Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/08/05 8:0 p.m.47 views

CVE-2016-3824

CVE-2016-3824 covers a Mediaserver elevation of privilege flaw in Android’s mediaserver (libstagefright), where OMXNodeInstance.cpp in OMX buffer port handling is unvalidated. A crafted application could exploit this local issue to gain privileges. Affected are Android 4.x before 4.4.4, 5.0.x bef...

7.8CVSS7.5AI score0.00204EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.47 views

CVE-2016-3835

Summary (CVE-2016-3835) : A vulnerability in the Mediaserver component (mm-video-v4l2 venc) of Android’s mediaserver on 4.x to 6.x releases allows an attacker via a crafted application to read sensitive information by mishandling heap pointers. Affects Android versions listed in the description (...

5.5CVSS5.5AI score0.00464EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.47 views

CVE-2016-3838

CVE-2016-3838 affects Android 6.x prior to 2016-08-01. The issue is a denial-of-service in which a crafted application using the app-pinning feature can cause loss of the locked-screen 911 functionality (internal bug 28761672). Connected sources corroborate the vulnerability as described in CVE r...

5.5CVSS5.6AI score0.00363EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.47 views

CVE-2016-3840

CVE-2016-3840 affects Conscrypt in Android: versions 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x up to 2016-08-05 fail to properly identify session reuse, enabling remote arbitrary code execution via unspecified vectors. The NVD entry mirrors this description with a high/critic...

10CVSS9AI score0.02136EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.47 views

CVE-2016-3873

CVE-2016-3873 affects the NVIDIA kernel on Android (Nexus 9) prior to 2016-09-05. An attacker can gain privileges via a crafted application due to improper validation in the DVS Framework input, aka internal bug 29518457. Connected sources confirm affected platform (Android/Nexus 9) and root caus...

9.3CVSS7.3AI score0.00628EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-3902

CVE-2016-3902 affects Android’s Qualcomm IPA driver, specifically the ipa_qmi_service.c component, on Nexus 5X and 6P. The vulnerability, described as an information disclosure, could allow a crafted application to obtain sensitive information due to issues in the Qualcomm IPA driver prior to the...

5.5CVSS5.8AI score0.00498EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-3909

The CVE-2016-3909 entry affects Android’s Mediaserver (libstagefright) SoftMPEG4 in the MediaServer component. The vulnerability enables privilege escalation via a crafted application and is tied to specific Android versions: 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 20...

9.3CVSS8AI score0.00557EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-3912

Technical details about CVE-2016-3912 are not publicly provided in the supplied connected documents. The material confirms a privilege-escalation issue in Android framework APIs but lacks specific affected versions, exploit details, or patches. Monitor for updates.

9.3CVSS8AI score0.00458EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-3930

CVE-2016-3930 concerns the NVIDIA MMC test driver on Android (Nexus 9) where a crafted app can exploit a NULL pointer dereference in the MMC test driver to gain privileges locally. Affected component: NVIDIA Tegra kernel/NVIDIA MMC test driver; vulnerability type: elevation of privilege. CVSS see...

9.3CVSS8AI score0.00465EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-3931

CVE-2016-3931 affects the Qualcomm QSEE Communicator driver (drivers/misc/qseecom.c) in Android. It enables local privilege escalation via a crafted application on Nexus 5X, Nexus 6, Nexus 6P and Android One devices running pre-2016-10-05 builds. The vulnerability stems from the QSEE Communicator...

9.3CVSS8AI score0.00574EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-3937

CVE-2016-3937 is an elevation-of-privilege vulnerability in the MediaTek video driver for Android, exploitable by a crafted app to gain privileges. The issue affects MediaTek video driver in Android prior to the 2016-10-05 patch level; patch status varies and public fix availability is not consis...

9.3CVSS8AI score0.00501EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2016-5871

CVE-2016-5871 is a buffer overflow due to an integer overflow in Qualcomm CAF Android builds using the Linux kernel when loading an image file. The NVD entry assigns a CVSSv3 base score of 9.8 (CRITICAL, Network attack, no user interaction) with impact to confidentiality, integrity, and availabil...

10CVSS8AI score0.00949EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.47 views

CVE-2016-6690

CVE-2016-6690 affects the Android kernel sound driver (sound card) on Nexus devices (Nexus 5, 5X, 6, 6P, Nexus Player) prior to 2016-10-05. Root cause: a flaw in the kernel sound driver allows a crafted application to trigger a denial of service, causing a reboot. Impact as described: device rebo...

