Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/11/06 3:50 a.m.45 views

CVE-2023-32838

CVE-2023-32838 concerns the MediaTek dpe module, with a reported issue of an out-of-bounds write caused by missing valid range checking. The vulnerability could enable local escalation of privilege with System execution privileges, and exploitation does not require user interaction. The available...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.45 views

CVE-2023-32849

In the provided documents, CVE-2023-32849 is tied to the cmdq module, where a type confusion causes an out-of-bounds write. This leads to local privilege escalation with System execution privileges required, and exploitation does not require user interaction. A patch/reference is listed as Patch ...

6.7CVSS6.7AI score0.00104EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.45 views

CVE-2023-32858

The CVE-2023-32858 entry concerns the GZ module (MediaTek context) with a missing data erasing causing local information disclosure. Root cause is not clearly detailed beyond the data erasure gap; the impact states local information disclosure with System execution privileges required, and exploi...

4.4CVSS4.3AI score0.00107EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.45 views

CVE-2023-33905

The CVE-2023-33905 issue affects the iwnpi server and is described as a missing bounds check causing an out-of-bounds write. Reported impact: local denial of service with System execution privileges required. The documents do not specify affected versions, exploitation details, or available fixes...

4.4CVSS4.7AI score0.00105EPSS
CVE
CVE
added 2023/08/07 1:54 a.m.45 views

CVE-2023-33912

CVE-2023-33912 concerns the Contacts service in UNISOC-induced chipsets where a missing permission check could allow local information disclosure with no additional execution privileges. The available connected documents consistently state that the vulnerability enables local access to informatio...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/09/27 1:55 p.m.45 views

CVE-2023-44124

The CVE-2023-44124 issue affects the Screen recording app (com.lge.gametools.gamerecorder). The root cause is that the app launches implicit intents that can be intercepted by other apps on the device, and the returned data goes to onActivityResult, enabling theft of arbitrary files. The app stor...

6.1CVSS4.8AI score0.00092EPSS
Web
CVE
CVE
added 2024/01/18 2:44 a.m.45 views

CVE-2023-48355

In CVE-2023-48355, the issue is a missing bounds check in the jpg driver, leading to an out-of-bounds write. The impact is locally exploitable with SYSTEM privileges required and can cause denial of service (availability impact high) while confidentiality and integrity are not affected. Public re...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.45 views

CVE-2024-20139

CVE-2024-20139 affects MediaTek Bluetooth firmware (ALPS09001270) due to improper handling of exceptional conditions, causing local denial of service without user interaction. Root cause appears to be a firmware assertion under exceptional handling, with exploitation described as requiring adjace...

6.5CVSS6.9AI score0.00111EPSS
CVE
CVE
added 2025/12/08 4:57 p.m.45 views

CVE-2025-48621

CVE-2025-48621 is linked to the Android framework (DefaultTransitionHandler.java), where an insecure default could enable a tapjacking–driven local elevation of privilege. The issue requires user interaction to exploit and affects Android devices prior to patching. Public references note the vuln...

7.3CVSS6.5AI score0.00125EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.44 views

CVE-2014-9872

The CVE-2014-9872 entry concerns the Qualcomm diag driver in Android on Nexus 5 prior to 2016-08-05. The issue is that the diag driver does not ensure unique identifiers in a DCI client table, which could allow a crafted application to escalate privileges. The vulnerability is tied to Android int...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2020/01/08 2:46 p.m.44 views

CVE-2014-9908

CVE-2014-9908 corresponds to a Denial of Service vulnerability in Google Android affecting Android 4.4.4, 5.0.2, and 5.1.1. According to the description, a malicious actor could block Bluetooth access on the device (Android Bug ID A-28672558). The connected sources list the affected software vers...

6.5CVSS6.8AI score0.00404EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.44 views

CVE-2014-9949

CVE-2014-9949 is described as a TrustZone vulnerability in Android CAF builds that use the Linux kernel. The issue is an Untrusted Pointer Dereference in TrustZone, with impact articulated as high in the CVSS metrics (LOCAL exploit, low attack complexity, user interaction required, and high confi...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.44 views

CVE-2014-9964

Technical details about CVE-2014-9964 (affected components, root cause, affected versions, exploitability, remediation) are not publicly provided in the connected documents. Monitor for updates from official sources (NVD, Android bulletins) for specifics.

