8153 matches found
CVE-2023-32838
CVE-2023-32838 concerns the MediaTek dpe module, with a reported issue of an out-of-bounds write caused by missing valid range checking. The vulnerability could enable local escalation of privilege with System execution privileges, and exploitation does not require user interaction. The available...
CVE-2023-32849
In the provided documents, CVE-2023-32849 is tied to the cmdq module, where a type confusion causes an out-of-bounds write. This leads to local privilege escalation with System execution privileges required, and exploitation does not require user interaction. A patch/reference is listed as Patch ...
CVE-2023-32858
The CVE-2023-32858 entry concerns the GZ module (MediaTek context) with a missing data erasing causing local information disclosure. Root cause is not clearly detailed beyond the data erasure gap; the impact states local information disclosure with System execution privileges required, and exploi...
CVE-2023-33905
The CVE-2023-33905 issue affects the iwnpi server and is described as a missing bounds check causing an out-of-bounds write. Reported impact: local denial of service with System execution privileges required. The documents do not specify affected versions, exploitation details, or available fixes...
CVE-2023-33912
CVE-2023-33912 concerns the Contacts service in UNISOC-induced chipsets where a missing permission check could allow local information disclosure with no additional execution privileges. The available connected documents consistently state that the vulnerability enables local access to informatio...
CVE-2023-44124
The CVE-2023-44124 issue affects the Screen recording app (com.lge.gametools.gamerecorder). The root cause is that the app launches implicit intents that can be intercepted by other apps on the device, and the returned data goes to onActivityResult, enabling theft of arbitrary files. The app stor...
CVE-2023-48355
In CVE-2023-48355, the issue is a missing bounds check in the jpg driver, leading to an out-of-bounds write. The impact is locally exploitable with SYSTEM privileges required and can cause denial of service (availability impact high) while confidentiality and integrity are not affected. Public re...
CVE-2024-20139
CVE-2024-20139 affects MediaTek Bluetooth firmware (ALPS09001270) due to improper handling of exceptional conditions, causing local denial of service without user interaction. Root cause appears to be a firmware assertion under exceptional handling, with exploitation described as requiring adjace...
CVE-2025-48621
CVE-2025-48621 is linked to the Android framework (DefaultTransitionHandler.java), where an insecure default could enable a tapjacking–driven local elevation of privilege. The issue requires user interaction to exploit and affects Android devices prior to patching. Public references note the vuln...
CVE-2014-9872
The CVE-2014-9872 entry concerns the Qualcomm diag driver in Android on Nexus 5 prior to 2016-08-05. The issue is that the diag driver does not ensure unique identifiers in a DCI client table, which could allow a crafted application to escalate privileges. The vulnerability is tied to Android int...
CVE-2014-9908
CVE-2014-9908 corresponds to a Denial of Service vulnerability in Google Android affecting Android 4.4.4, 5.0.2, and 5.1.1. According to the description, a malicious actor could block Bluetooth access on the device (Android Bug ID A-28672558). The connected sources list the affected software vers...
CVE-2014-9949
CVE-2014-9949 is described as a TrustZone vulnerability in Android CAF builds that use the Linux kernel. The issue is an Untrusted Pointer Dereference in TrustZone, with impact articulated as high in the CVSS metrics (LOCAL exploit, low attack complexity, user interaction required, and high confi...
CVE-2014-9964
Technical details about CVE-2014-9964 (affected components, root cause, affected versions, exploitability, remediation) are not publicly provided in the connected documents. Monitor for updates from official sources (NVD, Android bulletins) for specifics.
CVE-2015-3847
CVE-2015-3847 is an Android Bluetooth elevation-of-privilege issue that could allow a crafted application to delete stored SMS messages. The connected Android security bulletin notes this as a moderate-severity vulnerability affecting 5.1.1 and earlier builds, with patches available in builds LMY...
CVE-2015-6624
CVE-2015-6624 affects Android 6.0 and earlier builds; System Server information disclosure allows a crafted application to obtain sensitive permissions (Signature or SignatureOrSystem). The vulnerability is described as a local information-disclosure in System Server, enabling access to restricte...
CVE-2015-9025
CVE-2015-9025 describes a buffer overflow in the QTEE application used in CAF Android builds (Linux kernel). The underlying issue is a buffer overflow in QTEE, enabling potential arbitrary code execution on affected devices. Public references confirm the Android QTEE vulnerability and describe it...
CVE-2015-9034
Summary: CVE-2015-9034 is a buffer overflow in Qualcomm closed-source components used in Android CAF builds with the Linux kernel, caused by a SIP string not being null-terminated. This vulnerability affects Qualcomm components in Android and has a CVSS v3 base score of 9.8 (CRITICAL) with networ...
