Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/10/08 3:36 a.m.48 views

CVE-2023-40642

CVE-2023-40642 concerns a missing permission check in Messaging that could allow local information disclosure without requiring additional execution privileges. The available sources consistently describe the issue as a permissions check gap in Messaging, enabling access to sensitive information ...

5.5CVSS5.2AI score0.00078EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42634

CVE-2023-42634 concerns a vulnerability in the validationtools component. The issue is a missing permission check that can allow local information disclosure without requiring additional execution privileges. Documents consistently describe it as a local information disclosure risk without specif...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42635

Technical details about CVE-2023-42635 are not publicly provided in the supplied documents; monitor for updates.

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42645

The CVE-2023-42645 entry concerns a missing permission check in the sim service that allows writing permission usage records, leading to local information disclosure without extra execution privileges. Public data (NVD) assigns LOCAL attack vector, LOW privileges required, and HIGH confidentialit...

5.5CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.48 views

CVE-2023-42750

CVE-2023-42750 affects the gnss service in UNISOC chipsets, caused by a missing bounds check that enables a local out-of-bounds write. This can lead to local denial of service and requires System execution privileges. Available connected sources corroborate the same root cause and impact across m...

4.4CVSS4.8AI score0.00086EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.48 views

CVE-2023-52351

The CVE-2023-52351 issue affects the ril service in UNISOC chipsets, caused by a missing bounds check that enables an out-of-bounds write. This could lead to local denial of service with System execution privileges required. Affected component: ril service (UNISOC). Impact is described as local D...

7.8CVSS6.7AI score0.00088EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.48 views

CVE-2024-20119

The CVE-2024-20119 issue is in MediaTek’s mms component and stems from an incorrect bounds check causing an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM execution privileges required; no user interaction is needed. Patch ID ALPS09062301; Issue ID MSV-1620 is ref...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.48 views

CVE-2024-20136

CVE-2024-20136 describes a potential out-of-bounds read in the component named “da” due to a missing bounds check, which could lead to local information disclosure without requiring user interaction. The impact is limited to confidentiality (high) with no indicated impact on integrity or availabi...

6.2CVSS6.4AI score0.00085EPSS
CVE
CVE
added 2026/06/01 9:14 p.m.48 views

CVE-2026-0076

CVE-2026-0076 describes an out-of-bounds read in validateNode of ResourceTypes.cpp, caused by an incorrect bounds check. This could enable local privilege escalation with no user interaction, per the included descriptions. Connected sources repeat this detail across multiple feeds (NVD/EUVD) with...

7.8CVSS5.9AI score0.00079EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2014-9789

The CVE-2014-9789 issue affects the Qualcomm arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c code in Android on Nexus 5 prior to the 2016-07-05 patch level. The vulnerability stems from insufficient validation of parameters in the (1) alloc and (2) free APIs, enabling a crafted application to gain priv...

9.3CVSS7.5AI score0.00711EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2014-9792

CVE-2014-9792 overview (normal mode) Affected software: Android on Nexus 5 devices (qualcomm components) prior to the 2016-07-05 patch. What is vulnerable: arch/arm/mach-msm/ipc_router.c in Qualcomm components contains an incorrect integer data type. Root cause: the mismatch/incorrect integer typ...

9.3CVSS7.5AI score0.00481EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2014-9799

CVE-2014-9799 concerns Android on Nexus 5 and 7 (2013) devices before 2016-07-05, where a Qualcomm makefile omits -fno-strict-overflow, potentially enabling local privilege escalation via crafted apps that exploit incorrect compiler optimization of an integer-overflow protection mechanism. The is...

9.3CVSS7.5AI score0.00545EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.47 views

CVE-2014-9889

CVE-2014-9889 affects Android on Nexus 5, where drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c does not validate CPP frame messages, enabling privilege escalation via a crafted app. Root cause: lack of CPP frame message validation in Qualcomm component. Impact stated: attacker could gai...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.47 views

CVE-2014-9898

CVE-2014-9898 affects Android on Nexus 5 and Nexus 7 (2013) devices due to a flaw in arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c where input parameters are not properly validated. This enables a crafted application to obtain sensitive information. The issue is associated with Android internal bug ...

5.5CVSS5.2AI score0.0046EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.47 views

CVE-2014-9962

Technical details about CVE-2014-9962 are not publicly available in the provided connected documents. The initial description notes a DRM provisioning command parsing issue in CAF Android with the Linux kernel, but no specifics on affected versions, impact, or fixes are provided. Monitor for upda...

9.3CVSS7.4AI score0.00599EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3829

CVE-2015-3829 is an Android Stagefright vulnerability caused by an off-by-one error in MPEG4Extractor::parseChunk (libstagefright) that can allow remote code execution or memory corruption via crafted MPEG-4 covr atoms with size SIZE_MAX. Affected software: Android versions prior to 5.1.1 LMY48I....

10CVSS8AI score0.89782EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3831

CVE-2015-3831 affects Android mediaserver, specifically the BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp. The readAt function may overflow a buffer when processing data provided by another application, leading to memory corruption and potential code execution within the medias...

