Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/02/07 1:0 a.m.47 views

CVE-2016-0813

CVE-2016-0813 concerns the Android Setup Wizard: AlternateRecentsComponent.java in Setup Wizard on Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check device provisioning, allowing physically proximate attackers to bypass Factory Reset Protection and delete data vi...

6.6CVSS6.6AI score0.0018EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.47 views

CVE-2016-2486

CVE-2016-2486 affects Android Mediaserver’s libstagefright component (mp3dec/SoftMP3.cpp). The flaw stems from not validating the relationship between allocated memory and the frame size, enabling memory corruption that can be exploited by a crafted Android app to gain privileges (Signature or Si...

9.3CVSS8AI score0.00411EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.47 views

CVE-2016-6724

CVE-2016-6724 details: A denial of service in the Android Input Manager Service could allow a local malicious app to cause the device to continually reboot. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; 7.0 before 2016-11-01. Impact is a tempor...

7.1CVSS5.5AI score0.00396EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2015-9070

CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.46 views

CVE-2016-0822

CVE-2016-0822 affects the MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01. The flaw allows a local attacker to gain privileges via a crafted application that leverages conn_launcher access (internal bug 25873324). Impact is privilege escalation within the kernel context. Th...

7.6CVSS6.8AI score0.00465EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.46 views

CVE-2016-0839

CVE-2016-0839 affects mediaserver in Android 6.x, where post_proc/volume_listener.c mishandles deleted effect context. The issue enables remote attackers to trigger memory corruption and potentially execute arbitrary code or cause a denial of service via a crafted media file. Affected component i...

10CVSS8.8AI score0.0206EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.46 views

CVE-2016-10235

CVE-2016-10235 is a denial-of-service vulnerability in the Qualcomm Wi‑Fi driver affecting Android kernels. The NVD entry assigns CVSSv3 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, no privileges required, and no user interaction; impact is only on availability (PARTIA...

7.5CVSS7.4AI score0.00849EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.46 views

CVE-2016-10298

CVE-2016-10298 is an elevation-of-privilege vulnerability affecting Android kernel via Qualcomm closed-source components. Affected product: Android (kernel level). Root cause: flaw in Qualcomm closed-source components integrated with Android leading to unauthorized privilege escalation. Impact: c...

10CVSS8.8AI score0.0113EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2016-10380

CVE-2016-10380 affects Qualcomm components in Android CAF builds and relates to an information disclosure where the UE can send unprotected MeasurementReports that reveal UE location. Affected environment is Qualcomm-based Android devices using CAF with the Linux kernel. The underlying issue is i...

10CVSS8.8AI score0.00976EPSS
CVE
CVE
added 2020/04/07 1:46 p.m.46 views

CVE-2016-11028

CVE-2016-11028 : A stack-based buffer overflow exists in the OTP TrustZone trustlet on Samsung mobile devices with Exynos AP chipsets (firmware up to 2016-09-13). Affected Samsung IDs are SVE-2016-7173 and SVE-2016-7174. The issue, described across multiple sources, does not provide explicit expl...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2020/04/07 1:17 p.m.46 views

CVE-2016-11038

The CVE-2016-11038 issue affects Samsung mobile devices (software up to 2016-04-05) involving the Jack audio service. The vulnerability arises from missing access control for shared memory in the Jack service, enabling arbitrary code execution or privilege escalation. Affected component: Jack aud...

9.8CVSS9.7AI score0.00887EPSS
CVE
CVE
added 2020/04/07 12:48 p.m.46 views

CVE-2016-11046

The CVE-2016-11046 issue affects Samsung mobile devices running JBP (4.3), KK (4.4), and L (5.0/5.1) where a misused whitelist allows access to the Radio Interface Layer (RIL/RILD) enabling calls or SMS. Affected component is the RIL path; root cause is the whitelist mishandling, as described in ...

7.5CVSS7.5AI score0.00346EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.46 views

CVE-2016-2411

CVE-2016-2411 describes an elevation of privilege in the Qualcomm Power Management kernel driver on Android 6.x prior to 2016-04-01. The root cause is a vulnerability in the power management kernel component that could allow a local malicious application with root access to execute code in the ke...

