Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/07/11 1:0 a.m.48 views

CVE-2016-3766

CVE-2016-3766 affects MPEG4Extractor.cpp in libstagefright within Android MediaServer. The vulnerability arises because memory allocation success is not checked, enabling a crafted media file to cause a denial of service (device hang or reboot). Affected Android lines include 4.x up to 4.4.4, 5.0...

7.8CVSS7AI score0.01142EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.48 views

CVE-2016-3805

CVE-2016-3805 describes an elevation-of-privilege vulnerability in the MediaTek power management driver on Android One devices. The flaw allows a locally executed crafted app to gain privileged access due to issues in the MediaTek power management driver, with impact limited to devices running An...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.48 views

CVE-2016-3812

CVE-2016-3812 describes an information-disclosure vulnerability in the MediaTek video codec driver on Android One devices, prior to 2016-07-05. A crafted app could cause data leakage to the attacker via the MediaTek/Android pipeline (Android internal bug 28174833 and MediaTek internal bug ALPS026...

5.5CVSS5.5AI score0.00352EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.48 views

CVE-2016-3820

The CVE-2016-3820 issue affects the ih264d decoder in Mediaserver (Android 6.x). The root cause is the decoder mishandling slice numbers, enabling a remote attacker to craft a media file that could trigger arbitrary code execution or memory corruption within Mediaserver. Public details confirm im...

9.8CVSS8.8AI score0.01339EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.48 views

CVE-2016-3829

CVE-2016-3829 affects the ih264d decoder in mediaserver on Android 6.x prior to 2016-08-01. The root cause is uninitialized structure members in the decoder, allowing a crafted media file to cause a denial of service (device hang or reboot). The impact is limited to Mediaserver processing media c...

7.1CVSS5.7AI score0.00683EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.48 views

CVE-2016-3840

CVE-2016-3840 affects Conscrypt in Android: versions 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x up to 2016-08-05 fail to properly identify session reuse, enabling remote arbitrary code execution via unspecified vectors. The NVD entry mirrors this description with a high/critic...

10CVSS9AI score0.02136EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.48 views

CVE-2016-3877

Technical details about CVE-2016-3877 are not provided in the supplied documents; no affected products, root cause, or fixes are described. Monitor for updates.

10CVSS8AI score0.00668EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.48 views

CVE-2016-3899

CVE-2016-3899 affects OMXCodec.cpp in libstagefright within Android’s Mediaserver. The vulnerability arises because a pointer is not properly validated, enabling a crafted media file to trigger a denial of service (device hang or reboot). Affected ranges per the entry are Android 4.x before 4.4.4...

7.1CVSS5.7AI score0.00701EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.48 views

CVE-2016-3906

CVE-2016-3906 is an information-disclosure vulnerability affecting Qualcomm components in Android (GPU driver, power driver, SMSM Point-to-Point driver, and sound driver) prior to 2016-11-05. A local malicious application could access data outside its permission levels after compromising a privil...

5.5CVSS5.1AI score0.00424EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.48 views

CVE-2016-3910

CVE-2016-3910 affects Android Mediaserver’s SoundTriggerHwService.cpp in the MediaServer component. The issue allows a local attacker to gain privileges by convincing the user to run a crafted application. Affected versions include Android 5.0.x prior to 5.0.2, 5.1.x prior to 5.1.1, 6.x prior to ...

9.3CVSS8AI score0.00458EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.48 views

CVE-2016-3916

CVE-2016-3916 affects the Android Camera service: camera_metadata.c in the Camera service allows a crafted application to obtain privilege escalation. Affected Android versions include 4.x up to 4.4.3, 5.0.x up to 5.0.1, 5.1.x up to 5.1.0, 6.x up to 2016-10-01, and 7.0 up to 2016-10-01. Documents...

9.3CVSS8AI score0.0053EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.48 views

CVE-2016-3921

CVE-2016-3921 is an elevation-of-privilege vulnerability in Android’s Framework Listener (FrameworkListener.cpp). A crafted application could enable a local malicious app to gain privileged code execution inside a privileged context. Affected Android versions span 4.x before 4.4.4; 5.0.x before 5...

