Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/03/16 10:0 p.m.47 views

CVE-2017-18066

CVE-2017-18066 affects Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels. The issue is a use-after-free in msm_core_ioctl(), a memory-management bug in MSM CORE, leading to potential elevation of privilege or other memory-corruption impacts. The CVSS data (3.0) in...

7.8CVSS7.1AI score0.0016EPSS
CVE
CVE
added 2020/04/07 3:45 p.m.47 views

CVE-2017-18656

CVE-2017-18656 describes a buffer over-read in a trustlet on Samsung mobile devices running M(6.0) and N(7.x). Affected component is the trustlet; root cause is a buffer over-read. The issue has been reported across multiple sources (NVD, Red Hat CVE page, CVE records) with the Samsung ID SVE-201...

5.3CVSS5.5AI score0.0034EPSS
CVE
CVE
added 2020/04/07 3:39 p.m.47 views

CVE-2017-18661

CVE-2017-18661: A buffer overflow in Samsung mobile devices (Android M/6.0 and N/7.x) process_cipher_tdea; Samsung ID SVE-2017-8973. Documents provide the flaw but do not specify exploit vectors, affected firmware versions, or a patch/fix. No exploitation details are present in the provided sourc...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2020/04/07 2:49 p.m.47 views

CVE-2017-18666

CVE-2017-18666 affects Samsung mobile devices running Android versions from KK (4.4) through N (7.x). The issue allows applications to send arbitrary premium SMS messages due to a vulnerability in the device software (Samsung ID SVE-2017-8701). Impact is that apps could incur charges by sending p...

7.5CVSS7.6AI score0.00333EPSS
CVE
CVE
added 2020/04/07 2:46 p.m.47 views

CVE-2017-18669

CVE-2017-18669 affects Samsung mobile devices running N(7.x) software. The issue is caused by Persona exposing an unprotected API that allows launching any activity with system privileges, enabling privilege escalation from a normal user to a system-level operation. Root cause: unprotected API ex...

7.5CVSS7.6AI score0.00333EPSS
CVE
CVE
added 2020/04/07 2:13 p.m.47 views

CVE-2017-18686

This CVE (CVE-2017-18686) affects Samsung mobile devices running M(6.0) and N(7.0). The issue is information disclosure through broadcasting an unprotected intent, allowing contact information to leak to a log file. The Samsung internal ID is SVE-2016-7180 (February 2017). Publicly documented imp...

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2020/04/07 2:9 p.m.47 views

CVE-2017-18688

CVE-2017-18688 affects Samsung mobile devices running L(5.1), M(6.0), and N(7.0). The issue is an information disclosure through reading memory locations outside a buffer via the device node /dev/dsm_ctrl_dev. Connected Red Hat/other records repeat this description and map it to Samsung ID SVE-20...

7.5CVSS7.3AI score0.00413EPSS
CVE
CVE
added 2020/04/07 2:8 p.m.47 views

CVE-2017-18689

The CVE-2017-18689 issue affects Samsung mobile devices running M(6.0) and N(7.0) on Exynos5433/7420/7870 chipsets. A attacker can bypass the Kernel Module (ko) signature by modifying the count of kernel modules, enabling loading unsigned modules. This is described across Red Hat/Samsung CNVD and...

7.5CVSS7.5AI score0.00235EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.47 views

CVE-2017-7365

CVE-2017-7365 is a Qualcomm bootloader elevation-of-privilege issue disclosed in the Android 2017-06-05 bulletin. It is listed as EoP (High) for the Bootloader component; exploitation would yield higher privileges within the kernel/boot context. Patches are provided via Qualcomm AMSS bulletins an...

9.3CVSS7.6AI score0.00363EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2017-8256

CVE-2017-8256 affects Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is an array bounds issue that can occur when userspace sends more than 16 multicast addresses, potentially enabling memory corruption within the kernel. The NVD entry lists CVSS2/3 base score...

7.8CVSS7.3AI score0.00356EPSS
CVE
CVE
added 2017/08/11 3:0 p.m.47 views

CVE-2017-8258

CVE-2017-8258 corresponds to an array out-of-bounds access in the camera driver of Qualcomm components on CAF Android releases using the Linux kernel. The vulnerability affects Qualcomm camera driver access within the kernel space and could potentially be triggered by interactions with the camera...

5.5CVSS5.6AI score0.00366EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.47 views

CVE-2017-8280

CVE-2017-8280 affects Qualcomm WLAN driver in Android CAF builds using the Linux kernel. The issue arises during the wlan calibration data store/retrieve operation, where a race condition can lead to a memory leak and a buffer overflow during context switches. In scope here are Qualcomm products ...

7CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.47 views

CVE-2017-9687

CVE-2017-9687 involves a race between two concurrent threads/processes in Android for MSM (and related CAF/Linux kernel builds) where they can write the value "0" to a debugfs file that controls ipa ipc log. This can lead to a double-free in ipc_log_context_destroy() and a Use-After-Free when the...

7.8CVSS7AI score0.00151EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.47 views

CVE-2017-9701

Technical details about CVE-2017-9701 are not publicly available in the provided connected documents; the information comes from the initial description only. Monitor for updates.

7.5CVSS7.2AI score0.00412EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.47 views

CVE-2017-9721

CVE-2017-9721 describes a buffer overflow in the boot loader when parsing the splash image, affecting Android on MSM (and related CAF-based builds) and related Qualcomm components. The entry notes the vulnerability arises in the splash image parsing path in the boot loader, with CVSS details indi...

7.8CVSS7.4AI score0.00137EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.47 views

CVE-2018-11260

CVE-2018-11260 affects Android CAF WLAN components in Android releases built on the CAF Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue is described as an integer overflow during processing of an FILS connection request, which can lead to a buffer overflow when the key ...

7.8CVSS6.8AI score0.00217EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.47 views

CVE-2018-11280

CVE-2018-11280 affects Android CAF builds (Linux kernel in Android for MSM, Firefox OS for MSM, QRD Android). The vulnerability arises from missing size validation for NAT entry input during user-space processing, which could allow memory exhaustion when input size exceeds the maximum. Impact is ...

5.5CVSS5.4AI score0.00196EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.47 views

CVE-2018-11296

CVE-2018-11296 is a Qualcomm WLAN Host buffer overflow affecting Android on Pixel/Nexus devices, caused by a buffer overwrite while processing a firmware message in the WLAN handler. The vulnerability is in the Qualcomm WLAN Host within CAF/Linux-based builds. Impact is memory corruption potentia...

7.8CVSS7.5AI score0.00192EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.47 views

CVE-2018-11304

CVE-2018-11304 describes a possible buffer overflow in msm_adsp_stream_callback_put caused by insufficient input validation of user-provided data, leading to an integer overflow across CAF-powered Android releases (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. The vuln...

7.8CVSS7.5AI score0.00162EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.47 views

CVE-2018-11823

CVE-2018-11823 affects CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) based on the Linux kernel. The vulnerability is a double-free in the power module triggered by freeing device memory during driver probe failure. Root cause described as improper memory handling in the ...

7.8CVSS7.4AI score0.00169EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.47 views

CVE-2018-11851

CVE-2018-11851 relates to a buffer-length calculation input validation flaw in CAF Qualcomm WLAN driver components, causing a possible out-of-bounds write to kernel stack. The vulnerability is documented as a local, impactful issue with high severity (NVD CVSS v2/3 vectors indicate LOCAL access, ...

7.8CVSS7.4AI score0.00202EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.47 views

CVE-2018-11852

CVE-2018-11852 affects Qualcomm WLAN host components used in Android (CAF Qualcomm WLAN stack). The vulnerability stems from an improper check in the WMA API for inputs received from firmware, which can cause an out-of-bounds write to the host structure. According to the Pixel security bulletin, ...

7.8CVSS7.4AI score0.00177EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.47 views

CVE-2018-11878

CVE-2018-11878 affects Qualcomm WLAN HOST components in Android CAF/Linux-based WLAN stack. Description: a memory access error during processing of a WLAN driver command could allow a local attacker to exploit (per CVSS metrics: Local access, low complexity, with High impact on confidentiality, i...

7.8CVSS7.5AI score0.00212EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.47 views

CVE-2018-11898

CVE-2018-11898 affects Qualcomm WLAN host components in CAF Android builds (Android for MSM/CAF Linux kernel). The issue is an out-of-bounds read when processing a start BSS request if the SSID length exceeds the maximum, leading to potential memory access violations. The NVD entry and related re...

7.8CVSS7.4AI score0.00197EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.47 views

CVE-2018-11918

CVE-2018-11918 affects CAF Android kernel builds (Android for MSM, Firefox OS for MSM, QRD Android) where memory allocated during probe is released by the kernel on error. The description and connected records confirm the issue resides in the Linux kernel handling of probe failures, with no expli...

7.8CVSS7.3AI score0.00169EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.47 views

CVE-2018-11960

CVE-2018-11960. A use-after-free condition in the Qualcomm HWEngines component (SPS driver) used in CAF Android builds (Linux kernel) can cause kernel errors. Affected context and wording in connected records indicate the issue arises within the SPS driver in Android CAF environments across affec...

