Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/05/15 12:0 a.m.48 views

CVE-2023-20721

CVE-2023-20721 concerns the isp module in MediaTek chips, where an out-of-bounds write caused by improper input validation could enable local privilege escalation with SYSTEM privileges. Exploitation details are not provided in the documents; user interaction is not required. A patch/issue identi...

8.4CVSS6.7AI score0.0009EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.48 views

CVE-2023-20749

The CVE-2023-20749 issue affects the swpm module in MediaTek chips, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local escalation to SYSTEM privileges with no user interaction required. A patch is available (ALPS07780926/ALPS07780926). Exploitation stat...

6.7CVSS6.7AI score0.00092EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.48 views

CVE-2023-20775

CVE-2023-20775 describes a local out-of-bounds write in the display code due to a missing bounds check, enabling local privilege escalation with System rights; no user interaction required. Impacted hardware is reported as various MediaTek chips (per connected references), with a patch identified...

6.7CVSS6.7AI score0.00114EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.48 views

CVE-2023-20783

CVE-2023-20783 describes an out-of-bounds write in the keyinstall component due to a missing bounds check, enabling local privilege escalation with System-level privileges; exploitation is reported as possible without user interaction. The available references consistently cite this issue and a p...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/08/07 3:22 a.m.48 views

CVE-2023-20817

CVE-2023-20817: MediaTek WLAN service contains an out-of-bounds write caused by improper input validation, enabling local escalation of privilege with System execution privileges required. Exploit does not require user interaction. A patch is identified as ALPS07453600 (Issue ALPS07453600). Conne...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.48 views

CVE-2023-21372

CVE-2023-21372 concerns a vulnerability in libdexfile where a missing bounds check allows an out-of-bounds read, enabling local elevation of privilege without user interaction. The issue affects Android’s libdexfile component and is classified as a local EoP (MITRE ambiguous, but Android bulletin...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.48 views

CVE-2023-21380

CVE-2023-21380 is a Bluetooth heap buffer overflow in Android that can enable local elevation of privilege with SYSTEM execution when exploited without user interaction. The vulnerability is listed in Android 14 security release notes and associated with an out-of-bounds write in Bluetooth. Affec...

6.7CVSS7AI score0.00094EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.48 views

CVE-2023-32855

CVE-2023-32855 describes a privilege-escalation defect in the aee module (MediaTek context) caused by a missing permission check, enabling local escalation to System privileges without user interaction. Exploitation status is not detailed in the provided documents. A fix is referenced as Patch ID...

6.7CVSS6.6AI score0.00107EPSS
CVE
CVE
added 2023/10/08 3:35 a.m.48 views

CVE-2023-40635

CVE-2023-40635 affects the linkturbo component and is caused by a missing permission check, enabling local privilege escalation with no extra execution privileges required. The vulnerability is reported across multiple sources (NVD, Red Hat, CVE lists) with a high impact (C:H, I:H, A:H; AV:L, PR:...

7.8CVSS7.7AI score0.00079EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.48 views

CVE-2023-40642

CVE-2023-40642 concerns a missing permission check in Messaging that could allow local information disclosure without requiring additional execution privileges. The available sources consistently describe the issue as a permissions check gap in Messaging, enabling access to sensitive information ...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/10/08 3:36 a.m.48 views

CVE-2023-40650

CVE-2023-40650 affects the Telecom service and is caused by a missing permission check that can allow local information disclosure without requiring additional execution privileges. Public information in connected sources confirms the issue and its impact, but does not provide product/version spe...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42634

CVE-2023-42634 concerns a vulnerability in the validationtools component. The issue is a missing permission check that can allow local information disclosure without requiring additional execution privileges. Documents consistently describe it as a local information disclosure risk without specif...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42635

Technical details about CVE-2023-42635 are not publicly provided in the supplied documents; monitor for updates.

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42645

The CVE-2023-42645 entry concerns a missing permission check in the sim service that allows writing permission usage records, leading to local information disclosure without extra execution privileges. Public data (NVD) assigns LOCAL attack vector, LOW privileges required, and HIGH confidentialit...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42750

CVE-2023-42750 affects the gnss service in UNISOC chipsets, caused by a missing bounds check that enables a local out-of-bounds write. This can lead to local denial of service and requires System execution privileges. Available connected sources corroborate the same root cause and impact across m...

4.4CVSS4.8AI score0.00086EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.48 views

CVE-2024-20119

The CVE-2024-20119 issue is in MediaTek’s mms component and stems from an incorrect bounds check causing an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM execution privileges required; no user interaction is needed. Patch ID ALPS09062301; Issue ID MSV-1620 is ref...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.48 views

CVE-2024-20136

CVE-2024-20136 describes a potential out-of-bounds read in the component named “da” due to a missing bounds check, which could lead to local information disclosure without requiring user interaction. The impact is limited to confidentiality (high) with no indicated impact on integrity or availabi...

