Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/09/11 9:0 p.m.43 views

CVE-2016-3897

CVE-2016-3897 affects Android Wi‑Fi: the WifiEnterpriseConfig.java class’s toString() returns the stored password, enabling information disclosure. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-09-01. Root cause: sensitive password data is exposed in ...

5.5CVSS5.6AI score0.00605EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.43 views

CVE-2016-3900

CVE-2016-3900 affects Android’s ServiceManager (cmds/servicemanager/service_manager.c). The flaw in ServiceManager allowed a crafted application to register privileged services, enabling local privilege escalation. Affected: Android 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-10-01; 7...

9.3CVSS8AI score0.00557EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.43 views

CVE-2016-5855

CVE-2016-5855 affects the Qualcomm SPCom driver in Qualcomm AMSS/Android stacks. The root cause is a user‑supplied buffer being cast to a structure without validating the source buffer size, potentially leading to memory corruption or information exposure as described in the CVE entry. Connected ...

4.7CVSS5.4AI score0.00457EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.43 views

CVE-2016-5858

CVE-2016-5858: A vulnerability in the ioctl handler of Qualcomm components used in Android for MSM, Firefox OS for MSM, and QRD Android. If a user supplies a value that is too large, it can cause an out-of-bounds read, leading to potential information disclosure. The description specifies the aff...

4.7CVSS5.3AI score0.00544EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.43 views

CVE-2016-6680

CNVD-2016-09390 describes CVE-2016-6680 as an information disclosure vulnerability in the Qualcomm CORE/HDD WLAN driver (wlan_hdd_wext.c) on Android devices, prior to 2016-10-05, affecting Nexus 5X and Android One. An attacker could obtain sensitive information by inducing a crafted application t...

7.8CVSS7.5AI score0.00546EPSS
CVE
CVE
added 2016/12/13 7:0 p.m.43 views

CVE-2016-6722

CVE-2016-6722 describes an information-disclosure vulnerability in libstagefright within Mediaserver. A local attacker could exploit Mediaserver while processing media to access data outside the application’s permitted scope. Affected Android versions include 4.x before 4.4.4, 5.0.x before 5.0.2,...

5.5CVSS5.3AI score0.00467EPSS
CVE
CVE
added 2017/01/27 5:0 p.m.43 views

CVE-2016-8411

CVE-2016-8411 is a buffer overflow in Android’s QMI QOS TLV processing (qmi_qos_srvc.c). Reported as CRITICAL with CVSSv3 base 9.8, exploitable over network with no user interaction. Affected: Android devices including versions containing qmi_qos_srvc.c. Root cause: buffer overflow while parsing ...

10CVSS8.7AI score0.00888EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.43 views

CVE-2017-11048

CVE-2017-11048 affects Qualcomm Video driver in Android on MSM CAF platforms using the Linux kernel. The vulnerability stems from a Use-After-Free in a display driver function, leading to Elevation of Privilege (EoP) on affected devices. Connected sources corroborate the issue as a Qualcomm video...

7.8CVSS7.2AI score0.00169EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.43 views

CVE-2017-13187

CVE-2017-13187 is an information-disclosure vulnerability in the Android media framework (libhevc). Affected products/versions (per sources) include Android 7.0–8.1. The root cause is described as a information disclosure issue in libhevc within the Media framework. Impact is partial confidential...

9.1CVSS7.1AI score0.00508EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.43 views

CVE-2017-13192

CVE-2017-13192 affects Android Media Framework (HEVC decoder) via ihevcd_parse_slice_header.c. The issue arises when a slice address is zero after the first slice, causing an infinite loop in slice header parsing and enabling remote denial of service without user interaction. Affected Android ver...

7.8CVSS7.3AI score0.0173EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.43 views

CVE-2017-13239

CVE-2017-13239 is an information-disclosure vulnerability in Android 8.0’s UI framework (framework UI). Affected product: Android 8.0 on Pixel/Nexus devices; vulnerability in the UI framework could allow an attacker to obtain sensitive information. According to the Pixel security bulletin, the is...

7.5CVSS6.5AI score0.00441EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.43 views

CVE-2017-13264

CVE-2017-13264 affects Android’s media framework, specifically the Avcdec component, across Android 6.0–8.1 (6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1). The Pixel/Android bulletin assigns DoS risk (high) for affected devices and lists versions updated by the 2018-03-05 patch level (AOSP changes add...

7.5CVSS7.2AI score0.00422EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.43 views

CVE-2017-14877

CVE-2017-14877 affects the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-08-31. Root cause: there is no mutex lock around allocated memory when processing IOCTLs, enabling a use-after-free if IPA_IOC_QUERY_RT_TBL_INDEX and IPA_IOC_DEL_RT_RULE are issued concurre...