7.8CVSS7.5AI score0.00178EPSS
CVE
CVE
added 2020/04/08 4:24 p.m.47 views

CVE-2018-21040

CVE-2018-21040 affects Samsung mobile devices with Exynos 9810 (O(8.x)/P(9.0)). Root cause: race condition leading to a use-after-free in the g2d driver. Impact: high with CVSSv3.1 base score 8.1 (Network, Privileges None, UI None; Confidentiality/Integrity/Availability High). Exploitation status...

8.1CVSS8.1AI score0.00309EPSS
CVE
CVE
added 2020/04/08 5:10 p.m.47 views

CVE-2018-21045

CVE-2018-21045 affects Samsung mobile devices running N(7.x) and O(8.x). The issue is that clipboard data can be accessed while the device is in the lockscreen state via a copy-and-paste action. This is a local exposure of the clipboard contents (no user interaction required), with the impact des...

6.2CVSS6.3AI score0.00142EPSS
CVE
CVE
added 2020/04/08 5:43 p.m.47 views

CVE-2018-21058

CVE-2018-21058 affects Samsung mobile devices running Android 7.0/8.0 on Exynos 7420/8890/8996. The issue enables cache attacks against the Keymaster AES-GCM implementation because T-Tables are used and the Cryptography Extension (CE) is not utilized. Samsung ID: SVE-2018-12761. No exploitation o...

9.8CVSS9.3AI score0.00275EPSS
CVE
CVE
added 2020/04/08 5:27 p.m.47 views

CVE-2018-21065

The CVE-2018-21065 entry concerns an integer underflow in eCryptFS on Samsung mobile devices running Android M/N/O, caused by a missing size check (Samsung ID SVE-2017-11855). Affected products are Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. The available documents describe t...

9.8CVSS9.3AI score0.00443EPSS
CVE
CVE
added 2020/04/08 5:2 p.m.47 views

CVE-2018-21080

CVE-2018-21080 affects Samsung mobile devices running N(7.x). A physically proximate attacker can use a magnet to activate NFC and bypass the lockscreen (Samsung ID SVE-2017-10897). Exploitation details, affected models/versions, and fixes are not explicitly provided in the connected documents; o...

4.6CVSS4.8AI score0.00096EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.47 views

CVE-2018-5820

CVE-2018-5820 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android on CAF builds using Linux kernel prior to the 2018-04-05 patch level. The issue arises in wma_tbttoffset_update_event_handler(), where a firmware-supplied parameter is used to allocate a local buffer without prope...

7.5CVSS6.9AI score0.00421EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.47 views

CVE-2018-5834

CVE-2018-5834 affects Android CAF WLAN components (Android for MSM, Firefox OS for MSM, QRD Android) via a buffer overwrite in the kernel interface path __wlan_hdd_cfg80211_vendor_scan(). The issue is described as a potential buffer overwrite in CAF Android releases before the 2018-06-05 patch le...

7.8CVSS7.4AI score0.00193EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.47 views

CVE-2018-5840

CVE-2018-5840 is a Buffer Copy without Checking Size of Input in the DRM SDE driver initialization path of Android/Linux kernel (CAF variants). The NVD entry states impact as high (local, user interaction required) with a high both for CVSS3 and CVSS2. Affected component appears in the Qualcomm G...

9.3CVSS5.3AI score0.00388EPSS
CVE
CVE
added 2018/06/15 3:0 p.m.47 views

CVE-2018-5854

CVE-2018-5854 is a stack-based buffer overflow affecting the Qualcomm bootloader used in CAF/Linux-based Android deployments (fastboot). The vulnerability is classified as an Elevation of Privilege (EoP) issue with High/Critical impact, occurring in the bootloader component and enabling local pri...

7.8CVSS7.5AI score0.00164EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.47 views

CVE-2018-5859

CVE-2018-5859 describes a race-condition–driven use-after-free in the MDSS MDP driver used by CAF Android builds on the Linux kernel, prior to the 2018-07-05 patch level. The issue can trigger a Use After Free condition on affected devices (Android for MSM, Firefox OS for MSM, QRD Android). Affec...

7CVSS6.4AI score0.00127EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.47 views

CVE-2018-5890

CVE-2018-5890 affects Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android) where fdt_totalsize of the current device tree is reported as 0, bypassing a check for a valid device tree. Described impact: bypass of device-tree validation before patch level 2018-06-05. Patch level 201...