7.1CVSS5.8AI score0.00341EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.47 views

CVE-2016-6703

CVE-2016-6703 describes a remote code execution vulnerability in the Android runtime library (ART). Affected Android releases include 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; and 6.x before 2016-11-01. An attacker could supply a specially crafted payload to execute arbitrary code...

7.8CVSS8.1AI score0.00963EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.47 views

CVE-2016-6724

CVE-2016-6724 details: A denial of service in the Android Input Manager Service could allow a local malicious app to cause the device to continually reboot. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; 7.0 before 2016-11-01. Impact is a tempor...

7.1CVSS5.5AI score0.00396EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.47 views

CVE-2016-6745

Summary (CVE-2016-6745) : Elevation of privilege in the Synaptics touchscreen driver on Android (pre-2016-11-05) could allow a local, malicious app to execute arbitrary code in the kernel context. This requires a privileged process to be compromised first, making it a local-privilege-elevation is...

9.3CVSS7.5AI score0.00724EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.47 views

CVE-2016-6753

CVE-2016-6753 describes an information-disclosure vulnerability in Android kernel components, specifically the process-grouping and networking subsystems. The issue affects Android devices prior to 2016-11-05 and is rated Moderate because exploitation requires first compromising a privileged proc...

5.5CVSS5AI score0.00477EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.47 views

CVE-2016-6788

CVE-2016-6788 is a local elevation-of-privilege in the MediaTek I2C driver for Android, enabling a malicious local app to execute code in the kernel context. Root cause: MediaTek I2C driver vulnerability; affected component/file: I2C driver. Impact: arbitrary kernel code execution with high sever...

7.6CVSS6.8AI score0.00587EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.47 views

CVE-2016-8423

CVE-2016-8423 is an elevation-of-privilege vulnerability in the Qualcomm bootloader that could let a local malicious app execute arbitrary code in the kernel context. Public sources describe Android as the affected product, with explicit remediation tied to the 2017-01-05 patch level for devices ...

9.3CVSS7.4AI score0.00601EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.47 views

CVE-2017-0546

Concrete details found in connected documents: CVE-2017-0546 is described as an elevation of privilege vulnerability in Android's SurfaceFlinger. Affected product is Android, with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 identified in the CNVD entry. The CNVD/CVE records indicate a lo...

9.3CVSS7.7AI score0.00798EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.47 views

CVE-2017-0552

CVE-2017-0552 affects Android Mediaserver (libavc). A remote attacker could craft a file to trigger a denial of service, causing a device hang or reboot. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1. The initial description and connected sources identify the issue as a remote DoS in Mediaser...

7.1CVSS5.7AI score0.00712EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.47 views

CVE-2017-0828

CVE-2017-0828 is described across multiple sources as an elevation of privilege affecting Huawei bootloader within Android kernel contexts. The primary affected component is the bootloader on Huawei devices, enabling an attacker to escalate privileges. Public descriptions consistently label it as...

9.8CVSS8AI score0.00498EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.47 views

CVE-2017-11005

CVE-2017-11005 describes a Use-After-Free in the Android MSM stack (including CAF/Linux kernel paths) during deinitialization. The issue affects Android/CAF-derived builds and related MSM variants (Firefox OS for MSM, QRD Android) and is listed with high to critical impact in the NVD metrics (CVS...

10CVSS7.7AI score0.00726EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.47 views

CVE-2017-11031

CVE-2017-11031 affects Android on MSM, Firefox OS for MSM, and QRD Android builds that use CAF with the Linux kernel. The issue arises from the VIDIOC_G_SDE_ROTATOR_FENCE ioctl command, which can trigger a use-after-free condition. The available sources describe the vulnerability but do not provi...

7.5CVSS7.2AI score0.00412EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.47 views

CVE-2017-11054

CVE-2017-11054 affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF Linux kernels. The vulnerability is a buffer over-read triggered when processing a specially crafted cfg80211 vendor command, potentially impacting confidentiality (as per CVSS) and availability. Connected document...

7.5CVSS7AI score0.00514EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.47 views

CVE-2017-11056

CVE-2017-11056 affects Android variants using CAF Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue arises during SHA and cipher operations when a userspace buffer is directly accessed from kernel space, potentially triggering a page fault. The description confirms the ro...