9.3CVSS7.6AI score0.0053EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.48 views

CVE-2016-3936

CVE-2016-3936 concerns the MediaTek video driver in Android prior to the 2016-10-05 patch level. A crafted application could exploit an elevation-of-privilege flaw in the MediaTek video driver (Android internal bug 30019037; MediaTek ALPS02829568) to gain privileges within the kernel. The issue i...

9.3CVSS8AI score0.00501EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.48 views

CVE-2016-6688

CVE-2016-6688 is an information-disclosure vulnerability in the NVIDIA profiler on Nexus 9 devices (Android, pre-2016-10-05). The issue could allow a local malicious application to access sensitive data outside its permissions. The vulnerability is listed with patch status indicating that the pat...

5.5CVSS5.8AI score0.00392EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.48 views

CVE-2016-6715

CVE-2016-6715 is an elevation-of-privilege vulnerability in Android Framework APIs. A local malicious app could record audio without user permission on affected builds: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; and 7.0 before 2016-11-01. Root cause i...

5.5CVSS5.8AI score0.00345EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.48 views

CVE-2016-6728

CVE-2016-6728 is a privilege-escalation flaw in the kernel ION subsystem of Android that could allow a local malicious app to execute code in kernel context. The issue is triggered via ION memory management and historically affects Android releases prior to the 2016-11-05 patch level, with potent...

9.3CVSS7.3AI score0.0124EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.48 views

CVE-2016-6745

Summary (CVE-2016-6745) : Elevation of privilege in the Synaptics touchscreen driver on Android (pre-2016-11-05) could allow a local, malicious app to execute arbitrary code in the kernel context. This requires a privileged process to be compromised first, making it a local-privilege-elevation is...

9.3CVSS7.5AI score0.00724EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.48 views

CVE-2016-6770

CVE-2016-6770 describes an elevation of privilege vulnerability in the Android Framework API that could allow a local malicious application to bypass restrictions and access system functions beyond its granted level. Affected products/versions include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, and ...

4.3CVSS4.4AI score0.00265EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.48 views

CVE-2016-8396

CVE-2016-8396 is an information-disclosure vulnerability in the MediaTek video driver that could allow a local malicious Android app to access data outside its permissions. The root cause is within the MediaTek video driver; no exploit/vector details are provided in the supplied documents. Impact...

5.5CVSS5AI score0.00347EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.48 views

CVE-2016-8471

CVE-2016-8471 describes an information-disclosure vulnerability in the MediaTek driver on Android. The issue could allow a local malicious application to access data outside its permission levels, with the impact classified as Moderate because exploitation requires compromising a privileged proce...

4.7CVSS4.4AI score0.00317EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.48 views

CVE-2017-0617

CVE-2017-0617 is a Privilege Escalation in the MediaTek video driver on Android. The issue allows a local malicious app to execute code in the kernel context by exploiting the MediaTek video driver after compromising a privileged process. Affected component: MediaTek video driver (Android). Impac...

7.6CVSS6.6AI score0.00587EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.48 views

CVE-2017-0711

CVE-2017-0711 involves an elevation-of-privilege vulnerability in the MediaTek networking driver used by Android. Affected component: MediaTek networking driver within the Android kernel. Impact stated: local elevation of privilege; no exploitation details provided in the supplied documents. Root...

9.3CVSS7.4AI score0.00414EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.48 views

CVE-2017-0726

CVE-2017-0726 is a DoS in Android's media framework libstagefright affecting Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The root cause is a denial of service within libstagefright; exploitation details are not provided in the supplied documents, and there is no explicit in‑the‑wi...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.48 views

CVE-2017-0849

The CVE-2017-0849 entry describes an information disclosure vulnerability in Android’s media framework (libavc) affecting Android 6.0–8.0 (versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0). The available description states an information disclosure but does not specify the exact root cause, affected c...

5.3CVSS5.4AI score0.00356EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.48 views

CVE-2017-0859

CVE-2017-0859 affects the Android Media framework on Pixel/Nexus devices (Android 7.0, 7.1.1, 7.1.2). The issue is categorized as DoS with high severity; impact is denial of service to affected devices via media processing paths. Root cause details are not fully described in the provided document...

7.8CVSS7.2AI score0.00422EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.48 views

CVE-2017-0864

CVE-2017-0864 is an elevation-of-privilege vulnerability in MediaTek ioctl (flashlight) exposed on Android kernels. Connected sources confirm the issue affects MediaTek ioctl flashlight within the Android kernel, enabling an attacker to gain elevated privileges. The CNVD entry explicitly describe...

