Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2024/01/02 2:49 a.m.49 views

CVE-2023-32879

The CVE-2023-32879 entry is connected to MediaTek devices, specifically a vulnerability in the battery module where a missing bounds check allows an out-of-bounds write. This leads to local escalation of privilege with System-level execution privileges required, and exploitation is not shown as r...

6.7CVSS6.7AI score0.00091EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.49 views

CVE-2023-33884

CVE-2023-33884 reflects a vulnerability in the telephony service where a missing privilege check enables local information disclosure without extra execution privileges. The issue affects UNISOC chipsets (examples include SC9863A/SC9832E/SC7731E/T610/T310/T606/T760/T618/T616/T770/T820/S8000 and r...

5.5CVSS5.2AI score0.00099EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.49 views

CVE-2023-42648

CVE-2023-42648 affects UNISOC chipsets in engineermode, where a missing permission check can lead to local information disclosure without requiring elevated privileges. The available connected documents confirm the root cause (in engineermode) and the potential impact (local information disclosur...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/09/27 2:1 p.m.49 views

CVE-2023-44126

The CVE-2023-44126 issue concerns the Android Call management component (com.android.server.telecom) patched by LG. The vulnerability arises because LG’s patch sends a large number of LG-owned implicit broadcasts that disclose sensitive telephony data to all third-party apps on the same device. T...

5.5CVSS4.3AI score0.00121EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.49 views

CVE-2023-52351

The CVE-2023-52351 issue affects the ril service in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local denial of service with System execution privileges required. Affected component: ril service (UNISOC). Impact is described as local D...

7.8CVSS6.7AI score0.00088EPSS
CVE
CVE
added 2024/02/05 5:59 a.m.49 views

CVE-2024-20016

Inged ged module, CVE-2024-20016 involves a possible out-of-bounds write caused by an integer overflow, leading to local denial of service with system execution privileges required and no user interaction. Patch ID ALPS07835901 is noted; issue ID ALPS07835901. Red Hat and other feeds corroborate ...

4.4CVSS4.7AI score0.00107EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.49 views

CVE-2024-20098

The CVE-2024-20098 issue concerns Power module boundary checks: a possible out-of-bounds write may enable local escalation of privilege with System execution privileges required, and no user interaction is needed. Multiple connected sources (NVD, Red Hat, OSV, CVE lists, PT Security, CNNVD) corro...

6.7CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.49 views

CVE-2024-20114

CVE-2024-20114 affects the ccu component (MediaTek CCU family). It describes a possible out-of-bounds write caused by a missing bounds check, potentially enabling local escalation of privilege with System execution privileges. Exploitation requires no user interaction per the description. The pat...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.49 views

CVE-2024-20123

In vdec, a vulnerability described as an out-of-bounds read from improper structure design could cause local information disclosure with system execution privileges required. Notably, exploitation requires no user interaction, and the issue is associated with Patch ID ALPS09008925 and Issue MSV-1...

4.4CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2025/03/10 8:50 p.m.49 views

CVE-2024-56191

The CVE-2024-56191 issue affects Google Pixel Watch, rooted in an integer overflow in dhd_process_full_gscan_result (dhd_pno.c). The vulnerability allows local elevation of privilege without additional execution privileges and does not require user interaction. Affected component/file: dhd_pno.c ...

8.4CVSS7.2AI score0.00085EPSS
CVE
CVE
added 2025/09/05 4:10 p.m.49 views

CVE-2025-32320

CVE-2025-32320 affects Android System UI and describes a confused-deputy issue that can lead to local elevation of privilege: an attacker could view other users’ images without extra execution privileges or user interaction. Affected component is Android System UI; root cause is improper access c...

7.8CVSS6.2AI score0.00073EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.49 views

CVE-2026-0076

CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.49 views

CVE-2026-0078

CVE-2026-0078 affects Android’s DevicePolicyManagerService (setGlobalProxy). The issue is a desync in persistence caused by improper input validation, enabling local privilege escalation with no extra execution privileges required. Exploitation is described as local and does not require user inte...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2018/04/20 9:0 p.m.48 views

CVE-2014-0900

CVE-2014-0900 affects the Android Device Administrator code prior to 4.4.1_r1. The root cause is the failure to update the mAdminMap data structure, which may allow an attacker to spoof device administrators and thereby bypass Mobile Device Management (MDM) restrictions. Documents indicate the im...