9.8CVSS9.1AI score0.00605EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.43 views

CVE-2017-14879

CVE-2017-14879 affects the Qualcomm IPA driver (Android on Google Pixel/Nexus) via an IPA ioctl path that uses ipa_idr_find(), which can return a wrong structure pointer, causing slab out-of-bounds access in the IPA driver. This is listed as Elevation of Privilege (EoP) with a Moderate severity i...

8.8CVSS7.3AI score0.00364EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.43 views

CVE-2017-14883

CVE-2017-14883 affects Android for MSM, Firefox OS for MSM, and QRD Android prior to 2017-10-18. The issue arises in wma_unified_power_debug_stats_event_handler() when FW command buffer’s param_buf->num_debug_register is near the 32‑bit uint max; the calculation for stats_registers_len may ove...

9.8CVSS9AI score0.00698EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.43 views

CVE-2017-14901

CVE-2017-14901 describes a buffer overrun in the Qualcomm WLAN driver within Android for MSM/CAF Linux kernel when handling QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE with a TXPOWER_SCALE attribute of fewer than 1 byte. Affected components include Android devices using CAF/Linux kernel implement...

7.8CVSS7.2AI score0.00138EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.43 views

CVE-2017-15833

CVE-2017-15833 affects Android on MSM builds (and related Firefox OS for MSM, QRD Android) with CAF Linux kernel, where untrusted pointer dereference in update_userspace_power() within the power driver can lead to information exposure. The description consistently links this issue to Qualcomm pow...

7.8CVSS7AI score0.0016EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.43 views

CVE-2017-18051

CVE-2017-18051 affects Android for MSM, Firefox OS for MSM, and QRD Android builds based on CAF Linux kernel. The root cause is improper input validation of event->vdev_id in wma_rcpi_event_handler() (received from firmware), which can lead to an out-of-bounds memory read. This vulnerability i...

7.5CVSS7.1AI score0.00542EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.43 views

CVE-2017-18064

CVE-2017-18064 affects Android for MSM, Firefox OS for MSM, and CAF Android builds that use the Linux kernel. The issue is caused by improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is obtained from firmware, leading to a potential buffer overflow. The vulnerability is as...

7.8CVSS7.2AI score0.00216EPSS
CVE
CVE
added 2018/03/12 1:0 p.m.43 views

CVE-2017-6287

CVE-2017-6287 affects NVIDIA libnvrm in Android, caused by a missing bounds check that enables an out-of-bounds read and local information disclosure. Multiple sources (NVD, CNVD, Prion/N-CVE references) describe it as a moderate-severity information-disclosure issue in the media framework compon...

5.5CVSS5.3AI score0.00132EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.43 views

CVE-2017-6423

CVE-2017-6423 is an elevation-of-privilege flaw in the Qualcomm Kyro L2 driver within the Android kernel. The vulnerability could allow a local attacker to execute arbitrary code with kernel privileges on affected devices (Pixel and Pixel XL are listed in the Android bulletin). The root cause is ...

7CVSS7.3AI score0.0018EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.43 views

CVE-2017-6425

CVE-2017-6425 is an information-disclosure vulnerability in the Qualcomm video driver embedded in the Android kernel. The issue affects Pixel and Pixel XL devices (and is tied to Qualcomm video components) and could allow a local attacker to access data outside of normal permission boundaries. Th...

4.3CVSS4.7AI score0.00421EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.43 views

CVE-2017-8233

CVE-2017-8233 : This vulnerability affects Android CAF camera driver code on all CAF Android releases using the Linux kernel. The issue is a missing bounds check when writing into an array, which can lead to an out-of-bounds heap write. The provided documents do not specify affected product versi...

9.3CVSS7.4AI score0.00363EPSS
CVE
CVE
added 2017/08/11 3:0 p.m.43 views

CVE-2017-8271

CVE-2017-8271 describes an out-of-bounds memory write in the MDSS Rotator driver used by Qualcomm components on Android CAF builds using the Linux kernel. The issue arises from an unsanitized userspace-controlled parameter, enabling a local attacker to cause memory corruption. The CVSS indicates ...

7.8CVSS7.2AI score0.00356EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2017-8272

CVE-2017-8272 affects Qualcomm components in Android CAF builds using the Linux kernel. In a driver function, a value supplied from userspace is not properly validated, potentially causing an out-of-bounds heap write. The vulnerability is described as a kernel-level issue with the potential for m...