9.3CVSS7.6AI score0.00606EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.44 views

CVE-2015-3847

CVE-2015-3847 is an Android Bluetooth elevation-of-privilege issue that could allow a crafted application to delete stored SMS messages. The connected Android security bulletin notes this as a moderate-severity vulnerability affecting 5.1.1 and earlier builds, with patches available in builds LMY...

6.4CVSS6.3AI score0.00451EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.44 views

CVE-2015-6624

CVE-2015-6624 affects Android 6.0 and earlier builds; System Server information disclosure allows a crafted application to obtain sensitive permissions (Signature or SignatureOrSystem). The vulnerability is described as a local information-disclosure in System Server, enabling access to restricte...

4.3CVSS6AI score0.0043EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.44 views

CVE-2015-9025

CVE-2015-9025 describes a buffer overflow in the QTEE application used in CAF Android builds (Linux kernel). The underlying issue is a buffer overflow in QTEE, enabling potential arbitrary code execution on affected devices. Public references confirm the Android QTEE vulnerability and describe it...

9.3CVSS7.7AI score0.00632EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9034

Summary: CVE-2015-9034 is a buffer overflow in Qualcomm closed-source components used in Android CAF builds with the Linux kernel, caused by a SIP string not being null-terminated. This vulnerability affects Qualcomm components in Android and has a CVSS v3 base score of 9.8 (CRITICAL) with networ...

10CVSS7.8AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9036

CVE-2015-9036 describes a memory-corruption vulnerability in Qualcomm components used in Android CAF builds (Linux kernel). The root cause is an incorrect length used when clearing a memory buffer, which can corrupt adjacent memory. Affected products are Qualcomm/CAF Android releases that rely on...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9045

CVE-2015-9045 is a buffer overflow vulnerability in Qualcomm GERAN within CAF Android builds that use the Linux kernel. The flaw allows a buffer overflow while taking power measurements, impacting affected Qualcomm components. The CVSS data in the public record indicates a high to critical impact...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.44 views

CVE-2016-10232

CVE-2016-10232 is an elevation-of-privil... (shortened to fit)

9.3CVSS8AI score0.00572EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.44 views

CVE-2016-10233

CVE-2016-10233 is an elevation of privilege in the Qualcomm video driver affecting the Android kernel. The NVD entry documents a CRITICAL impact with a reported base score of 9.8 (CVSS3) and notes the vulnerability relates to the Qualcomm video driver; references include QC-CR#897452. Connected d...

10CVSS9AI score0.01116EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.44 views

CVE-2016-10239

CVE-2016-10239 involves a potential bypass of the TrustZone access control policy in Android CAF builds using the Linux kernel. The description notes improper input validation that could cause an integer overflow, potentially leading to a buffer overflow and a buffer over-read. The NVD entry also...

9.3CVSS7.8AI score0.00654EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.44 views

CVE-2016-2415

Technical details for CVE-2016-2415 are not publicly provided in the supplied documents. The available records summarize an information-disclosure vulnerability in Exchange ActiveSync/Autodiscover without specifics on affected products, versions, root cause, or fixes. Monitor for updates.

7.1CVSS5.5AI score0.00425EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.44 views

CVE-2016-2436

The CVE-2016-2436 issue affects the NVIDIA video driver on Android devices prior to 2016-05-01 (Nexus 9). It enables a local attacker to gain privileges via a crafted application (internal bug 27299111). The vulnerability is documented in multiple sources (NVD, OSV, Ubuntu, etc.) with the Android...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.44 views

CVE-2016-2444

CVE-2016-2444 : Elevation of privilege in the NVIDIA media driver on Android (Nexus 9) prior to 2016-05-01. A crafted application could allow a local attacker to gain privileges within the kernel context. Affected component: NVIDIA media driver; affected device: Nexus 9 (Android). Root cause: mem...

7.6CVSS7AI score0.00367EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.44 views

CVE-2016-2446

The CVE-2016-2446 entry concerns an Elevation of Privilege in the NVIDIA video driver on Android, affecting Nexus 9 devices prior to the 2016-05-01 patch. The vulnerability could allow a locally installed app to execute arbitrary code in the kernel context, enabling privilege escalation. Affected...