8.8CVSS8.4AI score0.00493EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.48 views

CVE-2014-9896

Technical details (affected product/component, root cause, impact, fix) are not publicly provided in the connected documents. Please monitor for updates from official advisories to obtain confirmed remediation guidance.

5.5CVSS5.2AI score0.0046EPSS
CVE
CVE
added 2017/01/18 5:0 p.m.48 views

CVE-2014-9910

CVE-2014-9910 is a local elevation-of-privilege in the Broadcom Wi‑Fi driver on Android that could allow a malicious local app to run code in kernel context. The issue requires compromising a privileged process and affects Android, with no specific patch version or remediation provided in the sup...

7.6CVSS6.8AI score0.00532EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2014-9928

Technical details are not publicly available in the provided documents. Monitor for updates and new disclosures regarding CVE-2014-9928.

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2014-9948

CVE-2014-9948 is described as an Improper Validation of Array Index vulnerability in TrustZone across CAF Android releases that use the Linux kernel. The affected component is TrustZone; the root cause is improper validation of an array index. The CVSS3 metrics indicate a HIGH-severity, with a ba...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.48 views

CVE-2014-9954

CVE-2014-9954 is an elevation of privilege vulnerability in Qualcomm closed‑source components used by Android. Affected product: Android kernel. Root cause details are not fully disclosed in the provided documents, but the NVD entry lists an elevation of privilege impact with a as‑is Android kern...

10CVSS8.7AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.48 views

CVE-2014-9966

CVE-2014-9966 describes a TOCTOU race condition in Android CAF Secure Display implemented in the Linux kernel used by Android. The vulnerability affects Android releases using CAF’s Linux kernel and Secure Display, with impact on confidentiality, integrity, and availability as reflected in CVSS (...

7.6CVSS6.8AI score0.00443EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2014-9968

CVE-2014-9968 is a buffer‑overflow in the Qualcomm UIMDIAG interface found in Qualcomm closed‑source components included with Android CAF builds using the Linux kernel. Multiple connected sources describe a vulnerable UIMDIAG path in Qualcomm components and flag the issue as a potential for arbit...

10CVSS8AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-0576

CVE-2015-0576 describes a buffer overflow in the HSDPA component used by Qualcomm in Android CAF/Linux kernel implementations. Connected sources corroborate a Qualcomm HSDPA buffer overflow affecting CAF-based Android releases, with CNVD noting potential arbitrary-code execution or denial of serv...

7.6CVSS6.8AI score0.00541EPSS
CVE
CVE
added 2016/08/07 9:0 p.m.48 views

CVE-2015-3854

CVE-2015-3854 affects Android 5.x; the vulnerability exists in PowerNotificationWarnings.java within the Android SystemUI power package. A broadcast intent using the PNW.stopSaver action can bypass the DEVICE_POWER permission requirement, enabling local access to perform restricted actions. The i...

7.5CVSS7.2AI score0.00543EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-8595

Connected sources tie CVE-2015-8595 to a Qualcomm closed‑source DRM issue in Android CAF using the Linux kernel. CNVD-2017-26645 describes a buffer overflow in the digital television/digital radio DRM of the Qualcomm component, capable of enabling arbitrary code execution or DoS. The available do...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.48 views

CVE-2015-8892

CVE-2015-8892 affects the Qualcomm components in Android on Nexus 5X and 6P, where platform/msm_shared/boot_verifier.c can bypass intended access restrictions by using a digest with trailing data. The issue pertains to Android versions prior to 2016-07-05 and is referenced in Android/Qualcomm bug...

9.3CVSS7.3AI score0.00551EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.48 views

CVE-2015-8939

CVE-2015-8939 concerns a privilege-escalation flaw in the Qualcomm video driver used by Android on Nexus 7 (2013) . The issue stems from the driver file drivers/video/msm/mdp4_util.c , where data for the red/green/blue stages is not validated, enabling a local attacker with a crafted app to gain ...