CVE-2015-9036
CVE-2015-9036 describes a memory-corruption vulnerability in Qualcomm components used in Android CAF builds (Linux kernel). The root cause is an incorrect length used when clearing a memory buffer, which can corrupt adjacent memory. Affected products are Qualcomm/CAF Android releases that rely on...
CVE-2015-9045
CVE-2015-9045 is a buffer overflow vulnerability in Qualcomm GERAN within CAF Android builds that use the Linux kernel. The flaw allows a buffer overflow while taking power measurements, impacting affected Qualcomm components. The CVSS data in the public record indicates a high to critical impact...
CVE-2016-10232
CVE-2016-10232 is an elevation-of-privil... (shortened to fit)
CVE-2016-10233
CVE-2016-10233 is an elevation of privilege in the Qualcomm video driver affecting the Android kernel. The NVD entry documents a CRITICAL impact with a reported base score of 9.8 (CVSS3) and notes the vulnerability relates to the Qualcomm video driver; references include QC-CR#897452. Connected d...
CVE-2016-10239
CVE-2016-10239 involves a potential bypass of the TrustZone access control policy in Android CAF builds using the Linux kernel. The description notes improper input validation that could cause an integer overflow, potentially leading to a buffer overflow and a buffer over-read. The NVD entry also...
CVE-2016-2415
Technical details for CVE-2016-2415 are not publicly provided in the supplied documents. The available records summarize an information-disclosure vulnerability in Exchange ActiveSync/Autodiscover without specifics on affected products, versions, root cause, or fixes. Monitor for updates.
CVE-2016-2436
The CVE-2016-2436 issue affects the NVIDIA video driver on Android devices prior to 2016-05-01 (Nexus 9). It enables a local attacker to gain privileges via a crafted application (internal bug 27299111). The vulnerability is documented in multiple sources (NVD, OSV, Ubuntu, etc.) with the Android...
CVE-2016-2444
CVE-2016-2444 : Elevation of privilege in the NVIDIA media driver on Android (Nexus 9) prior to 2016-05-01. A crafted application could allow a local attacker to gain privileges within the kernel context. Affected component: NVIDIA media driver; affected device: Nexus 9 (Android). Root cause: mem...
CVE-2016-2446
The CVE-2016-2446 entry concerns an Elevation of Privilege in the NVIDIA video driver on Android, affecting Nexus 9 devices prior to the 2016-05-01 patch. The vulnerability could allow a locally installed app to execute arbitrary code in the kernel context, enabling privilege escalation. Affected...
CVE-2016-2456
CVE-2016-2456 affects the MediaTek Wi‑Fi driver in Android One devices (pre May 1, 2016). The issue is an elevation of privilege via a crafted app, tied to internal bug 27275187. Root cause details are not provided beyond this description. The Android Security Bulletin indicates patch levels of M...
CVE-2016-2487
CVE-2016-2487 affects libstagefright in the Mediaserver component of Android. A crafted application can escalate privileges to obtain Signature/SignatureOrSystem access on Android 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-06-01). Impact is elevated privi...
CVE-2016-2495
The CVE-2016-2495 issue affects Android Mediaserver (libstagefright) where SampleTable.cpp can trigger memory corruption during media processing, enabling a crafted file to cause a device hang or reboot. Affected platforms include Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...
CVE-2016-3768
CVE-2016-3768 : Elevation of privilege in the Qualcomm performance component on Android before 2016-07-05 (Nexus 5/6/5X/6P/7 (2013)). Root cause: crafted app exploits Android internal bug 28172137 and Qualcomm bug CR1010644 to gain kernel privileges. Impact: local code execution with high/critica...
CVE-2016-3774
The CVE-2016-3774 entry concerns a privilege-escalation flaw in MediaTek drivers on Android One devices. The affected component is the MediaTek driver stack present in Android prior to 2016-07-05, with root-cause attribution to Android internal bug 29008609 and MediaTek internal bug ALPS02703102....
CVE-2016-3823
CVE-2016-3823 affects the Mediaserver in Android’s mediaserver, specifically the secure-session feature in the mm-video-v4l2 venc component. The issue arises from mishandling heap pointers, enabling a crafted application to gain privileges. Affected products/versions include Android 4.x before 4....
CVE-2016-3834
CVE-2016-3834 affects Android camera APIs where, on Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to the August 2016 patch, a crafted app could bypass access restrictions and disclose details about ANW buffer addresses. This is a local information-disclosure issue i...
CVE-2016-3842
The CVE-2016-3842 issue affects the Qualcomm GPU driver in Android on Nexus 5X, 6, and 6P prior to 2016-08-05. A crafted app could escalate privileges locally due to Android internal bug 28377352 and Qualcomm bug CR1002974. Severity is high (local, user interaction required per CVE data). The pat...