6.2CVSS6.4AI score0.00085EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2014-9789

The CVE-2014-9789 issue affects the Qualcomm arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c code in Android on Nexus 5 prior to the 2016-07-05 patch level. The vulnerability stems from insufficient validation of parameters in the (1) alloc and (2) free APIs, enabling a crafted application to gain priv...

9.3CVSS7.5AI score0.00711EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2014-9792

CVE-2014-9792 overview (normal mode) Affected software: Android on Nexus 5 devices (qualcomm components) prior to the 2016-07-05 patch. What is vulnerable: arch/arm/mach-msm/ipc_router.c in Qualcomm components contains an incorrect integer data type. Root cause: the mismatch/incorrect integer typ...

9.3CVSS7.5AI score0.00481EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2014-9799

CVE-2014-9799 concerns Android on Nexus 5 and 7 (2013) devices before 2016-07-05, where a Qualcomm makefile omits -fno-strict-overflow, potentially enabling local privilege escalation via crafted apps that exploit incorrect compiler optimization of an integer-overflow protection mechanism. The is...

9.3CVSS7.5AI score0.00545EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.47 views

CVE-2014-9889

CVE-2014-9889 affects Android on Nexus 5, where drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c does not validate CPP frame messages, enabling privilege escalation via a crafted app. Root cause: lack of CPP frame message validation in Qualcomm component. Impact stated: attacker could gai...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.47 views

CVE-2014-9898

CVE-2014-9898 affects Android on Nexus 5 and Nexus 7 (2013) devices due to a flaw in arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c where input parameters are not properly validated. This enables a crafted application to obtain sensitive information. The issue is associated with Android internal bug ...

5.5CVSS5.2AI score0.0046EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.47 views

CVE-2014-9962

Technical details about CVE-2014-9962 are not publicly available in the provided connected documents. The initial description notes a DRM provisioning command parsing issue in CAF Android with the Linux kernel, but no specifics on affected versions, impact, or fixes are provided. Monitor for upda...

9.3CVSS7.4AI score0.00599EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3829

CVE-2015-3829 is an Android Stagefright vulnerability caused by an off-by-one error in MPEG4Extractor::parseChunk (libstagefright) that can allow remote code execution or memory corruption via crafted MPEG-4 covr atoms with size SIZE_MAX. Affected software: Android versions prior to 5.1.1 LMY48I....

10CVSS8AI score0.89782EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3831

CVE-2015-3831 affects Android mediaserver, specifically the BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp. The readAt function may overflow a buffer when processing data provided by another application, leading to memory corruption and potential code execution within the medias...

9.3CVSS7.8AI score0.01458EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3843

The CVE-2015-3843 entry concerns the Android SIM Toolkit (STK) framework prior to 5.1.1 LMY48I. Affected component: STK within Android, related to com/android/internal/telephony/cat/AppInterface.java (internal bug 21697171). Impact: an unprivileged app can intercept or emulate unspecified Telepho...

9.3CVSS6.8AI score0.01549EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3863

CVE-2015-3863 affects the Android Keystore component: multiple integer overflows in the Blob class (keystore/keystore.cpp) allow an app that uses a crafted blob in an insert operation to execute arbitrary code and read arbitrary Keystore keys. Affected: Android versions prior to 5.1.1 (LMY48M). R...

9.3CVSS7.5AI score0.01283EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.47 views

CVE-2015-3878

The CVE-2015-3878 issue affects the Media Projection component in Android 5.x (before 5.1.1 LMY48T) and Android 6.0 (before the 2015-10-01 patch). A vulnerability arises when an application uses an excessively long name, which can bypass the screen-recording warning and allow a local attacker to ...

4.3CVSS6.1AI score0.01074EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.47 views

CVE-2015-8073

CVE-2015-8073 concerns the Android mediaserver. The connected sources confirm a memory-corruption vulnerability in mediaserver that affects Android 4.4 and 5.1 prior to 5.1.1 LMY48X, with remote code execution or denial of service possible via a crafted media file. The root cause is described as ...

10CVSS7.6AI score0.0222EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2015-8951

Technical details are not publicly available in the provided connected documents. The CVE entry mentions use-after-free in the Qualcomm sound driver affecting Nexus devices, but no concrete vendor/version/fix details are supplied here. Monitor for updates.

9.3CVSS8.2AI score0.00498EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.47 views

CVE-2015-9008

CVE-2015-9008 is an elevation-of-privilege vulnerability in Qualcomm closed‑source components used by Android kernel (Android ID A-36384689). The issue is described as a privilege escalation in Qualcomm components; no public exploitation details are provided in the connected docs. Remediation is ...

10CVSS8.8AI score0.01154EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.47 views

CVE-2015-9012

CVE-2015-9012 describes an elevation of privilege in Qualcomm closed‑source components within Android, affecting the Android kernel. The linked records consistently identify the issue as a privilege escalation vulnerability in Qualcomm components used by Android devices, with no public exploit de...

10CVSS8.8AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.47 views

CVE-2015-9030

CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...