9.3CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.48 views

CVE-2015-8943

CVE-2015-8943 affects Qualcomm/mdss mdss_mdp_util.c in Android on Nexus 5 prior to 2016-08-05. The root cause is that the code does not verify the existence of a mapping before unmapping, enabling privilege escalation via a crafted app. Connected sources (CNVD-2016-06202, Ubuntu/OSV entries, NVD ...

7.8CVSS7.6AI score0.00454EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2015-9006

Technical details for CVE-2015-9006 are not publicly available in the provided documents. Monitor for updates.

9.3CVSS7.2AI score0.00443EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.48 views

CVE-2015-9007

Technical details for CVE-2015-9007 are not publicly available in the provided documents. No specifics on affected components, root cause, impact, or remediation are provided here. Monitor for updates.

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.48 views

CVE-2015-9022

Technical details about CVE-2015-9022 are not provided in the supplied documents. The description notes TOCTOU race conditions in TZ APIs on CAF Android/Linux kernel; no patch version or affected components specified here. Monitor for updates.

7.6CVSS6.9AI score0.00448EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.48 views

CVE-2015-9027

CVE-2015-9027 concerns an untrusted pointer dereference in WideVine DRM within Android CAF builds that use the Linux kernel. Per the NVD entry, the issue affects WideVine DRM and is rated with a high impact (CVSSv3: 7.8, Local attack vector, user interaction required; CVSSv2: 9.3). The connected ...

9.3CVSS7.4AI score0.00597EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-9040

Technical details (affected product/version, root cause, exploitability) for CVE-2015-9040 are not publicly provided in the connected documents; monitor for updates.

10CVSS7.8AI score0.00805EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2015-9066

CVE-2015-9066 describes a buffer overflow in the Inter-RAT procedure affecting Qualcomm components in Android CAF builds using the Linux kernel. Public sources flag it as a high-severity issue with potential remote code execution (CVSS ~9.8/10), but the provided documents do not specify affected ...

10CVSS9AI score0.01056EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.48 views

CVE-2016-0827

The CVE-2016-0827 issue affects Android mediaserver’s libeffects across Android 4.x (before 4.4.4), 5.x (before 5.1.1 LMY49H), and 6.x (before 2016-03-01). The root cause is multiple integer overflows in libeffects (notably in EffectBundle.cpp and EffectReverb.cpp) that can allow a crafted applic...

9.3CVSS7.5AI score0.00545EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.48 views

CVE-2016-0832

The CVE-2016-0832 issue is a Setup Wizard vulnerability in Android: versions 5.1.x prior to LMY49H and 6.x prior to 2016-03-01 are affected. A physically proximate attacker could bypass Factory Reset Protection and delete data via unspecified vectors (internal bug 25955042). The connected sources...

6.6CVSS6.2AI score0.00178EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.48 views

CVE-2016-0838

CVE-2016-0838 affects Sonivox in mediaserver on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-04-01. The flaw occurs when mediaserver’s Sonivox component does not check for a negative number of samples, allowing remote attackers to execute arbitrary code or ...

10CVSS8.8AI score0.02822EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2016-10383

CVE-2016-10383 describes a TOCTOU race in Secure UI affecting Qualcomm CAF Android builds that use the Linux kernel. Affected: Qualcomm components in CAF Android/Linux kernel environments. Root cause: TOCTOU race condition in Secure UI. Impact: CVSS v3 base score 8.1 (HIGH) with high confidential...

9.3CVSS7.3AI score0.0058EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2016-10389

Technical details about CVE-2016-10389 are not publicly provided in the supplied documents; no affected product/version or remediation details are specified. Monitor for updates from official sources.

9.3CVSS7.2AI score0.00464EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.48 views

CVE-2016-10392

CVE-2016-10392 describes a memory-leak vulnerability in Qualcomm components used in Android CAF builds that run on the Linux kernel. The flaw is attributed to a driver that can potentially leak kernel memory in all Qualcomm products with Android CAF using the Linux kernel. Connected documents con...