7.8CVSS7.1AI score0.00151EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.47 views

CVE-2017-11080

CVE-2017-11080 is a local buffer overflow vulnerability described for Android on MSM/CAF platforms (Linux kernel path) when processing a user-supplied sparse image and the sparse header block size equals 4294967296. The issue affects Qualcomm bootloader components as mapped in the CVE references,...

7.8CVSS7.3AI score0.00137EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.47 views

CVE-2017-11082

CVE-2017-11082 affects Qualcomm WLAN in Android on MSM (and related CAF/Linux kernel builds) where a race condition in the firmware loading routine could lead to a buffer overflow if multiple user-space threads update the WLAN firmware file via sysfs. The root cause is a race in the firmware load...

7CVSS6.9AI score0.00135EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.47 views

CVE-2017-11093

CVE-2017-11093 affects Android MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel for Display; the issue is a buffer over-read caused by missing upper-bound validation when reading the EDID field num_of_cea_blocks, potentially exposing kernel memory and causing information dis...

7.5CVSS7.1AI score0.00412EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.47 views

CVE-2017-13199

CVE-2017-13199 affects Android 8.0 and 8.1. The issue arises in the Bitmap handling path (Bitmap.nativeCreate) where a failure during Bitmap creation does not throw an OOM, causing a downstream java.io.IOException and enabling a remote denial of service of a critical system process without user i...

7.8CVSS7.4AI score0.02173EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.47 views

CVE-2017-13206

CVE-2017-13206 is an information-disclosure vulnerability in Android’s media framework (aacdec) affecting Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The issue is documented in multiple sources (NVD entry; Pixel/Nexus security bulletin). The Pixel bulletin lists this CVE under the...

7.5CVSS6.8AI score0.00631EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.47 views

CVE-2017-13213

CVE-2017-13213 is a Broadcom bcmdhd driver Elevation of Privilege flaw affecting Android devices (Broadcom WiFi driver in the Android kernel). The public records describe a local-elevation vulnerability in the bcmdhd component, enabling an attacker with local access to escalate privileges on affe...

7.8CVSS7.4AI score0.00152EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.47 views

CVE-2017-13235

The CVE-2017-13235 entry concerns a vulnerability in the Android Media framework. The provided sources identify it as part of the Pixel/Nexus security bulletin and list affected Android versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1, within the Media framework component. The Pixel bulletin groups CVE-2...

6.5CVSS6.3AI score0.00347EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.47 views

CVE-2017-13257

CVE-2017-13257 affects Android. The issue is a use-after-free in bta_pan_data_buf_ind_cback (bta_pan_act.cc) that can lead to an out-of-bounds read of memory allocated via malloc, resulting in information disclosure. Exploitation details are not provided beyond a note that user interaction is req...

6.5CVSS6.2AI score0.0076EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.47 views

CVE-2017-13265

CVE-2017-13265 is an Elevation of Privilege issue in the Android system related to OTA updates affecting Android 7.0–8.1. The Android Security Bulletin places this as a System component EoP vulnerability and indicates a remediation via the 2018-03-05 patch level for Pixel/Nexus devices; the NVD e...

7.5CVSS7AI score0.00329EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.47 views

CVE-2017-13270

CVE-2017-13270 is an Elevation of Privilege (EoP) vulnerability in the upstream kernel mnh_sm driver affecting Android kernel. The issue is categorized as EoP in the Kernel components table of the Pixel/Nexus security bulletin, labeled as Moderate impact for the mnh_sm driver. There is no exploit...

7.5CVSS6.9AI score0.00329EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.47 views

CVE-2017-13295

CVE-2017-13295 is a DoS in the Android framework component known as the package installer. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The Android Pixel/Nexus bulletin lists this issue under the Framework update with Updated AOSP versions 6.0–8.1 and notes that security pa...

5.3CVSS5AI score0.00415EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.47 views

CVE-2017-14873

CVE-2017-14873 affects Android devices using MSM CAF Linux kernels with the Qualcomm graphics driver. The issue is described as a kernel memory overwrite in the pp_pgc_get_config() function, enabling a local escalation of privileges or memory corruption as indicated by the CVSS in public records....