7.8CVSS7.3AI score0.00138EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.48 views

CVE-2017-11064

CVE-2017-11064 is a WLAN vulnerability affecting Android for MSM (and variants) where a buffer overread occurs while processing ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_pas...

7.5CVSS7.3AI score0.00514EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.48 views

CVE-2017-11085

CVE-2017-11085 affects Android on MSM platforms (CAF Linux kernel lineage) and is tied to the Qualcomm audio driver component msm-audio-effects-q6-v2.c. The root cause is an integer overflow in msm_audio_effects_virtualizer_handler that leads to a buffer overflow. This could enable memory corrupt...

7.8CVSS7.3AI score0.00137EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.48 views

CVE-2017-13153

CVE-2017-13153 is an elevation-of-privilege vulnerability in Android’s media framework (libaudioservice) affecting Android 8.0. The Android Security Bulletin (December 2017) lists this CVE under the Media framework section as EoP with updated AOSP versions for 8.0, indicating a local attacker cou...

7.8CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.48 views

CVE-2017-13157

CVE-2017-13157 is an information-disclosure vulnerability in Android's activitymanagerservice affecting Android 5.1.1–8.0. The Android bulletin groups it under System with the Android bug ID A-32990341 and lists it as an ID-type issue with updated AOSP versions for 2017-12-01. No exploitation det...

7.8CVSS6.9AI score0.00583EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.48 views

CVE-2017-13172

CVE-2017-13172 is a local, Elevation of Privilege vulnerability in the MediaTek Bluetooth driver used by Android kernels. The issue affects the Bluetooth subsystem of MediaTek components and enables privilege escalation without requiring user interaction; CVSSv3 base score 7.8 (HIGH). The NVD ent...

7.8CVSS7.5AI score0.00138EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.48 views

CVE-2017-13173

CVE-2017-13173 is an elevation of privilege vulnerability affecting the MediaTek system server on Android. The issue targets the system server component (within MediaTek integration) and is described as an Android kernel topic, with local access requirements and high impact on confidentiality, in...

7.8CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.48 views

CVE-2017-13182

CVE-2017-13182 affects Android 8.0 and 8.1. The issue is in ACodec::sendFormatChange, where an integer overflow can cause an out-of-bounds write, enabling local privilege escalation with code execution in a privileged process and no user interaction required. The vulnerability is documented in mu...

7.8CVSS7.7AI score0.002EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.48 views

CVE-2017-13186

CVE-2017-13186 affects the Android media framework (libavc) due to incorrect use of the mmco parameter. Affected products include Android devices with versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The vulnerability is described with a CVSSv3 base score of 7.5 (HIGH), with network attack vector, no us...

7.8CVSS7.1AI score0.00463EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.48 views

CVE-2017-13189

CVE-2017-13189 concerns Android's media framework (libavc) and a memory-allocation failure in dec_hdl handling. Affected Android versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The CVSS indicates HIGH severity with network access and no user interaction. The description notes a DoS impact; no details on s...

7.8CVSS7.1AI score0.00463EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.48 views

CVE-2017-13210

CVE-2017-13210 affects Android’s CameraDeviceClient.cpp, where an out-of-bounds write occurs in submitRequestList if metadataSize is too small. This can enable local elevation of privilege and code execution in a privileged process without extra privileges or user interaction. Affected Android ve...

7.8CVSS7.7AI score0.00215EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.48 views

CVE-2017-13226

CVE-2017-13226 is a MediaTek MTK elevation-of-privilege vulnerability affecting the Android kernel. The connected records identify MTK as the component and describe an EoP issue with MediaTek MTK in Android devices (notably Pixel/Nexus in related bulletins). The documents do not disclose the exac...

7.8CVSS7.4AI score0.00138EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.48 views

CVE-2017-13235

The CVE-2017-13235 entry concerns a vulnerability in the Android Media framework. The provided sources identify it as part of the Pixel/Nexus security bulletin and list affected Android versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1, within the Media framework component. The Pixel bulletin groups CVE-2...

6.5CVSS6.3AI score0.00347EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.48 views

CVE-2017-13243

CVE-2017-13243 affects Android System UI (Android 5.1.1 through 8.0). The root cause described in public materials is that FLAG_SECURE was not used to protect sensitive screens, enabling information disclosure to other apps with screen-capture permissions. The issue was acknowledged in Google’s P...

