Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/04/04 5:0 p.m.50 views

CVE-2017-13268

The CVE-2017-13268 entry corresponds to an Information Disclosure in the Android system Bluetooth stack. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is categorized as a System vulnerability with Moderate severity in the Pixel/Android bulletin. P...

4.3CVSS4.2AI score0.00195EPSS
CVE
CVE
added 2018/01/10 7:0 p.m.50 views

CVE-2017-15849

CVE-2017-15849 affects Qualcomm Display in Android/CAF builds for MSM, where a LayerStack can be destroyed between Validate and Commit by the application, causing a Use-After-Free condition. The issue is described in multiple sources (NVD entry and related CVEs) as a high-severity (EoP) vulnerabi...

9.3CVSS7.2AI score0.00614EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.49 views

CVE-2016-8448

CVE-2016-8448 describes an elevation-of-privilege vulnerability in MediaTek components (including the thermal and video drivers) on Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context, after compromising a privileged process. The NVD entry ...

7.6CVSS7AI score0.00562EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.49 views

CVE-2016-8471

CVE-2016-8471 describes an information-disclosure vulnerability in the MediaTek driver on Android. The issue could allow a local malicious application to access data outside its permission levels, with the impact classified as Moderate because exploitation requires compromising a privileged proce...

4.7CVSS4.4AI score0.00317EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.49 views

CVE-2016-8484

CVE-2016-8484 is an elevation-of-privilege vulnerability affecting Android kernel components within Qualcomm closed-source code. The available sources describe the issue as a privilege escalation in Qualcomm components used by Android, enabling code execution in the kernel context. No device- or ...

10CVSS8.4AI score0.01116EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.49 views

CVE-2017-0545

CVE-2017-0545 describes an elevation-of-privilege weakness in Android’s Audioserver that could let a local malicious app run arbitrary code within a privileged process. The linked sources list affected Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1, and categorize the issue as High imp...

9.3CVSS7.7AI score0.00798EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.49 views

CVE-2017-0578

CVE-2017-0578 is an elevation of privilege in the Android DTS sound driver that could allow a local malicious application to execute arbitrary code in the kernel. Affected component: Android with the DTS sound driver. Root cause: privilege escalation within the driver enabling code execution in k...

7.6CVSS6.9AI score0.00783EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.49 views

CVE-2017-0684

CVE-2017-0684 is the Android media framework elevation-of-privilege vulnerability. CNVD-2017-15960 describes it as a privilege-extraction flaw in Android’s media framework, enabling an attacker to trigger an out-of-bounds write. Affected products/versions include Android 6.0, 6.0.1, 7.0, 7.1.1, a...

9.3CVSS7.4AI score0.00414EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.49 views

CVE-2017-0696

CVE-2017-0696 is described as a denial-of-service vulnerability in the Android media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-37207120). The connected documents confirm the affected component as the Android media framework, but do not provide a detailed root cau...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.49 views

CVE-2017-0707

CVE-2017-0707 is reflected in connected documents as an Elevation of Privilege in the HTC LED driver within the Android kernel. Documents identify the affected component as the LED driver (HTC) and classify the issue as EoP (Moderate) with local impact; no detailed root-cause, exploit specifics, ...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.49 views

CVE-2017-0723

CVE-2017-0723 is an Android media framework (libavc) remote code execution vulnerability affecting Android 6.0–7.1.2. Exploitation arises from libavc handling of crafted media content; CVSSv3: HIGH, with local attack vector and user interaction required. References describe Android’s August 2017 ...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.49 views

CVE-2017-0753

CVE-2017-0753 is a remote code execution vulnerability reported in the Android libraries (libgdx), affecting Android versions 7.1.1, 7.1.2, and 8.0 (Android ID: A-62218744). The available connected documents indicate the issue is classified as RCE in the Libraries section of the Android Security ...

9.3CVSS8.3AI score0.01053EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.49 views

CVE-2017-0808

CVE-2017-0808 is an information-disclosure vulnerability in the Android framework file system affecting Android 7.0, 7.1.1, 7.1.2 and 8.0 (Android ID A-62301183). The issue is documented across multiple sources; the core detail is unauthorized access to sensitive information via the framework fil...

7.5CVSS6.8AI score0.00622EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.49 views

CVE-2017-0825

CVE-2017-0825 is an information-disclosure vulnerability in the Broadcom WiFi driver used by Android (Android kernel). Connected sources identify the issue as a Broadcom WiFi driver information leakage vulnerability affecting Android devices, with the vulnerability classified as Moderate (WiFi dr...