9.3CVSS6.4AI score0.00498EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.46 views

CVE-2016-2450

CVE-2016-2450 affects Android Mediaserver (libstagefright) where codecs/on2/enc/SoftVPXEncoder.cpp does not validate OMX buffer sizes. The issue resides in mediaserver’s handling of certain video/codec operations and enables local privilege escalation to Signature or SignatureOrSystem via a craft...

9.3CVSS7.6AI score0.00419EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.46 views

CVE-2016-2465

CVE-2016-2465 is an elevation-of-privilege vulnerability in the Qualcomm video driver on Android devices (Nexus 5, 5X, 6, 6P) prior to 2016-06-01. A crafted application could gain kernel-level privileges. The issue stems from the Qualcomm video driver bug 27407865. Mitigation, as documented in th...

9.3CVSS7.6AI score0.00502EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.46 views

CVE-2016-2500

CVE-2016-2500 targets Android: Activity Manager in Android 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-06-01) fails to terminate process groups, enabling a crafted app to disclose sensitive information. Root cause: improper handling within Activity Manager. Impact as describe...

5.5CVSS5.8AI score0.00359EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.46 views

CVE-2016-3773

The CVE-2016-3773 issue affects MediaTek drivers in Android One devices prior to 2016-07-05. The root cause is a privilege-escalation vulnerability that could be exploited by a locally crafted application, associated with Android internal bug 29008363 and MediaTek internal bug ALPS02703102. Publi...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.46 views

CVE-2016-3846

The vulnerability CVE-2016-3846 affects the Serial Peripheral Interface (SPI) driver in Android on Nexus 5X and Nexus 6P (before 2016-08-05). Root cause: an internal bug (28817378) enables a local attacker’s crafted app to escalate privileges within the kernel. Impact: privilege escalation could ...

7.6CVSS7AI score0.00346EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.46 views

CVE-2016-3866

CVE-2016-3866 identifies an elevation-of-privilege vulnerability in the Qualcomm sound driver in Android prior to 2016-09-05 on Nexus 5X, 6 and 6P. A crafted application could gain privileges in the context of the kernel via the affected sound-driver path. The issue is listed among multiple Qualc...

9.3CVSS7.5AI score0.00469EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.46 views

CVE-2016-3867

CVE-2016-3867 describes an elevation-of-privilege flaw in the Qualcomm IPA driver used by Android on Nexus 5X and 6P, prior to 2016-09-05. A crafted application could gain privileges, per CNVD-2016-07559 and the CVE entry. The root cause and exact exploitation details are not provided in the docu...

9.3CVSS7.5AI score0.00806EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.46 views

CVE-2016-3871

CVE-2016-3871 refers to multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp within libstagefright/mediaserver on Android. The root cause is memory corruption in the MP3 decoding path, enabling a crafted application to gain privileges. Affected platforms include Android 4.x up to 4.4.4, 5.0.x u...

9.3CVSS7.6AI score0.00886EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.46 views

CVE-2016-3890

The CVE-2016-3890 issue concerns the Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp across Android 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-09-01). The root cause is mishandling of socket close operations, which can allow attackers to...

7.6CVSS6.8AI score0.00745EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.46 views

CVE-2016-3920

CVE-2016-3920 affects Android Mediaserver (libstagefright) via id3/ID3.cpp. A crafted file could cause a denial of service (device hang or reboot) in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01. Connected sources confirm the issue and note that...

7.1CVSS6AI score0.00722EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.46 views

CVE-2016-3927

CVE-2016-3927 is a Qualcomm component elevation/privilege issue described in the 2016-10-01 Android bulletin. Affected devices are Nexus 5X and Nexus 6P; the root cause is listed as Qualcomm internal (A-28823244) with Critical impact. The bulletins do not publicly disclose the exact vulnerability...

10CVSS9.2AI score0.00632EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.46 views

CVE-2016-3934

CVE-2016-3934 affects the Qualcomm camera driver in Android prior to 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices. The vulnerability resides in drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c which relies on variable-length arrays, enabling a cra...

9.3CVSS8AI score0.00603EPSS
CVE
CVE
added 2016/12/06 11:0 a.m.46 views

CVE-2016-5341

CVE-2016-5341 : Denial-of-service in the Android GPS component caused by spoofed xtra.bin/xtra2.bin files. The issue affects Android GPS logic prior to 2016-12-05, allowing a remote attacker (via a spoofed Qualcomm hosting domain) to trigger GPS signal-acquisition delays, potentially causing devi...