9.3CVSS7.8AI score0.01458EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3843

The CVE-2015-3843 entry concerns the Android SIM Toolkit (STK) framework prior to 5.1.1 LMY48I. Affected component: STK within Android, related to com/android/internal/telephony/cat/AppInterface.java (internal bug 21697171). Impact: an unprivileged app can intercept or emulate unspecified Telepho...

9.3CVSS6.8AI score0.01536EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.47 views

CVE-2015-3863

CVE-2015-3863 affects the Android Keystore component: multiple integer overflows in the Blob class (keystore/keystore.cpp) allow an app that uses a crafted blob in an insert operation to execute arbitrary code and read arbitrary Keystore keys. Affected: Android versions prior to 5.1.1 (LMY48M). R...

9.3CVSS7.5AI score0.01283EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.47 views

CVE-2015-3878

The CVE-2015-3878 issue affects the Media Projection component in Android 5.x (before 5.1.1 LMY48T) and Android 6.0 (before the 2015-10-01 patch). A vulnerability arises when an application uses an excessively long name, which can bypass the screen-recording warning and allow a local attacker to ...

4.3CVSS6.1AI score0.01074EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.47 views

CVE-2015-8073

CVE-2015-8073 concerns the Android mediaserver. The connected sources confirm a memory-corruption vulnerability in mediaserver that affects Android 4.4 and 5.1 prior to 5.1.1 LMY48X, with remote code execution or denial of service possible via a crafted media file. The root cause is described as ...

10CVSS7.6AI score0.0222EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2015-8951

Technical details are not publicly available in the provided connected documents. The CVE entry mentions use-after-free in the Qualcomm sound driver affecting Nexus devices, but no concrete vendor/version/fix details are supplied here. Monitor for updates.

9.3CVSS8.2AI score0.00498EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.47 views

CVE-2015-9007

Technical details for CVE-2015-9007 are not publicly available in the provided documents. No specifics on affected components, root cause, impact, or remediation are provided here. Monitor for updates.

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.47 views

CVE-2015-9008

CVE-2015-9008 is an elevation-of-privilege vulnerability in Qualcomm closed‑source components used by Android kernel (Android ID A-36384689). The issue is described as a privilege escalation in Qualcomm components; no public exploitation details are provided in the connected docs. Remediation is ...

10CVSS8.8AI score0.01154EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.47 views

CVE-2015-9012

CVE-2015-9012 describes an elevation of privilege in Qualcomm closed‑source components within Android, affecting the Android kernel. The linked records consistently identify the issue as a privilege escalation vulnerability in Qualcomm components used by Android devices, with no public exploit de...

10CVSS8.8AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.47 views

CVE-2015-9030

CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...

9.3CVSS7.5AI score0.00771EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9037

Summary: CVE-2015-9037 refers to a buffer over-read/overflow in Qualcomm closed-source components used in Qualcomm-based Android devices with CAF/Linux kernel, specifically in the downlink 3G NAS message processing. The vulnerability could allow a remote attacker to execute arbitrary code or caus...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9042

Technical details about CVE-2015-9042 are not publicly available in the connected documents. The description notes a buffer overflow in Qualcomm CAF Android/Linux QMI processing, but no specific fixes or affected versions are provided here; monitor for updates.

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9048

CVE-2015-9048 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel, where the vulnerability is in the processing of lost RTP packets due to input validation issues. The CNVD entry describes an unauthorized operation possibility as the impact. The provided documen...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9053

CVE-2015-9053 describes a buffer overflow in Qualcomm-provided components used in Android CAF builds on devices with the Linux kernel, specifically in the processing of USIM responses. The vulnerability is located in Qualcomm closed-source components integrated in Android, and the issue could all...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9070

CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-9072

CVE-2015-9072 is described as an untrusted pointer dereference in a Qualcomm TrustZone syscall affecting Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is rated with high/critical impact in CVSS terms (network access, no auth, user interaction not required; co...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.47 views

CVE-2016-0813

CVE-2016-0813 concerns the Android Setup Wizard: AlternateRecentsComponent.java in Setup Wizard on Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check device provisioning, allowing physically proximate attackers to bypass Factory Reset Protection and delete data vi...

6.6CVSS6.6AI score0.0018EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-0844

The CVE-2016-0844 issue affects the Qualcomm RF driver in Android 6.x prior to 2016-04-01. The underlying flaw is improper restriction of socket ioctl calls, enabling a local attacker with a crafted app to execute code with kernel context privileges (privilege escalation). This vulnerability is l...

8.4CVSS7.8AI score0.00217EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.47 views

CVE-2016-10237

CVE-2016-10237 concerns Android/CAF Linux kernel handling of shared content protection memory, passed as the secure camera memory buffer to a trusted application (TA). The description indicates the TA would not detect the issue and would treat the shared memory as secure, reflecting a mislabeling...