7.5CVSS6.8AI score0.00451EPSS
CVE
CVE
added 2018/03/30 3:0 p.m.49 views

CVE-2017-11010

CVE-2017-11010 affects Qualcomm closed-source components in Android (devices using Snapdragon IoT and listed SD/mobiles). Description from the CVE: leaving a configuration space unprotected due to faulty access control. Impact as per CVSS: Critical/HIGH on confidentiality, integrity, and availabi...

10CVSS8.3AI score0.01358EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.49 views

CVE-2017-11038

CVE-2017-11038 is a Qualcomm memory-subsystem Elevation of Privilege flaw affecting Android on MSM devices (and CAF-based kernels) where, during boot image header processing, range checks can be bypassed by supplying different header versions. This enables possible local privilege escalation. The...

7.8CVSS7.1AI score0.00139EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.49 views

CVE-2017-11040

CVE-2017-11040: Information disclosure in Qualcomm CAF Android releases using the Linux kernel. Reading from sysfs nodes may expose more information than allowed, enabling partial confidentiality loss (CVSS2: 4.3; CVSS3: 5.5). Affected: Qualcomm products with CAF Android builds on Linux kernel; i...

5.5CVSS5.9AI score0.00368EPSS
CVE
CVE
added 2018/01/10 7:0 p.m.49 views

CVE-2017-11069

CVE-2017-11069 is a heap overflow in the SafeSwitch image handling, reported for Android for MSM platforms (CAF/Linux kernel) and associated Qualcomm bootloader contexts. The vulnerability arises from manipulation of SafeSwitch Image data, and is categorized in the Qualcomm bootloader area as an ...

9.3CVSS7.1AI score0.00617EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.49 views

CVE-2017-13169

CVE-2017-13169 is an information-disclosure vulnerability in the Android kernel camera server. Affected: Android kernel (kernel camera server). Root cause not explicitly detailed in provided documents. Impact: confidentiality leakage (per CVSS metrics: partial in v2, high in v3; no integrity/avai...

7.5CVSS6.9AI score0.00412EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.49 views

CVE-2017-13185

CVE-2017-13185 is an information-disclosure vulnerability in Android’s media framework libhevc. Affected products/versions per sources: Android 7.0, 7.1.1, 7.1.2, and 8.0. The root cause is information exposure via the libhevc decoder in the Media framework (details are consistent across NVD/CNVD...

9.1CVSS7.1AI score0.00508EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.49 views

CVE-2017-13212

CVE-2017-13212 is an Elevation of Privilege in Android’s systemui affecting Android 5.1.1–8.0. The vulnerable component is the Android System UI; root cause is not detailed in the provided documents. No exploitation details are provided. The Pixel/Nexus bulletin lists this CVE under the System ca...

7.8CVSS7.4AI score0.00152EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.49 views

CVE-2017-13229

CVE-2017-13229 is a remote code execution vulnerability in the Android media framework affecting Android 7.0–8.1 (Pixel/Nexus). The Pixel security bulletin lists it as RCE in the Media framework with a patch level of 2018-02-05 to address it; no exploit details are provided in the available docum...

10CVSS7.6AI score0.01812EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.49 views

CVE-2017-13232

CVE-2017-13232 affects Android audioserver and is caused by an out-of-bounds write in a log statement using %s with a non-NULL-terminated array, leading to local information disclosure without requiring user interaction or extra privileges. Affected Android versions per the CVE entry: 5.1.1, 6.0,...

7.8CVSS6.8AI score0.00833EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.49 views

CVE-2017-13233

CVE-2017-13233 affects the Android-era libhevc decoder: the function ihevcd_ctb_boundary_strength_pbslice can exhaust resources, causing a remote temporary denial of service. Exploitation requires user interaction and can impact affected Android versions (5.1.1–8.1). The issue is tied to libhevc’...

7.1CVSS6.4AI score0.00648EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.49 views

CVE-2017-13244

CVE-2017-13244 is an Elevation of Privilege (EoP) flaw in the Android kernel Easel driver. The upstream kernel Easel component is affected, enabling privilege escalation on Android devices. The issue is classified as EoP with Moderate severity in the Pixel/Nexus bulletin, and addressed by patch l...