7.8CVSS7.2AI score0.00172EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.47 views

CVE-2018-5909

CVE-2018-5909 is documented as a buffer overflow affecting the Rotator component in Qualcomm, reported in Android CAF builds. The vulnerability arises from a lack of proper buffer-size checking in display handling code, which may permit memory corruption. The CVE is listed under Qualcomm componen...

7.8CVSS7.6AI score0.002EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.47 views

CVE-2018-9451

CVE-2018-9451 affects Android, where DynamicRefTable::load in ResourceTypes.cpp has a missing bounds check causing an out-of-bounds read. This leads to local information disclosure without requiring user interaction. Vulnerable Android versions include 6.0–8.1; patch availability is tied to Andro...

5.5CVSS5.3AI score0.0019EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.47 views

CVE-2018-9452

CVE-2018-9452 affects the Android Framework, tied to getOffsetForHorizontal in Layout.java, causing a possible application hang/DoS from wide inputs with hidden Unicode characters. The issue affects Android 7.0–9.0 and requires user interaction for exploitation; patches were issued for the 2018-1...

5.5CVSS5.5AI score0.00942EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.47 views

CVE-2018-9491

CVE-2018-9491 affects Android’s media framework: in NdkMediaCodec.cpp, AMediaCodecCryptoInfo_new may trigger an out-of-bounds write caused by an integer overflow. This could allow remote code execution in external apps with no extra privileges, with user interaction required for exploitation. Aff...

9.3CVSS7.9AI score0.01514EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.47 views

CVE-2018-9499

CVE-2018-9499 affects Android Media framework, stemming from an invalid read in readVector() in iCrypto.cpp (uninitialized data) that could disclose local DRM-server information. Exploitation requires local access and does not require user interaction. Affected Android versions span 7.0–9.0 (Andr...

5.5CVSS5AI score0.00304EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.47 views

CVE-2018-9519

CVE-2018-9519 affects Android, specifically the Easel component (easelcomm_hw_build_scatterlist). The issue is a race-condition–driven out-of-bounds write in the kernel that can lead to local escalation of privileges with System privileges required; no user interaction is needed. The available do...

6.9CVSS6.5AI score0.00113EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.47 views

CVE-2018-9522

CVE-2018-9522 refers to an elevation of privilege vulnerability in Android 9 where the serialization functions of StatsLogEventWrapper.java can trigger an out-of-bounds write due to unnecessary functionality. The issue enables local privilege escalation in a privileged system process without extr...

7.8CVSS8.2AI score0.00178EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.47 views

CVE-2018-9537

CVE-2018-9537 affects Google Android 9 (Android-9) and is caused by a missing bounds check in CAacDecoder_DecodeFrame within aacdecode.cpp, leading to a possible out-of-bounds write. The consequence is remote code execution in the media server with no additional execution privileges, requiring us...

9.3CVSS8.7AI score0.01539EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.47 views

CVE-2018-9538

CVE-2018-9538 affects Android (8.1, 9) and relates to V4L2SliceVideoDecodeAccelerator::Dequeue, where an incorrect bounds check enables a possible out-of-bounds read of a function pointer. This could allow local escalation of privilege with no user interaction. The vulnerability is associated wit...

7.8CVSS7.6AI score0.00168EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.47 views

CVE-2018-9543

CVE-2018-9543 affects Android and is described as an information disclosure due to a data wipe issue in trim_device within f2fs_format_utils.c, where the data partition may not be wiped during a factory reset. This could enable local disclosure of information after a factory reset without extra p...

5.5CVSS5.6AI score0.00203EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.47 views

CVE-2018-9548

CVE-2018-9548 affects Android: multiple ContentProvider.java functions allow a permission bypass due to missing URI validation, enabling local information disclosure without user interaction. Vulnerable in Android 7.0–7.1.2, 8.0–8.1, and 9.0. Mitigation is to apply patches from the 2018-12-01/12-...

5.5CVSS5.4AI score0.00154EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.47 views

CVE-2018-9554

The CVE-2018-9554 issue affects Android's IMediaExtractor.cp, specifically in the dumpExtractors path, where a permissions bypass could allow disclosure of recently accessed media files. The underlying impact is local information disclosure without execution privileges, with no user interaction r...

5.5CVSS5.4AI score0.00165EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.47 views

CVE-2018-9570

CVE-2018-9570 affects Android 9 and involves an out-of-bounds write in impd_parse_drc_ext_v1 within impd_drc_dynamic_payload.c. The root cause is missing bounds checking in this function, which could allow remote code execution with a local attacker?no, this CVE entry states remote code execution...

9.3CVSS8.4AI score0.00863EPSS
Total number of security vulnerabilities8153