9.3CVSS7.5AI score0.00771EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9037

Summary: CVE-2015-9037 refers to a buffer over-read/overflow in Qualcomm closed-source components used in Qualcomm-based Android devices with CAF/Linux kernel, specifically in the downlink 3G NAS message processing. The vulnerability could allow a remote attacker to execute arbitrary code or caus...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9042

Technical details about CVE-2015-9042 are not publicly available in the connected documents. The description notes a buffer overflow in Qualcomm CAF Android/Linux QMI processing, but no specific fixes or affected versions are provided here; monitor for updates.

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9048

CVE-2015-9048 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel, where the vulnerability is in the processing of lost RTP packets due to input validation issues. The CNVD entry describes an unauthorized operation possibility as the impact. The provided documen...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9053

CVE-2015-9053 describes a buffer overflow in Qualcomm-provided components used in Android CAF builds on devices with the Linux kernel, specifically in the processing of USIM responses. The vulnerability is located in Qualcomm closed-source components integrated in Android, and the issue could all...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9070

CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9072

CVE-2015-9072 is described as an untrusted pointer dereference in a Qualcomm TrustZone syscall affecting Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is rated with high/critical impact in CVSS terms (network access, no auth, user interaction not required; co...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.47 views

CVE-2016-0813

CVE-2016-0813 concerns the Android Setup Wizard: AlternateRecentsComponent.java in Setup Wizard on Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check device provisioning, allowing physically proximate attackers to bypass Factory Reset Protection and delete data vi...

6.6CVSS6.6AI score0.0018EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-0844

The CVE-2016-0844 issue affects the Qualcomm RF driver in Android 6.x prior to 2016-04-01. The underlying flaw is improper restriction of socket ioctl calls, enabling a local attacker with a crafted app to execute code with kernel context privileges (privilege escalation). This vulnerability is l...

8.4CVSS7.8AI score0.00217EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.47 views

CVE-2016-10237

CVE-2016-10237 concerns Android/CAF Linux kernel handling of shared content protection memory, passed as the secure camera memory buffer to a trusted application (TA). The description indicates the TA would not detect the issue and would treat the shared memory as secure, reflecting a mislabeling...

9.3CVSS7.4AI score0.00556EPSS
CVE
CVE
added 2020/04/07 1:42 p.m.47 views

CVE-2016-11031

The CVE-2016-11031 entry applies to Samsung mobile devices running Android KK/4.4, L/5.0–5.1, and M/6.0. It involves the AntService component, where an issue can cause the system_server to crash and reboot. Connected sources corroborate the same affected platform and impact; no explicit exploit d...

7.8CVSS7.6AI score0.00422EPSS
CVE
CVE
added 2020/04/07 1:38 p.m.47 views

CVE-2016-11032

CVE-2016-11032 affects Samsung mobile devices running Android 6.0 (Marshmallow); an input-validation error allows an unprotected broadcast intent to disable all Sound functionality. The issue is described across multiple sources (e.g., RH and CNVD) as enabling attackers to silence device audio vi...

5.3CVSS5.4AI score0.00302EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-2410

CVE-2016-2410 is a local privilege-escalation vulnerability in the Qualcomm video kernel driver used by Android 6.x. The issue allows a crafted app that gains control over a service capable of invoking the driver to elevate privileges due to an internal bug (26291677). The Android security bullet...

7.4CVSS7.2AI score0.00173EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-2415

Technical details for CVE-2016-2415 are not publicly provided in the supplied documents. The available records summarize an information-disclosure vulnerability in Exchange ActiveSync/Autodiscover without specifics on affected products, versions, root cause, or fixes. Monitor for updates.

7.1CVSS5.5AI score0.00425EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-2420

CVE-2016-2420 affects Android 4.x up to before 4.4.4, where the Debuggerd component fails to ensure the /data/tombstones directory exists via rootdir/init.rc. This can allow a crafted local app to gain privileges and potentially execute arbitrary code, enabling elevation of privilege from system ...

9.3CVSS7.4AI score0.00471EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.47 views

CVE-2016-2437

CVE-2016-2437 concerns the NVIDIA video driver in Android on Nexus 9 devices. The issue allows a locally executed, crafted application to gain privileges and execute code in the kernel context due to an internal bug (27436822). Public description confirms local privilege escalation with high impa...

9.3CVSS7.5AI score0.00502EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2470

CVE-2016-2470 concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) prior to 2016-06-01. A crafted app could grant privileges via the Wi‑Fi driver, i.e., a local elevation of privilege vulnerability. The Android 2016-06-01 security bulletin notes a patch level of June 01, 2016 or later;...

9.3CVSS8AI score0.00421EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2471

The CVE-2016-2471 entry concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) devices prior to 2016-06-01. A crafted application can cause privilege escalation by abusing the Qualcomm Wi‑Fi driver, enabling local code execution with kernel privileges. The Android 2016-06-01 security bul...

9.3CVSS8AI score0.00421EPSS
Total number of security vulnerabilities8153