7772 matches found
CVE-2016-3768
The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28172137 and Qualcomm internal bug CR1010644.
CVE-2016-3770
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.
CVE-2016-3773
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.
CVE-2016-3814
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28193342.
CVE-2016-3823
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka internal bug 28815329.
CVE-2016-3827
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.
CVE-2016-3830
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS data, aka internal bug 29153599.
CVE-2016-3863
Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to execute arbitrary code via a craft...
CVE-2016-3869
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.
CVE-2016-3896
AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.
CVE-2016-3908
The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device's PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.
CVE-2016-3917
The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668.
CVE-2016-6685
The kernel in Android before 2016-10-05 on Nexus 6P devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30402628.
CVE-2016-6696
sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.
CVE-2016-6719
An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to pair with any Bluetooth device without user consent. This issue is r...
CVE-2016-8472
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-3153...
CVE-2017-13187
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.
CVE-2017-13203
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634.
CVE-2017-13241
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
CVE-2017-14869
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.
CVE-2017-14883
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to...
CVE-2017-18051
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read.
CVE-2017-18656
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 (August 2017).
CVE-2017-18693
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017).
CVE-2017-8238
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.
CVE-2017-9718
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.
CVE-2018-11275
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.
CVE-2018-11826
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler.
CVE-2018-11836
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function.
CVE-2018-11891
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function.
CVE-2018-11895
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame.
CVE-2018-11902
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST.
CVE-2018-11912
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of daemons may lead to unprivileged access.
CVE-2018-13889
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed
CVE-2018-21047
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Factory Reset Protection (FRP) bypass via the voice assistant because Internet access begins before the Setup Wizard finishes. The Samsung ID is SVE-2018-12894 (November 2018).
CVE-2018-21048
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).
CVE-2018-21062
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2...
CVE-2018-21080
An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018).
CVE-2018-21088
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018).
CVE-2018-21090
An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018).
CVE-2018-3572
While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVE-2018-3573
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur.
CVE-2018-3576
improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVE-2018-3599
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur.
CVE-2018-5822
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.
CVE-2018-5843
In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed ...
CVE-2018-5853
A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition.
CVE-2018-5855
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur.
CVE-2018-5887
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.
CVE-2018-5905
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access.