7.1CVSS6.2AI score0.0086EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.46 views

CVE-2016-6676

CVE-2016-6676 is an off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c of the Qualcomm Wi‑Fi driver affecting Android on Nexus 5X and Android One devices prior to 2016-10-05. The vulnerability allows a local attacker to gain privileges or cause a denial of service (buffer overflow) by a crafted appl...

9.3CVSS7.9AI score0.00704EPSS
CVE
CVE
added 2016/12/13 7:0 p.m.46 views

CVE-2016-6720

CVE-2016-6720 is an information-disclosure vulnerability in libstagefright within Mediaserver on Android. A local malicious application could access data outside its permissions by exploiting Mediaserver’s handling of media processing. Affected Android versions include 4.x before 4.4.4, 5.0.x bef...

5.5CVSS5.3AI score0.00674EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.46 views

CVE-2016-6743

CVE-2016-6743 affects the Synaptics touchscreen driver on Android prior to 2016-11-05. It is an elevation-of-privilege flaw that could let a local, privileged-execution attacker run arbitrary code in the kernel context. The issue requires compromising a privileged process and is described as High...

9.3CVSS7.5AI score0.00649EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.46 views

CVE-2016-6745

Summary (CVE-2016-6745) : Elevation of privilege in the Synaptics touchscreen driver on Android (pre-2016-11-05) could allow a local, malicious app to execute arbitrary code in the kernel context. This requires a privileged process to be compromised first, making it a local-privilege-elevation is...

9.3CVSS7.5AI score0.00724EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.46 views

CVE-2016-6753

CVE-2016-6753 describes an information-disclosure vulnerability in Android kernel components, specifically the process-grouping and networking subsystems. The issue affects Android devices prior to 2016-11-05 and is rated Moderate because exploitation requires first compromising a privileged proc...

5.5CVSS5AI score0.00477EPSS
CVE
CVE
added 2016/12/23 4:0 p.m.46 views

CVE-2016-6910

The CVE-2016-6910 entry describes a local notification-listener disclosure affecting Samsung Galaxy S6 Edge devices running Android 5.0.2 initially. The vulnerability arises from a non-existent notification listener that, via a vulnerable system app, can allow a non-existent app (package name com...

5.5CVSS5.1AI score0.00342EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.46 views

CVE-2017-0710

CVE-2017-0710 is an elevation-of-privilege vulnerability in the Android kernel (Upstream Linux tcb/KernelTCB). The CNVD entry describes a privilege-lifting issue in KernelTCB in Android where an attacker could bypass privilege validation and access arbitrary ptrace, enabling local privilege escal...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.46 views

CVE-2017-0851

The CVE-2017-0851 entry describes an information-disclosure vulnerability in Android's media framework (libhevc). Affected are Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The issue is a information disclosure (confidentiality impact) vulnerability in the Media framework...

5.3CVSS5.4AI score0.00356EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.46 views

CVE-2017-0874

CVE-2017-0874 is a DoS in Android's media framework (libavc). The NVD entry lists affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID A-63315932). The Android Security Bulletin entry for 2017-12-01/05 confirms a DoS issue in the Media framework and notes patches released...

7.1CVSS6.3AI score0.00428EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.46 views

CVE-2017-11018

CVE-2017-11018 describes an out-of-bounds array access in the Linux kernel camera driver used by Android on MSM platforms (Qualcomm Camera). Connected sources identify the vulnerability as an elevation of privilege in Qualcomm Camera on Google Pixel/Nexus devices, with potential for local privile...

7.8CVSS7AI score0.00138EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.46 views

CVE-2017-11025

CVE-2017-11025 affects Android on MSM (and related CAF/Linux-based Android builds) with a race condition in audio_effects_shared_ioctl() that can lead to memory corruption. The vulnerability is associated with Qualcomm Audio and is categorized in connected sources as an elevation-of-privilege iss...

7CVSS6.7AI score0.00098EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.46 views

CVE-2017-11046

CVE-2017-11046 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The issue arises when an audio driver ioctl handler is invoked, potentially triggering a kernel out-of-bounds write. Publicly available details in the connected sources reiterate the same r...