10CVSS8.5AI score0.00964EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.48 views

CVE-2016-10393

CVE-2016-10393 describes an integer-overflow in Android for MSM, Firefox OS for MSM, and QRD Android builds (CAF Linux kernel) when processing oversized clips. This causes the allocated buffer to be smaller than needed, enabling potential buffer overflow during subsequent operations. The vulnerab...

10CVSS8.9AI score0.00876EPSS
CVE
CVE
added 2020/04/07 1:50 p.m.48 views

CVE-2016-11025

CVE-2016-11025 affects Samsung mobile devices with Exynos AP chipsets (software through 2016-09-13). The issue is a heap-based memcpy overflow in the OTP service, pegged as high-severity with CVSS v3.1: CRITICAL (9.8) and network attack vector. The problem is linked to the OTP service boundary ch...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2020/04/07 1:7 p.m.48 views

CVE-2016-11040

Technical details for CVE-2016-11040 are not publicly provided in the supplied documents. Monitor for updates and future disclosures.

4.6CVSS4.8AI score0.00134EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.48 views

CVE-2016-2409

Summary: CVE-2016-2409 affects a Texas Instruments haptic kernel driver used in Android 6.x. The vulnerability enables a local attacker to gain privileges in the kernel by exploiting a crafted application that targets a service which can call the TI haptic driver. This is described as an elevatio...

9.3CVSS7.5AI score0.00533EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.48 views

CVE-2016-2418

Summary: CVE-2016-2418 affects Android 6.x mediaserver’s media/libmedia/IOMX.cpp where certain metadata buffer pointers are not initialized, enabling an attacker to read sensitive process memory and bypass a protection mechanism to gain Signature or SignatureOrSystem privileges. Affected componen...

10CVSS7.9AI score0.008EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.48 views

CVE-2016-2422

CVE-2016-2422 describes an Android Wi‑Fi elevation vulnerability where a Wi‑Fi CA certificate could be used in an unrelated CA role, enabling privilege escalation via a crafted app to gain Signature or SignatureOrSystem privileges. Affected: Android 4.x up to 4.4.3; 5.0.x up to 5.0.1; 5.1.x up to...

9.3CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.48 views

CVE-2016-2426

The CVE-2016-2426 entry describes an Information Disclosure vulnerability in Android Framework’s ContentService (Android 4.x up to 6.x). The root cause is that ContentService.java does not check GET_ACCOUNTS permission, allowing a crafted local application to obtain sensitive information from aff...

5.5CVSS5.5AI score0.00388EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.48 views

CVE-2016-2443

The CVE-2016-2443 entry concerns the Qualcomm MDP driver on Android (pre May 1, 2016) affecting Nexus 5 and Nexus 7 (2013). The root cause is a privilege-escalation flaw that lets a locally executed crafted application gain kernel-level privileges. The Android security bulletin lists this issue u...

7.6CVSS7AI score0.0038EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.48 views

CVE-2016-2466

CVE-2016-2466 affects the Qualcomm sound driver in Android on Nexus 6 devices, allowing a local attacker to gain privileges via a crafted application. The issue is tied to the Qualcomm Sound Driver before 2016-06-01; exploitation requires local access and user interaction through an app. Android’...

9.3CVSS7.6AI score0.00421EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.48 views

CVE-2016-2483

Technical details about CVE-2016-2483 are not publicly provided in the supplied connected documents. The initial description lists affected Android versions and a buffer-count mishandling but no additional vendor/product specifics. Monitor for official updates and patches.

9.3CVSS8.1AI score0.00419EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.48 views

CVE-2016-2496

The CVE-2016-2496 issue concerns the Framework UI permission-dialog in Android 6.x before 2016-06-01. A partially overlapping window allows tapjacking and access to arbitrary private-storage files due to an internal bug (26677796). The vulnerability’s impact is described as elevated access to pri...

10CVSS9AI score0.00912EPSS
Total number of security vulnerabilities8153