7.5CVSS6.5AI score0.00606EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.48 views

CVE-2017-13291

CVE-2017-13291 affects Android devices with vulnerable avrc_ctrl_pars_vendor_rsp in avrc_pars_ct.cc, caused by missing bounds checks that can trigger a NULL pointer dereference. This leads to remote denial of service without user interaction on Android versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. Th...

7.8CVSS7.2AI score0.01083EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.48 views

CVE-2017-13297

CVE-2017-13297 is an information-disclosure vulnerability in Android’s media framework library libhevc. The Android Security Bulletin (Pixel/Nexus, April 2018) lists CVE-2017-13297 under Media framework with Type: ID (information disclosure), Severity: Moderate for updated AOSP versions 7.0, 7.1....

5.3CVSS4.8AI score0.00347EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.48 views

CVE-2017-13306

CVE-2017-13306 is an elevation-of-privilege vulnerability in the Upstream kernel mnh driver affecting Android kernel components. The issue is categorized as EoP with a moderate severity in Android security bulletins, implying a privilege escalation path within the kernel module rather than user-s...

7.5CVSS6.9AI score0.00352EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.48 views

CVE-2017-13307

CVE-2017-13307 is an elevation of privilege in the Upstream kernel PCI sysfs exposed on Android devices. Affected: Android kernel components implementing pci sysfs. Root cause: unspecified in the provided details, described as a privilege-escalation vulnerability. Impact: elevation of privileges ...

7.5CVSS6.9AI score0.00448EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.48 views

CVE-2017-14884

CVE-2017-14884 affects Qualcomm WLAN components in Android CAF builds using the Linux kernel. Root cause: missing bounds check on data_len in WLANQCMBR_McProcessMsg, potentially causing a buffer overflow in WLANFTM_McProcessMsg. Impact: elevation of privilege on a locally exploited path within Qu...

7.8CVSS7.4AI score0.00174EPSS
CVE
CVE
added 2018/12/07 2:0 p.m.48 views

CVE-2017-14888

Summary of CVE-2017-14888 : A heap buffer overflow in the Qualcomm WLAN Host component embedded in Android CAF builds (Linux kernel) occurs when userspace passes Information Elements (IEs) to the host driver and multiple append commands cause the length variable to overflow, leading to unsafe mem...

7.8CVSS7.8AI score0.00184EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.48 views

CVE-2017-14890

The CVE-2017-14890 entry covers a buffer overwrite in Qualcomm WLAN via wma_send_bcn_buf_ll() during SWBA event handling, caused by improper validation of vdev_map in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels prior to the 2018-04-05 patch level. ...

7.5CVSS6.9AI score0.00344EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.48 views

CVE-2017-14895

CVE-2017-14895 affects Android for MSM/CAF builds using the Linux kernel. After a subsystem reset, the iwpriv interface does not report accurate information. The vulnerability is triggered locally (LOCAL) with low attack complexity and requires no authentication, potentially impacting confidentia...

7.8CVSS7.1AI score0.00275EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.48 views

CVE-2017-15820

CVE-2017-15820 affects Qualcomm Graphics_Linux in Android CAF builds using the Linux kernel. The issue is a Use-After-Free in a KGSL IOCTL handler, enabling potentially elevated privileges if exploited locally. The Android Security Bulletin (CAF/Linux path) classifies the CVE under Graphics_Linux...

7.8CVSS7.2AI score0.00161EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.48 views

CVE-2017-17765

CVE-2017-17765 concerns Qualcomm WLAN in Android CAF builds using the Linux kernel. The issue arises when values received from firmware are not properly validated in the function wma_get_ll_stats_ext_buf() , causing an integer overflow in buffer size calculations that can lead to a buffer overflo...

7.8CVSS7.5AI score0.00174EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.48 views

CVE-2017-17766

CVE-2017-17766 affects Android/Qualcomm wireless components (MSM stack) and is caused by insufficient validation of num_peers received from firmware, enabling an integer overflow in the buffer allocation size and potentially leading to a buffer overflow. Affected products include Android for MSM,...

9.8CVSS9.2AI score0.00655EPSS
Total number of security vulnerabilities8153