7.8CVSS6.8AI score0.00154EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.49 views

CVE-2017-13274

CVE-2017-13274 affects Android Runtime: UriTest.getHost() may misdetermine the web origin, enabling incorrect security decisions. Affected: Android 6.0–8.1. Impact described as high/critical (CVSS 3.0: 9.8; base vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploitation requires no user i...

9.8CVSS8.1AI score0.00543EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.49 views

CVE-2017-13288

CVE-2017-13288 affects Android 8.0 and 8.1, with a vulnerability in writeToParcel/readFromParcel of the PeriodicAdvertisingReport.java file caused by a 64/32-bit int mismatch. This leads to a permission bypass and potential local elevation of privilege by starting an activity with system privileg...

7.8CVSS7.7AI score0.00197EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.49 views

CVE-2017-13296

CVE-2017-13296 is an information-disclosure vulnerability in the Android media framework (libavc). Affected Product/Component: Android media framework (libavc) across Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Root cause: information disclosure within libavc leads to partial confid...

5.3CVSS4.8AI score0.00347EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.49 views

CVE-2017-13298

CVE-2017-13298 is an information-disclosure vulnerability in Android’s media framework (libhavc) affecting Android 6.0–8.1. The issue is described as information disclosure; no specifics on root cause are provided in the initial text. Connected sources indicate the vulnerability affected Pixel/Ne...

5.3CVSS4.8AI score0.00347EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.49 views

CVE-2017-14876

The CVE-2017-14876 vulnerability affects Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-21. The root cause is a lack of bounds checking on params->entries[i].vfe_intf in msm_ispif_config_stereo(), which can lead to a kernel out-of-bounds write. Exploitation status is not...

9.8CVSS8.8AI score0.00605EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.49 views

CVE-2017-14918

CVE-2017-14918 is documented in multiple sources as a Use-After-Free vulnerability affecting Android on MSM platforms, specifically in the GPS location wireless interface. In the Qualcomm closed-source components section, it is listed with High severity for a closed-source component. The Connecte...

10CVSS7.7AI score0.00726EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.49 views

CVE-2017-15814

The connected CNVD-2018-06014 entry describes an information-disclosure vulnerability in Google's Android Qualcomm Camera_v2 driver, caused by insufficient input validation in the driver. The issue is tied to the Camera_v2 components on Android devices using Qualcomm hardware and enables local in...

4.4CVSS4.5AI score0.00165EPSS
CVE
CVE
added 2018/12/07 2:0 p.m.49 views

CVE-2017-15835

CVE-2017-15835 affects Android variants (Android for MSM, Firefox OS for MSM, QRD Android) built on CAF with the Linux kernel. The issue lies in how the RIC Data Descriptor IE is processed in an artificially crafted 802.11 frame where the IE length exceeds 255, which may trigger an infinite loop ...

6.5CVSS6.3AI score0.00222EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.49 views

CVE-2017-15846

The CVE-2017-15846 entry affects the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-09-16. Root cause: an untrusted pointer dereference in video_ioctl2() could occur. Impact per sources is potentially high (partial to full confidentiality, integrity, and avail...

7.8CVSS7.4AI score0.0016EPSS
CVE
CVE
added 2020/04/07 3:43 p.m.49 views

CVE-2017-18657

CVE-2017-18657 concerns Samsung mobile devices running M(6.0)/N(7.x) software. The issue is an arbitrary write in a trustlet (Samsung ID SVE-2017-8893). Connected documents (Red Hat, NVD/NVD mirror, CVE lists) corroborate the same root cause description, with no publicly detailed exploit or affec...

5.3CVSS5.5AI score0.00302EPSS
CVE
CVE
added 2020/04/07 2:39 p.m.49 views

CVE-2017-18673

CVE-2017-18673 affects Samsung mobile devices running N(7.x) software. The issue allows an attacker to disable the Location service on a locked device, preventing the rightful owner from locating a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). Public documents do not provide details ...

2.4CVSS4.1AI score0.00133EPSS
CVE
CVE
added 2020/04/07 2:38 p.m.49 views

CVE-2017-18674

CVE-2017-18674 affects Samsung mobile devices running Android N (7.0); the Timaservice time service is susceptible to a kernel panic. The issue is associated with Samsung ID SVE-2017-8593, May 2017. CVSS indicates network attack vector with low privileges required and high availability impact. Th...

7.8CVSS7.4AI score0.00422EPSS
CVE
CVE
added 2020/04/07 2:37 p.m.49 views

CVE-2017-18675

CVE-2017-18675 affects Samsung mobile devices on M(6.0)/N(7.x) with Exynos7420/Exynos8890. The issue is in the Camera application, which can leak uninitialized memory via the ion subsystem. The Red Hat and NVD records reiterate the same description; no additional exploit details, affected version...