7.8CVSS7AI score0.00147EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.47 views

CVE-2017-14884

CVE-2017-14884 affects Qualcomm WLAN components in Android CAF builds using the Linux kernel. Root cause: missing bounds check on data_len in WLANQCMBR_McProcessMsg, potentially causing a buffer overflow in WLANFTM_McProcessMsg. Impact: elevation of privilege on a locally exploited path within Qu...

7.8CVSS7.4AI score0.00174EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.47 views

CVE-2017-14887

CVE-2017-14887: In Android for MSM, Firefox OS for MSM, QRD Android, and all CAF Linux-kernel Android releases, processing messages of type eWNI_SME_MODIFY_ADDITIONAL_IES can trigger an integer overflow that may lead to a heap buffer overflow. Affected platforms include Android for MSM and relate...

7.8CVSS7.4AI score0.00186EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.47 views

CVE-2017-14898

CVE-2017-14898 affects Qualcomm WLAN in Android builds (Android for MSM, CAF/Linux kernel). The issue is a buffer overrun in QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE handling when QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE is less than 1 byte. Impact per sources includes high confidentiality, integrit...

7.8CVSS7.2AI score0.00138EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.47 views

CVE-2017-14903

CVE-2017-14903 describes a buffer over-read in SENDACTIONFRAME IOCTL processing on Android for MSM/CAF Linux kernel branches (Android devices using Qualcomm/CAF). The vulnerability stems from insufficient payload length handling (payload length

5.3CVSS5AI score0.0034EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.47 views

CVE-2017-15821

CVE-2017-15821 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The issue is in the function wma_p2p_noa_event_handler(), where there is no bound check on a value from firmware, potentially causing a buffer overwrite. This description explicitly names t...

7.8CVSS7.2AI score0.00205EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.47 views

CVE-2017-15824

CVE-2017-15824 affects Android CAF-based builds (Android for MSM, Firefox OS for MSM, QRD Android) prior to 2018-06-05. Root cause: UpdateDeviceStatus() writes an uninitialized local stack buffer to flash via WriteToPartition(), enabling a potential memory leak and information disclosure. Impact ...

5.5CVSS5.2AI score0.00154EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.47 views

CVE-2017-17769

CVE-2017-17769 involves information leakage in the Qualcomm component (MSM audio driver; listed as qdsp6v2 in the Pixel bulletin) affecting Android for MSM and related builds. The vulnerability is an information-disclosure issue with confidentiality impact (NVD CVSS3: HIGH, base 5.5) and is categ...

5.5CVSS5.4AI score0.00139EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.47 views

CVE-2017-17770

CVE-2017-17770 is an Elevation of Privilege in Qualcomm components (Binder) related to a power-driver ioctl Untrusted Pointer Dereference in Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android prior to patch level 2018-04-05. The root cause is an untrusted pointer dereference in a kerne...

9.3CVSS7.2AI score0.00437EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.47 views

CVE-2017-17771

CVE-2017-17771 affects the MSM camera path (msm_isp_prepare_v4l2_buf) in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-02-12. The issue is an array out-of-bounds condition in the buffer preparation routine. The root cause is within the Qualcomm MSM media/camera stack, impacti...

7.8CVSS7.5AI score0.0016EPSS
CVE
CVE
added 2018/01/18 10:0 p.m.47 views

CVE-2017-17860

Technical details about CVE-2017-17860 are not publicly available in the provided Connected documents; no affected products, versions, root cause, impact, or fixes are disclosed here. Monitor for updates.

5.7CVSS5.5AI score0.00286EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.47 views

CVE-2017-18052

CVE-2017-18052 affects Qualcomm WLAN in Android devices (CAF Linux kernel line) via the wma_mgmt_tx_bundle_completion_handler() function. The root cause is improper input validation for cmpl_params->num_reports, param_buf->desc_ids, and param_buf->status received from firmware, leading t...

7.5CVSS7.1AI score0.00542EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.47 views

CVE-2017-18053

CVE-2017-18053 affects Android for MSM/CAF Linux kernel environments and Qualcomm WLAN (Wma) via wma_p2p_lo_event_handler, where improper input validation of fix_param->vdev_id leads to potential out-of-bounds memory reads from firmware. Affected component is the WLAN stack (Wma), with impact ...

7.5CVSS7.1AI score0.00542EPSS
Total number of security vulnerabilities8153