7.8CVSS7.2AI score0.00356EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.43 views

CVE-2017-9703

CVE-2017-9703 is a race condition in a Camera driver on Android for MSM, Firefox OS for MSM, and QRD Android (CAF Linux kernel). This Use-After-Free vulnerability is rated CVSS v3.0 base score 7.0 (HIGH) with LOCAL attack vector, high impact on confidentiality, integrity, and availability; CVSS v...

7CVSS6.4AI score0.00098EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.43 views

CVE-2017-9705

CVE-2017-9705 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel, where the G-Link PKT driver’s concurrent rx notifications and read() operations can trigger a double-free due to missing locking. This can cause list_del() and list_add() to overlap and corru...

7.8CVSS7.1AI score0.00152EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.43 views

CVE-2017-9722

CVE-2017-9722 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernels. The vulnerability arises when updating a custom EDID (hdmi_tx_sysfs_wta_edid) and the edid_size (controlled by userspace) is too large, causing a buffer overflow. Connected documents corrobo...

7.8CVSS7.4AI score0.00154EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.43 views

CVE-2018-11273

The CVE-2018-11273 entry describes a double-free in voice_svc_dev when CAF’s Linux kernel device allocation hits cdev_alloc_err and device_destroy frees all resources. Affected are Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF’s kernel. The root cause is that voice_svc_dev...

7.8CVSS7.4AI score0.00191EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.43 views

CVE-2018-11274

CVE-2018-11274 is documented in the Pixel Security Bulletin under Qualcomm components (Audio). The entry classifies it as a moderate-impact audio buffer overflow affecting Qualcomm Audio; no exploitation details are provided in the supplied documents. The bulletin notes security patch levels of 2...

7.8CVSS7.7AI score0.00191EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.43 views

CVE-2018-11286

CVE-2018-11286 pertains to CAF-based Android releases (Android for MSM, Firefox OS for MSM, QRD Android) running the Linux kernel, where a use-after-free occurs when accessing the global variable debug_client in a multi-threaded context. The issue is a memory-management bug in the kernel-componen...

7.8CVSS7.7AI score0.00169EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.43 views

CVE-2018-11295

The CVE-2018-11295 issue affects Qualcomm WLAN Host in Android on Pixel/Nexus devices, tied to the CAF Linux kernel WMA handler where a fixed event data length from firmware can trigger an out-of-bounds write if length fields exceed the maximum. The Android Pixel bulletin lists CVE-2018-11295 und...

7.8CVSS7.4AI score0.00192EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.43 views

CVE-2018-11298

CVE-2018-11298 concerns a buffer overflow in Qualcomm WLAN Host within Android CAF builds using the Linux kernel. During processing of the SET_PASSPOINT_LIST command, the realm string passed from upper layers is not guaranteed to be NULL terminated, allowing strlen to determine its length and con...

7.8CVSS7.7AI score0.00202EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.43 views

CVE-2018-11895

CVE-2018-11895 involves Qualcomm WLAN HOST components in Android CAF/linux-based WLAN stack. The available documents indicate a root cause of an improper length check in a WLAN function, which can cause the driver to write the default RSN capabilities into memory not allocated for the frame. The ...

7.8CVSS7.4AI score0.00202EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.43 views

CVE-2018-11903

CVE-2018-11903 affects CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android) that use the Linux kernel. The vulnerability arises from a lack of length validation for a value received from a caller function that is used as an index into WMA interfaces, enabling an out-of-bounds wri...

7.8CVSS7.4AI score0.00177EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.43 views

CVE-2018-11919

Technical details (affected products, root cause, impact, and fixes) are not publicly available in the provided documents. Monitor for updates.

7.8CVSS7.7AI score0.00207EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.43 views

CVE-2018-11962

CVE-2018-11962 affects Qualcomm audio components. The issue is a Use-After-Free in the heap during loading of audio effects config in the audio effects factory. It is a local (LOCAL) vulnerability with low attack complexity and requires no user interaction, per CVSS data (AV:L, AC:L, PR:L, UI:N, ...

7.8CVSS5.9AI score0.00184EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.43 views

CVE-2018-11963

CVE-2018-11963 affects Android platforms based on CAF’s Linux kernel, with the issue localized to the camera JPEG driver. The root cause is a buffer overread caused by non-null terminated strings during processing of vsprintf, potentially enabling a local attacker with access to expose or corrupt...

7.8CVSS7.4AI score0.00178EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.43 views

CVE-2018-11983

CVE-2018-11983 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built on CAF’s Linux kernel. The vulnerability is a kernel memory-management error where code accesses freed mask pointers after reallocating memory for a mask table, constituting a fault in the kernel’s ha...