7.6CVSS7AI score0.00421EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.44 views

CVE-2016-2456

CVE-2016-2456 affects the MediaTek Wi‑Fi driver in Android One devices (pre May 1, 2016). The issue is an elevation of privilege via a crafted app, tied to internal bug 27275187. Root cause details are not provided beyond this description. The Android Security Bulletin indicates patch levels of M...

7CVSS7AI score0.00311EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.44 views

CVE-2016-2487

CVE-2016-2487 affects libstagefright in the Mediaserver component of Android. A crafted application can escalate privileges to obtain Signature/SignatureOrSystem access on Android 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-06-01). Impact is elevated privi...

9.3CVSS8AI score0.00492EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.44 views

CVE-2016-2495

The CVE-2016-2495 issue affects Android Mediaserver (libstagefright) where SampleTable.cpp can trigger memory corruption during media processing, enabling a crafted file to cause a device hang or reboot. Affected platforms include Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...

7.1CVSS6AI score0.00616EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.44 views

CVE-2016-3768

CVE-2016-3768 : Elevation of privilege in the Qualcomm performance component on Android before 2016-07-05 (Nexus 5/6/5X/6P/7 (2013)). Root cause: crafted app exploits Android internal bug 28172137 and Qualcomm bug CR1010644 to gain kernel privileges. Impact: local code execution with high/critica...

9.3CVSS7.5AI score0.00412EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.44 views

CVE-2016-3774

The CVE-2016-3774 entry concerns a privilege-escalation flaw in MediaTek drivers on Android One devices. The affected component is the MediaTek driver stack present in Android prior to 2016-07-05, with root-cause attribution to Android internal bug 29008609 and MediaTek internal bug ALPS02703102....

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3823

CVE-2016-3823 affects the Mediaserver in Android’s mediaserver, specifically the secure-session feature in the mm-video-v4l2 venc component. The issue arises from mishandling heap pointers, enabling a crafted application to gain privileges. Affected products/versions include Android 4.x before 4....

7.8CVSS7.5AI score0.002EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3834

CVE-2016-3834 affects Android camera APIs where, on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to the August 2016 patch, a crafted app could bypass access restrictions and disclose details about ANW buffer addresses. This is a local information-disclosure issue i...

5.5CVSS5.7AI score0.00401EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3842

The CVE-2016-3842 issue affects the Qualcomm GPU driver in Android on Nexus 5X, 6, and 6P prior to 2016-08-05. A crafted app could escalate privileges locally due to Android internal bug 28377352 and Qualcomm bug CR1002974. Severity is high (local, user interaction required per CVE data). The pat...

9.3CVSS7.5AI score0.00411EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3847

CVE-2016-3847 is a documented vulnerability in the NVIDIA Tegra kernel driver (NVAVP) where a heap write overflow in the nvavp driver could allow a local attacker to gain privileges or execute code. Public details indicate the issue affects Nexus 9 devices running Android prior to the 2016-08-05 ...

7.8CVSS7.4AI score0.00194EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3848

CVE-2016-3848 corresponds to a race-condition vulnerability in the NVIDIA media driver (kernel nvavp driver) on Android/Nexus 9 prior to 2016-08-05 that could allow a local attacker to escalate privileges via a crafted application. The Android bulletin notes this as an elevation of privilege in t...

7.6CVSS7AI score0.00346EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3850

CVE-2016-3850 describes an integer overflow in aboot.c (Qualcomm bootloader) affecting Android devices prior to 2016-08-05, including Nexus 5, 5X, 6P, and 7 (2013). The vulnerability allows privilege escalation via a crafted header field in a boot image. The provided documents do not specify exac...

7.3CVSS7.3AI score0.00203EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.44 views

CVE-2016-3851

CVE-2016-3851 concerns an elevation-of-privilege issue in the LG Electronics bootloader on Nexus 5X devices. The vulnerability arises when a compromised privileged process can be leveraged to gain higher privileges within the system. Public details confirm this is a local escalation risk affectin...