7.5CVSS7.6AI score0.00415EPSS
CVE
CVE
added 2020/04/07 2:34 p.m.49 views

CVE-2017-18676

CVE-2017-18676 affects Samsung mobile devices running Android N (7.0) on Qualcomm chipsets and is described as an RKP kernel protection bypass caused by a lack of MSR trapping, enabling potential unwanted memory mappings. The issue is tied to Samsung ID SVE-2016-7901 (April 2017). Connected docum...

7.5CVSS7.5AI score0.00364EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.49 views

CVE-2017-6426

CVE-2017-6426 is a documented information-disclosure vulnerability in the Qualcomm SPMI driver (Android kernel). A local-attack requires user interaction and could let a malicious local app access data outside its permission levels. Affected are Pixel and Pixel XL devices per the CVE list. The so...

4.3CVSS4.7AI score0.00421EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.49 views

CVE-2017-7367

CVE-2017-7367 concerns an integer underflow in the boot image processing path on Android CAF builds using the Linux kernel. The available connected documents identify this as a DoS-type issue (bootloader component) with a high-severity impact profile. The exact affected products, versions, and fi...

9.3CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.49 views

CVE-2017-7373

CVE-2017-7373 affects Android CAF builds using the Linux kernel display/video driver, describing a double‑free flaw. The Android bulletin attributes EoP potential to this issue and notes patches in the 2017-06-05 security update; apply the corresponding updates to mitigate.

9.3CVSS7.5AI score0.0041EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.49 views

CVE-2017-8257

CVE-2017-8257 affects Qualcomm CAF Android devices using the Linux kernel, specifically the sde_rotator debug interface. The issue arises when multiple processes read registers and one process frees the debug buffer while another still uses it, creating a use-after-free-like condition. The NVD re...

7.8CVSS7.4AI score0.00283EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.49 views

CVE-2017-8268

CVE-2017-8268 affects Qualcomm components in Android CAF builds using the Linux kernel. The camera application can request frame/command buffer operations with invalid values, causing the camera driver to perform a heap buffer over-read. Documented impact is high (CVSSv3: 7.8; CVSSv2: 9.3). The v...

9.3CVSS7.4AI score0.0046EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.49 views

CVE-2017-9679

CVE-2017-9679 affects Qualcomm products with Android CAF/Linux kernel. The issue arises when a userspace string is not NULL-terminated, allowing kernel memory contents to leak to system logs. This constitutes an information disclosure risk (partial confidentiality impact) as described in the vuln...

7.5CVSS6.9AI score0.00519EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.49 views

CVE-2017-9709

CVE-2017-9709 is a privilege-escalation issue in telephony affecting Android for MSM/CAF Linux-kernel builds. Affected components are telephony-related in Android variants (Android for MSM, Firefox OS for MSM, QRD Android) with CAF kernel usage. The vulnerability is described as enabling elevatio...

9.8CVSS8.8AI score0.00442EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.49 views

CVE-2017-9715

The CVE-2017-9715 entry describes a buffer over-read in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android releases using the Linux kernel when processing a vendor command. The underlying vulnerability is a buffer over-read (noted as an information disclosure risk) with affected co...

7.5CVSS7AI score0.00514EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.49 views

CVE-2017-9723

CVE-2017-9723 affects the synaptics_dsx touchscreen driver used in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-06-05. The issue arises because a stack-allocated buffer size can be set to exceed the size of the stack, enabling a stack-based overflow. The connected documents ...

7.8CVSS7.4AI score0.00172EPSS
CVE
CVE
added 2018/09/06 2:0 p.m.49 views

CVE-2018-11263

CVE-2018-11263 concerns CAF-derived Android WLAN code in the Linux kernel used on Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when the radio_id received from the FW is greater than or equal to the maximum, allowing an out-of-bounds write while copying radio stats. The v...

8.8CVSS8.2AI score0.00474EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.49 views

CVE-2018-11276

CVE-2018-11276 is a kernel-level vulnerability in the CAF Qualcomm Linux kernel used by Android for MSM, Firefox OS for MSM, and QRD Android. The issue is a double free of memory during driver probe failure, where memory allocated is freed twice, risking kernel instability or a crash. Documented ...

7.8CVSS7.4AI score0.00187EPSS
Total number of security vulnerabilities8153