7.8CVSS7.3AI score0.00143EPSS
CVE
CVE
added 2020/04/08 5:42 p.m.43 views

CVE-2018-21059

The CVE-2018-21059 entry describes an information-disclosure issue on Samsung mobile devices running Android N (7.x) and O (8.x). Clipboard content is visible in the locked state via the emergency contact picker, exposing potentially sensitive data. Samsung’s internal identifier SVE-2018-11806 is...

7.5CVSS7.6AI score0.00413EPSS
CVE
CVE
added 2020/04/08 5:39 p.m.43 views

CVE-2018-21060

Technical details about CVE-2018-21060 are not publicly provided in the supplied documents. Monitor for updates. The records reiterate a Samsung keyboard-leak issue but do not specify affected components, versions, or fixes.

7.5CVSS7.5AI score0.00413EPSS
CVE
CVE
added 2020/04/08 5:31 p.m.43 views

CVE-2018-21061

CVE-2018-21061 affects Samsung mobile devices running N(7.1) and O(8.x). The issue allows a counterfeit/“fake” charger to execute critical functions while the device is locked, enabling partial confidentiality, integrity, and availability impacts as indicated in CVSS vectors. The problem is descr...

6.8CVSS6.8AI score0.00135EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.43 views

CVE-2018-3561

CVE-2018-3561 is a Qualcomm Diagchar-related issue affecting Android on MSM devices. The root cause is a race condition in diag_ioctl_lsm_deinit() that leads to a Use-After-Free condition. The vulnerability is characterized as Elevation of Privilege (EoP) with local access requirements and high i...

7CVSS6.6AI score0.001EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.43 views

CVE-2018-3574

CVE-2018-3574 describes a vulnerability in CAF Android kernel userspace cache maintenance for ION buffers where the ION_FLAG_SECURE flag is not set, causing the kernel to perform cache maintenance on memory that does not belong to HLOS. The provided sources (NVD entry and Debian/Ubuntu security t...

5.5CVSS5.3AI score0.00273EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.43 views

CVE-2018-3578

CVE-2018-3578 is a heap overflow in the Qualcomm WLAN component caused by a type mismatch for ie_len, leading Android CAF/Linux kernel builds to allocate insufficient heap memory. The issue is described as a local vulnerability with HIGH impact (CVSS3: LOCAL, LOW complexity, NO privileges, USER i...

9.3CVSS5.6AI score0.00455EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.43 views

CVE-2018-3587

CVE-2018-3587 is tied to the Qualcomm qcacld-2.0 WLAN driver in Android CAF builds, where a Use-After-Free in a firmware memory dump feature can lead to Elevation of Privilege (EoP). The NVD listing shows a CVSS v3 base score of 7.8 (HIGH) with LOCAL attack vector, low complexity, and privileges ...

7.8CVSS7.1AI score0.00187EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.43 views

CVE-2018-3599

CVE-2018-3599 is a Use-After-Free in Qualcomm Core Services affecting Qualcomm Android for MSM/CAF-based Android builds (Linux kernel pre-2018-04-05 patch). The issue occurs when notifying a DCI client, enabling EoP with high/critical impact per the Android Pixel bulletin. Mitigation is to apply ...

9.8CVSS8.6AI score0.00476EPSS
CVE
CVE
added 2018/06/15 8:0 p.m.43 views

CVE-2018-5863

CVE-2018-5863 is a buffer overflow in WLAN HOST caused by an overly large WPA RSN IE length processed by wlan_hdd_cfg80211_set_ie(). Affected are Android releases (Android for MSM, Firefox OS for MSM, QRD Android) provided by CAF on the Linux kernel. The description confirms a memory corruption v...

7.8CVSS7.5AI score0.00151EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.43 views

CVE-2018-5893

CVE-2018-5893 is a buffer overwrite in the Qualcomm WLAN driver (htt_t2h_msg_handler_fast()) within Android CAF/Linux kernel for MSM devices. Root cause: buffer overwrite during firmware message processing. Affected: Qualcomm WLAN component in Android on CAF Android for MSM, Firefox OS for MSM, Q...

7.8CVSS7.4AI score0.00184EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.43 views

CVE-2018-5896

CVE-2018-5896 affects Android CAF builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) prior to the 2018-06-05 security patch level. The issue is a kernel panic caused by an out-of-bounds read from not checking the source buffer length against the packet stream length ...

7.1CVSS6.9AI score0.00164EPSS
Total number of security vulnerabilities8153