9.3CVSS7.4AI score0.00556EPSS
CVE
CVE
added 2020/04/07 1:42 p.m.47 views

CVE-2016-11031

The CVE-2016-11031 entry applies to Samsung mobile devices running Android KK/4.4, L/5.0–5.1, and M/6.0. It involves the AntService component, where an issue can cause the system_server to crash and reboot. Connected sources corroborate the same affected platform and impact; no explicit exploit d...

7.8CVSS7.6AI score0.00422EPSS
CVE
CVE
added 2020/04/07 1:38 p.m.47 views

CVE-2016-11032

CVE-2016-11032 affects Samsung mobile devices running Android 6.0 (Marshmallow); an input-validation error allows an unprotected broadcast intent to disable all Sound functionality. The issue is described across multiple sources (e.g., RH and CNVD) as enabling attackers to silence device audio vi...

5.3CVSS5.4AI score0.00302EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-2410

CVE-2016-2410 is a local privilege-escalation vulnerability in the Qualcomm video kernel driver used by Android 6.x. The issue allows a crafted app that gains control over a service capable of invoking the driver to elevate privileges due to an internal bug (26291677). The Android security bullet...

7.4CVSS7.2AI score0.00173EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-2415

Technical details for CVE-2016-2415 are not publicly provided in the supplied documents. The available records summarize an information-disclosure vulnerability in Exchange ActiveSync/Autodiscover without specifics on affected products, versions, root cause, or fixes. Monitor for updates.

7.1CVSS5.5AI score0.00425EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.47 views

CVE-2016-2420

CVE-2016-2420 affects Android 4.x up to before 4.4.4, where the Debuggerd component fails to ensure the /data/tombstones directory exists via rootdir/init.rc. This can allow a crafted local app to gain privileges and potentially execute arbitrary code, enabling elevation of privilege from system ...

9.3CVSS7.4AI score0.00471EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.47 views

CVE-2016-2437

CVE-2016-2437 concerns the NVIDIA video driver in Android on Nexus 9 devices. The issue allows a locally executed, crafted application to gain privileges and execute code in the kernel context due to an internal bug (27436822). Public description confirms local privilege escalation with high impa...

9.3CVSS7.5AI score0.00502EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2470

CVE-2016-2470 concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) prior to 2016-06-01. A crafted app could grant privileges via the Wi‑Fi driver, i.e., a local elevation of privilege vulnerability. The Android 2016-06-01 security bulletin notes a patch level of June 01, 2016 or later;...

9.3CVSS8AI score0.00421EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2471

The CVE-2016-2471 entry concerns the Qualcomm Wi‑Fi driver in Android on Nexus 7 (2013) devices prior to 2016-06-01. A crafted application can cause privilege escalation by abusing the Qualcomm Wi‑Fi driver, enabling local code execution with kernel privileges. The Android 2016-06-01 security bul...

9.3CVSS8AI score0.00421EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2481

CVE-2016-2481 affects the mm-video-v4l2 venc component in Android Mediaserver. It arises from how Mediaserver mishandles a buffer count, enabling a local attacker to gain privileges (Signature or SignatureOrSystem) via a crafted app. Affected are Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1....

9.3CVSS8.1AI score0.00499EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2486

CVE-2016-2486 affects Android Mediaserver’s libstagefright component (mp3dec/SoftMP3.cpp). The flaw stems from not validating the relationship between allocated memory and the frame size, enabling memory corruption that can be exploited by a crafted Android app to gain privileges (Signature or Si...

9.3CVSS8AI score0.00411EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2492

The CVE-2016-2492 entry describes an elevation-of-privilege in the MediaTek power-management driver on Android devices prior to 2016-06-01, specifically affecting Android One. A local attacker could exploit a crafted application to gain kernel-level privileges. The Android 2016-06-01 security bul...

9.3CVSS8AI score0.00412EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2016-3771

The CVE-2016-3771 entry concerns privilege escalation in MediaTek drivers on Android One devices running before 2016-07-05. The root cause is a vulnerability in the MediaTek driver stack that can be exploited by a specially crafted application to gain elevated privileges within the device, aligne...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2016-3796

CVE-2016-3796 covers an elevation-of-privilege vulnerability in the MediaTek power driver present on Android One devices prior to 2016-07-05. A local attacker could exploit a crafted application to gain privileged execution within the kernel. Public details in the 2016-07-01/07-05 Android bulleti...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2016-3802

CVE-2016-3802: Privilege-escalation in the Android kernel file system (Nexus 9) due to a fault in the kernel file system implementation. Local attacker could gain privileges via a crafted app. Exploitation status not provided in the documents. The issue is listed in the 2016-07-01/07-05 Android s...

9.3CVSS7.4AI score0.00502EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.47 views

CVE-2016-3808

The CVE-2016-3808 issue affects the Android SPI driver on Pixel C devices, where the SPI driver allows a crafted application to escalate privileges. The root cause is an elevation-of-privilege flaw in the serial peripheral interface driver, reported as internal bug 28430009. Public sources descri...

9.3CVSS7.5AI score0.00412EPSS
Total number of security vulnerabilities8153