CVE-2016-3847
CVE-2016-3847 is a documented vulnerability in the NVIDIA Tegra kernel driver (NVAVP) where a heap write overflow in the nvavp driver could allow a local attacker to gain privileges or execute code. Public details indicate the issue affects Nexus 9 devices running Android prior to the 2016-08-05 ...
CVE-2016-3848
CVE-2016-3848 corresponds to a race-condition vulnerability in the NVIDIA media driver (kernel nvavp driver) on Android/Nexus 9 prior to 2016-08-05 that could allow a local attacker to escalate privileges via a crafted application. The Android bulletin notes this as an elevation of privilege in t...
CVE-2016-3850
CVE-2016-3850 describes an integer overflow in aboot.c (Qualcomm bootloader) affecting Android devices prior to 2016-08-05, including Nexus 5, 5X, 6P, and 7 (2013). The vulnerability allows privilege escalation via a crafted header field in a boot image. The provided documents do not specify exac...
CVE-2016-3851
CVE-2016-3851 concerns an elevation-of-privilege issue in the LG Electronics bootloader on Nexus 5X devices. The vulnerability arises when a compromised privileged process can be leveraged to gain higher privileges within the system. Public details confirm this is a local escalation risk affectin...
CVE-2016-3858
CVE-2016-3858 is a local-privilege-escalation vulnerability caused by a buffer overflow in drivers/soc/qcom/subsystem_restart.c (Qualcomm subsystem driver) on Android devices. The issue affects Nexus 5X and 6P, where a crafted application sending a long string could escalate privileges. Public de...
CVE-2016-3863
CVE-2016-3863 affects Android's MediaMuxer/LibStagefright AVCC reassembly code (Utils.cpp). Multiple stack-based buffer overflows in the AVCC reassembly path can be triggered by a crafted media file, enabling arbitrary code execution. Affected Android versions include 4.x prior to 4.4.4; 5.0.x pr...
CVE-2016-3865
CVE-2016-3865 affects the Synaptics touchscreen driver in Android on Nexus 5X and Nexus 9, before 2016-09-05. The flaw enables local privilege escalation via a crafted app, caused by elevated-privilege execution within the kernel context. Publicly available patch information is limited; some sour...
CVE-2016-3875
Technical details beyond the Initial Description are not provided in the connected documents. No vendor/product/version/remediation specifics are present. Monitor for updates.
CVE-2016-3884
CVE-2016-3884 affects Android's Notification Manager Service (server/notification/NotificationManagerService.java) in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01. The root cause is missing UID checks, which allows a crafted application to bypass restrictions on method calls, constitut...
CVE-2016-3886
CVE-2016-3886 affects Android 7.0 System UI Tuner (systemui/statusbar/phone/QuickStatusBarHeader.java). The issue: the System UI Tuner on the lockscreen does not prevent tuner changes, enabling a physically proximate attacker to modify a setting and gain privileges. Root cause: ability to modify ...
CVE-2016-3888
CVE-2016-3888 affects Android 4.x (4.4.4+), 5.0.x (5.0.2+), 5.1.x (5.1.1+), 6.x (before 2016-09-01) and 7.0 (before 2016-09-01). The issue, in internal/telephony/SMSDispatcher.java, lets physically proximate attackers bypass Factory Reset Protection and trigger premium SMS sending during Setup Wi...
CVE-2016-3894
CVE-2016-3894 (Android/Qualcomm DMA component) details: The Nexus 6 Qualcomm DMA component prior to 2016-09-05 is affected by an information disclosure vulnerability exploitable by a crafted Android application, enabling local access to sensitive data. Root cause is in the Qualcomm DMA component;...
CVE-2016-3904
CVE-2016-3904 is an elevation of privilege vulnerability in the Qualcomm bus driver affecting Android devices (Nexus 5X, Nexus 6P, Pixel, Pixel XL). The issue could allow a local malicious app to execute arbitrary code in the kernel context after compromising a privileged process. The vulnerabili...
CVE-2016-3917
CVE-2016-3917 affects Android fingerprint login on 6.0.1 and 7.0 before 2016-10-01. The root cause is that the fingerprint authentication process does not track the active user, allowing a physically proximate attacker with lockscreen access to authenticate as another user. Exploitation is local;...
CVE-2016-3922
CVE-2016-3922 affects Android Telephony: libril/RilSapSocket.cpp in the Telephony stack on Android 6.x (before 2016-10-01) and 7.0 (before 2016-10-01) relies on variable-length arrays, enabling privilege elevation via a crafted app. Root cause: use of variable-length arrays in the vulnerable code...
CVE-2016-3923
CVE-2016-3923 : A vulnerability in Android 7.0’s Accessibility services (mishandling motion events) could allow a local, crafted application to perform touchjacking and gain privileges. Affected: Android 7.0 up to the 2016-10-01 patch level (with fixes addressed in the Android 2016-10-01/2016-10-...