9.3CVSS7.7AI score0.00527EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3858

CVE-2016-3858 is a local-privilege-escalation vulnerability caused by a buffer overflow in drivers/soc/qcom/subsystem_restart.c (Qualcomm subsystem driver) on Android devices. The issue affects Nexus 5X and 6P, where a crafted application sending a long string could escalate privileges. Public de...

9.3CVSS7.6AI score0.0053EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3863

CVE-2016-3863 affects Android's MediaMuxer/LibStagefright AVCC reassembly code (Utils.cpp). Multiple stack-based buffer overflows in the AVCC reassembly path can be triggered by a crafted media file, enabling arbitrary code execution. Affected Android versions include 4.x prior to 4.4.4; 5.0.x pr...

7.8CVSS7.8AI score0.01143EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3865

CVE-2016-3865 affects the Synaptics touchscreen driver in Android on Nexus 5X and Nexus 9, before 2016-09-05. The flaw enables local privilege escalation via a crafted app, caused by elevated-privilege execution within the kernel context. Publicly available patch information is limited; some sour...

9.3CVSS7.5AI score0.00571EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3875

Technical details beyond the Initial Description are not provided in the connected documents. No vendor/product/version/remediation specifics are present. Monitor for updates.

7.2CVSS6.6AI score0.00197EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3884

CVE-2016-3884 affects Android's Notification Manager Service (server/notification/NotificationManagerService.java) in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The root cause is missing UID checks, which allows a crafted application to bypass restrictions on method calls, constitut...

5.5CVSS5.7AI score0.00439EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3886

CVE-2016-3886 affects Android 7.0 System UI Tuner (systemui/statusbar/phone/QuickStatusBarHeader.java). The issue: the System UI Tuner on the lockscreen does not prevent tuner changes, enabling a physically proximate attacker to modify a setting and gain privileges. Root cause: ability to modify ...

7.2CVSS6.8AI score0.00198EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3888

CVE-2016-3888 affects Android 4.x (4.4.4+), 5.0.x (5.0.2+), 5.1.x (5.1.1+), 6.x (before 2016-09-01) and 7.0 (before 2016-09-01). The issue, in internal/telephony/SMSDispatcher.java, lets physically proximate attackers bypass Factory Reset Protection and trigger premium SMS sending during Setup Wi...

2.1CVSS4.5AI score0.00175EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.44 views

CVE-2016-3894

CVE-2016-3894 (Android/Qualcomm DMA component) details: The Nexus 6 Qualcomm DMA component prior to 2016-09-05 is affected by an information disclosure vulnerability exploitable by a crafted Android application, enabling local access to sensitive data. Root cause is in the Qualcomm DMA component;...

5.5CVSS5.5AI score0.00412EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.44 views

CVE-2016-3904

CVE-2016-3904 is an elevation of privilege vulnerability in the Qualcomm bus driver affecting Android devices (Nexus 5X, Nexus 6P, Pixel, Pixel XL). The issue could allow a local malicious app to execute arbitrary code in the kernel context after compromising a privileged process. The vulnerabili...

7.8CVSS7.5AI score0.00638EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.44 views

CVE-2016-3917

CVE-2016-3917 affects Android fingerprint login on 6.0.1 and 7.0 before 2016-10-01. The root cause is that the fingerprint authentication process does not track the active user, allowing a physically proximate attacker with lockscreen access to authenticate as another user. Exploitation is local;...

7.8CVSS8.2AI score0.00189EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.44 views

CVE-2016-3922

CVE-2016-3922 affects Android Telephony: libril/RilSapSocket.cpp in the Telephony stack on Android 6.x (before 2016-10-01) and 7.0 (before 2016-10-01) relies on variable-length arrays, enabling privilege elevation via a crafted app. Root cause: use of variable-length arrays in the vulnerable code...

7.8CVSS8AI score0.00385EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.44 views

CVE-2016-3923

CVE-2016-3923 : A vulnerability in Android 7.0’s Accessibility services (mishandling motion events) could allow a local, crafted application to perform touchjacking and gain privileges. Affected: Android 7.0 up to the 2016-10-01 patch level (with fixes addressed in the Android 2016-10-01/2016-10-...

5.5CVSS6.2AI score0.00494EPSS
Total number of security vulnerabilities8153