7.8CVSS7.1AI score0.00151EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.46 views

CVE-2017-11081

CVE-2017-11081 affects Android for MSM, Firefox OS for MSM and QRD Android on CAF Linux kernel branches. The vulnerability resides in the hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs, where buffers defined in this API can hold at most 32 bytes, but data longer than...

7.8CVSS7.4AI score0.00137EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.46 views

CVE-2017-13161

CVE-2017-13161 is an Elevation of Privilege affecting the Broadcom wireless driver in Android kernels used by Pixel/Nexus devices. The vulnerability is categorized as EoP with a moderate severity in the Pixel bulletin, and is listed under Broadcom components. The documented impact states that an ...

7.8CVSS7.5AI score0.00138EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.46 views

CVE-2017-13222

CVE-2017-13222 is an information-disclosure vulnerability in the Android Upstream/kernel layer affecting the Android kernel. The connected records confirm it is a kernel/Upstream information disclosure issue (Android ID A-38159576) with no public exploitation details provided in the documents. Th...

7.5CVSS6.7AI score0.00655EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.46 views

CVE-2017-13246

CVE-2017-13246 affects the Android kernel network driver (Upstream kernel). It is described as an information‑disclosure vulnerability in the Network driver, with the Pixel/Nexus Android bulletin listing it under Kernel components as a Moderate‑severity issue. No concrete patch version or remedia...

7.5CVSS6.4AI score0.00524EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.46 views

CVE-2017-13257

CVE-2017-13257 affects Android. The issue is a use-after-free in bta_pan_data_buf_ind_cback (bta_pan_act.cc) that can lead to an out-of-bounds read of memory allocated via malloc, resulting in information disclosure. Exploitation details are not provided beyond a note that user interaction is req...

6.5CVSS6.2AI score0.0076EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.46 views

CVE-2017-13271

CVE-2017-13271 is an Elevation of Privilege affecting the upstream kernel mnh_sm driver used by Android kernels. The issue is categorized as EoP with moderate impact in the Kernel components section of the CVE list, indicating a privilege escalation via the mnh_sm driver. The Android Pixel/Nexus ...

7.5CVSS6.9AI score0.00344EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.46 views

CVE-2017-13299

CVE-2017-13299 affects the Android media framework libavc. Connected sources indicate the issue is in the Media framework component, impacting Android versions 6.0 through 8.1 (including 6.0.0–8.1). The Pixel/Nexus bulletin classifies CVE-2017-13299 as NSI (not specified/NSI in update table) with...

7.5CVSS7.2AI score0.00422EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.46 views

CVE-2017-13301

CVE-2017-13301 is a DoS in Android 8.0’s system UI (Android system UI). The available connected sources indicate this affects Pixel/Nexus devices (Android 8.0) and is categorized as DoS in the Android System UI component, with a moderate severity patch path in the Pixel/ Nexus security bulletin s...

7.8CVSS7AI score0.0043EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.46 views

CVE-2017-14898

CVE-2017-14898 affects Qualcomm WLAN in Android builds (Android for MSM, CAF/Linux kernel). The issue is a buffer overrun in QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE handling when QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE is less than 1 byte. Impact per sources includes high confidentiality, integrit...

7.8CVSS7.2AI score0.00138EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.46 views

CVE-2017-14900

CVE-2017-14900 describes a buffer overrun in the WLAN vendor path when the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI is processed and the MAC address attribute contains fewer than 6 bytes. Affected stack includes Android for MSM, Firefox OS for MSM, QRD Android, and CAF Android releases using the ...

7.8CVSS7.2AI score0.00138EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.46 views

CVE-2017-14916

CVE-2017-14916 describes a buffer size validation issue in the message passing interface within Android for MSM, Firefox OS for MSM, and QRD Android (CAF Linux kernel). The flaw arises from improper validation of buffer sizes, enabling a potential high-impact, network-exposed condition with remot...

10CVSS7.8AI score0.00726EPSS
CVE
CVE
added 2018/02/23 11:0 p.m.46 views

CVE-2017-15817

CVE-2017-15817 is a Qualcomm WLAN remote code execution vulnerability in CAF Android builds using the Linux kernel. If an access point sends a challenge text longer than 128 bytes, the host driver can fail validation, potentially allowing remote code execution via WLAN. Affected: Qualcomm WLAN co...

9.3CVSS6.4AI score0.00874EPSS
Total number of security vulnerabilities8153