVE-2016-0836 is a stack-based buffer overflow in mediaserver's decoder/impeg2d_vld.c used by Android 6.x. The vulnerability allows remote attackers to trigger memory corruption and potentially execute code or cause a denial of service via a crafted media file. Affected component is mediaserver i...
CVE-2016-10242
CVE-2016-10242 describes a time-of-check time-of-use race condition in the secure file system used by CAF Android builds that rely on the Linux kernel. The root cause is a TOCTOU race allowing inconsistent file-system state during security checks, potentially enabling unauthorized access or behav...
CVE-2016-10280
CVE-2016-10280 is an elevation of privilege in the MediaTek thermal driver that could allow a local malicious Android app to execute code in the kernel. The issue requires compromising a privileged process and is rated High. Per the 2017-05 Android bulletin, the patch is not publicly available an...
CVE-2016-10333
CVE-2016-10333 affects Android builds from CAF using the Linux kernel. The available details state that a sensitive system call was allowed to be called by HLOS, indicating a potential misuse of privileged interfaces. The documents do not provide explicit impact, affected versions, or remediation...
CVE-2016-10334
CVE-2016-10334 affects Android CAF builds using the Linux kernel; a dynamically-protected DDR region could potentially be overwritten. The available documents identify the issue and reference Android security bulletins, but do not provide specific root-cause details, affected product versions, or...
CVE-2016-10343
CVE-2016-10343 describes a memory leak in Qualcomm components across Android CAF builds when an SSL handshake failure with ClientHello rejection occurs. Affected are Qualcomm-provided, closed-source components used in Qualcomm-based Android devices; root cause is memory being leaked during the TL...
CVE-2016-10393
CVE-2016-10393 describes an integer-overflow in Android for MSM, Firefox OS for MSM, and QRD Android builds (CAF Linux kernel) when processing oversized clips. This causes the allocated buffer to be smaller than needed, enabling potential buffer overflow during subsequent operations. The vulnerab...
CVE-2016-11040
Technical details for CVE-2016-11040 are not publicly provided in the supplied documents. Monitor for updates and future disclosures.
CVE-2016-11053
CVE-2016-11053 concerns a Factory Reset Protection (FRP) bypass on Samsung mobile devices with software up to 2015-11-11 (FRP/RL support). The entry notes the Samsung ID SVE-2015-5131 (January 2016). The description indicates an FRP bypass vulnerability, but does not provide technical details on ...
CVE-2016-1155
The CVE-2016-1155 entry concerns an HTTP header injection vulnerability in the URLConnection class across Android OS versions 2.2–6.0. The root cause is HTTP header injection that enables a remote attacker to execute arbitrary scripts or set arbitrary values in cookies. Public references in the c...
CVE-2016-2413
CVE-2016-2413 affects Android mediaserver: media/libmedia/IOMX.cpp in mediaserver does not initialize a handle pointer. This vulnerability enables a local attacker to gain privileges via a crafted application, demonstrated by obtaining Signature or SignatureOrSystem access. Affected Android versi...
CVE-2016-2457
CVE-2016-2457 affects Android Wi‑Fi, specifically server/pm/UserManagerService.java, and is described as a bypass against restrictions on Wi‑Fi configuration changes via guest access in Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-05-01). The connected documents confir...
CVE-2016-2462
Summary (CVE-2016-2462) : In Android 6.x, the Conscrypt/OpenSSL binding (OpenSSLCipher.java) mishandled updates to the AAD array, enabling possible spoofing of message authentication via unspecified vectors (internal bug 27371173). This is a local/authenticated context issue due to the cipher sta...
CVE-2016-2467
Summary: CVE-2016-2467 is an Elevation of Privilege vulnerability affecting the Qualcomm sound driver on Android devices prior to 2016-06-01, notably Nexus 5. A local attacker could gain privileges by presenting a crafted application, per Android/Qualcomm disclosures. Affected component: Qualcomm...
CVE-2016-2471
The CVE-2016-2471 entry concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) devices prior to 2016-06-01. A crafted application can cause privilege escalation by abusing the Qualcomm Wi‑Fi driver, enabling local code execution with kernel privileges. The Android 2016-06-01 security bul...
CVE-2016-2506
CVE-2016-2506 affects Android Mediaserver (libstagefright DRMExtractor.cpp). The vulnerability arises from missing validation of a certain offset value in media processing, enabling a remote attacker to execute arbitrary code or cause memory corruption via a crafted media file. Affected Android v...
CVE-2016-3744
CVE-2016-3744 describes a buffer overflow in the create_pbuf function (btif/src/btif_hh.c) within Bluetooth on Android, exploitable during pairing. Affected Android versions include 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, enabling remote attackers to g...