Android Security Vulnerabilities and Issues — Page 135 of Android CVE List

5.5CVSS5.2AI score0.00022EPSS

CVE-2023-42631

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.00029EPSS

CVE-2023-42634

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.00029EPSS

CVE-2023-42637

In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.3AI score0.00024EPSS

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.0004EPSS

CVE-2023-42648

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.2AI score0.0004EPSS

CVE-2023-42650

In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE•added 2023/12/04 1:15 a.m.•34 views

CVE-2023-42749

In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.3AI score0.00023EPSS

CVE•added 2023/09/27 3:19 p.m.•34 views

CVE-2023-44121

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things....

6.3CVSS5.4AI score0.0003EPSS

CVE•added 2024/10/07 3:15 a.m.•34 views

CVE-2024-20096

In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635.

4.4CVSS6.2AI score0.00005EPSS

CVE•added 2024/11/04 2:15 a.m.•34 views

CVE-2024-20109

In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065928; Issue ID: MSV-1763.

6.7CVSS7.2AI score0.00011EPSS

CVE•added 2024/11/04 2:15 a.m.•34 views

CVE-2024-20113

6.7CVSS7.2AI score0.00011EPSS

CVE•added 2024/11/04 2:15 a.m.•34 views

CVE-2024-20122

In vdec, there is a possible out of bounds read due to improper structure design. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09008925; Issue ID: MSV-1572.

4.4CVSS6.2AI score0.0001EPSS

CVE•added 2017/06/08 8:29 p.m.•33 views

CVE-2014-7919

b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).

7.5CVSS7.2AI score0.00306EPSS

9.3CVSS7.5AI score0.00071EPSS

CVE-2014-9802

Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.

CVE•added 2017/06/06 2:29 p.m.•33 views

CVE-2014-9946

In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.

9.3CVSS7.2AI score0.00041EPSS

CVE•added 2017/06/06 2:29 p.m.•33 views

CVE-2014-9947

In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist.

5.5CVSS5.7AI score0.00057EPSS

CVE•added 2017/06/13 8:29 p.m.•33 views

CVE-2014-9960

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.

9.3CVSS7.6AI score0.00063EPSS

CVE•added 2017/06/13 8:29 p.m.•33 views

CVE-2014-9964

In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.

9.3CVSS7.6AI score0.00058EPSS

CVE•added 2017/06/13 8:29 p.m.•33 views

CVE-2014-9965

In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.

9.3CVSS7.5AI score0.00058EPSS

10CVSS8.1AI score0.00189EPSS

CVE-2014-9977

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.

10CVSS8.1AI score0.00189EPSS

CVE-2014-9978

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.

CVE•added 2016/08/07 9:59 p.m.•33 views

CVE-2015-3854

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.

7.5CVSS7.2AI score0.00119EPSS

CVE•added 2015/12/08 11:59 p.m.•33 views

CVE-2015-6625

System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840.

4.3CVSS6.2AI score0.001EPSS

10CVSS7.7AI score0.00152EPSS

CVE-2015-9046

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.

10CVSS7.8AI score0.00152EPSS

CVE-2015-9052

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.

10CVSS7.8AI score0.00152EPSS

CVE-2015-9055

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.

CVE•added 2016/04/18 12:59 a.m.•33 views

CVE-2016-0844

The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.

8.4CVSS7.8AI score0.00016EPSS

CVE•added 2017/05/16 2:29 p.m.•33 views

CVE-2016-10239

In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur...

9.3CVSS7.8AI score0.00063EPSS

10CVSS7.7AI score0.00152EPSS

CVE-2016-10347

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.

CVE•added 2016/04/18 12:59 a.m.•33 views

CVE-2016-2411

A Qualcomm Power Management kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages root access, aka internal bug 26866053.

9.3CVSS6.4AI score0.00064EPSS

CVE•added 2016/04/18 12:59 a.m.•33 views

CVE-2016-2418

media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstr...

10CVSS7.9AI score0.00201EPSS

CVE•added 2016/06/13 1:59 a.m.•33 views

CVE-2016-2483

The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem ...

9.3CVSS8.1AI score0.00043EPSS

CVE•added 2016/06/13 1:59 a.m.•33 views

CVE-2016-2487

libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27833616.

9.3CVSS8AI score0.00067EPSS

CVE•added 2016/08/05 8:59 p.m.•33 views

CVE-2016-2497

services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted application, aka internal bug 27450489.

7.5CVSS6.9AI score0.00155EPSS

9.8CVSS8.8AI score0.00733EPSS

CVE-2016-3743

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 does not initialize certain data structures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 27907656.

7.8CVSS7.4AI score0.00061EPSS

CVE-2016-3752

internal/app/ChooserActivity.java in the ChooserTarget service in Android 6.x before 2016-07-01 mishandles target security checks, which allows attackers to gain privileges via a crafted application, aka internal bug 28384423.