Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/07/04 1:44 a.m.43 views

CVE-2023-20760

CVE-2023-20760 affects MediaTek devices via the apu component, with an out-of-bounds write caused by a missing bounds check. This can enable local escalation of privilege to System execution level without user interaction. Exploitation details are not provided in the documents, but a patch (ALPS0...

6.7CVSS6.7AI score0.00114EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.43 views

CVE-2023-20766

CVE-2023-20766 describes a local out-of-bounds write in the gps component caused by a missing bounds check, enabling local privilege escalation with system-level execution privileges, and no user interaction required. A patch is available (Patch ID ALPS07573237; Issue ID ALPS07573202). No exploit...

6.7CVSS6.7AI score0.00114EPSS
CVE
CVE
added 2023/07/04 1:44 a.m.43 views

CVE-2023-20771

CVE-2023-20771 involves a memory corruption issue caused by a race condition in the display path, enabling local escalation to SYSTEM privileges with no user interaction. Reported affected MediaTek-based chips include MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT8168, and MT8...

6.4CVSS6.7AI score0.0008EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.43 views

CVE-2023-20784

CVE-2023-20784 describes an out-of-bounds write in the keyinstall component due to a missing bounds check, enabling local escalation of privilege with SYSTEM execution privileges required and no user interaction. The vulnerability is associated with MediaTek-based chip environments as per multipl...

6.7CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21316

CVE-2023-21316 affects Google Android: an information-disclosure side channel in content that lets an app determine whether another app is installed without query permissions. Local attack with no user interaction; no explicit exploit details or affected versions are provided in the documents. Re...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.43 views

CVE-2023-30924

CVE-2023-30924 involves a missing permission check in the messaging service, enabling local information disclosure without extra execution privileges. The NVD entry assigns CVSS v3.1 base score 5.5 (Local, Low attack complexity, Privileges Required: Low, Confidentiality Impact: High) and notes it...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/07/12 8:31 a.m.43 views

CVE-2023-30939

CVE-2023-30939 affects the telephony service with a missing permission check, enabling local information disclosure without extra privileges. Connected sources identify impacted platforms (e.g., UNISOC chipsets) and confirm the root cause as a lack of privilege validation in telephony components....

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/09/04 2:28 a.m.43 views

CVE-2023-32816

The CVE-2023-32816 entry describes a vulnerability in the gnss service where an out-of-bounds read results from improper input validation. The issue can lead to local information disclosure with system execution privileges required and does not require user interaction. A patch is identified: ALP...

4.4CVSS4.3AI score0.00089EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.43 views

CVE-2023-32857

MediaTek chipsets (display module) are affected by CVE-2023-32857 due to an incorrect status check that allows an out-of-bounds read, enabling local information disclosure with SYSTEM privileges required and no user interaction. A patch is referenced (ALPS07993705; ALPS07993710). Exploitation sta...

4.4CVSS4.2AI score0.00109EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.43 views

CVE-2023-32867

CVE-2023-32867 affects MediaTek devices via the Display DRM module, where a missing bounds check can cause an out-of-bounds write. This can lead to local privilege escalation to System without user interaction. Patch ID ALPS07560793 (Issue ALPS07560793) is referenced as a fix. Documented impact i...

6.7CVSS6.7AI score0.00111EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.43 views

CVE-2023-33883

CVE-2023-33883 involves a missing permission check in the telephony service that could allow local information disclosure without extra execution privileges. Sources consistently describe a local-privilege check omission as the root cause. Affected products include UNISOC chipsets/telephony imple...

5.5CVSS5.2AI score0.00093EPSS
CVE
CVE
added 2023/07/12 8:32 a.m.43 views

CVE-2023-33891

CVE-2023-33891 affects the telephony service due to a missing permission check, enabling local information disclosure without additional privileges. The provided documents identify the issue and its impact but do not specify affected products, exact patch versions, or remediation steps. Exploitat...

5.5CVSS5.2AI score0.00092EPSS
CVE
CVE
added 2023/09/04 1:16 a.m.43 views

CVE-2023-33916

CVE-2023-33916 affects vowifiservice. The connected documents indicate a missing permission check in vowifiservice that could allow local information disclosure without additional execution privileges. The NVD entry lists a CVSS 3.1 vector (Local, Low attack complexity, Privileges Required: Low, ...

5.5CVSS5.2AI score0.00081EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.43 views

CVE-2023-42678

CVE-2023-42678 affects the imsservice in UNISOC chipsets. The root cause is a missing permission check that allows writing permission usage records for an app, enabling local information disclosure without additional execution privileges. The NVD entry (CVSS v3.1: LOCAL attack vector, LOW complex...

5.5CVSS5.2AI score0.00095EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.43 views

CVE-2023-42685

Technical details about CVE-2023-42685 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.43 views

CVE-2023-42695

CVE-2023-42695 : In the wifi service, a missing permission check could allow local escalation of privilege. Multiple sources (NVD, Red Hat, CVE listing, CNNVD) describe this issue as a local, low-privilege path to obtain HIGH impact on confidentiality, integrity, and availability, with CVSSv3.1 b...

7.8CVSS7.8AI score0.00097EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.43 views

CVE-2023-42749

CVE-2023-42749 affects the EngineerMode service in UNISOC chipsets. The vulnerability arises from a missing permission check in enginnermode, enabling an attacker with local access to write permission usage records and potentially disclose information. According to NVD metrics, it is a Local, Low...

5.5CVSS5.3AI score0.00094EPSS
CVE
CVE
added 2024/01/18 2:44 a.m.43 views

CVE-2023-48358

CVE-2023-48358 is an out-of-bounds write in the DRM driver caused by a missing bounds check, leading to local denial of service with SYSTEM privileges. Affected component: DRM driver (noted in Red Hat/NVD records; associated with Unisoc chipsets per CNNVD). CVSS v3.1 metrics indicate a MEDIUM bas...

4.4CVSS4.8AI score0.00082EPSS
CVE
CVE
added 2026/01/16 6:19 p.m.43 views

CVE-2025-48647

CVE-2025-48647 affects the Google CPM IPC path: cpm_fwtp_msg_handler in cpm/google/lib/tracepoint/cpm_fwtp_ipc.c. The issue is a memory overwrite caused by improper input validation, enabling local elevation of privilege with no additional privileges or user interaction required. Impact is descri...

7.8CVSS6.5AI score0.00089EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.42 views

CVE-2014-9959

CVE-2014-9959 is described as an elevation of privilege vulnerability affecting Qualcomm closed‑source components within Android, specifically the Android kernel. The initial description notes an elevation of privilege with high/critical impact, but the connected documents only reiterate the exis...

10CVSS8.7AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2014-9963

CVE-2014-9963 describes a buffer overflow in WideVine DRM present in Android CAF builds using the Linux kernel. The connected sources confirm a DRM component buffer overflow, implying potential arbitrary code execution under certain conditions, with CVSS indicating HIGH severity (local access, us...

9.3CVSS7.7AI score0.00625EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2014-9965

Technical details about CVE-2014-9965 are not publicly available in the provided connected documents. The descriptions restate the parsing issue in Android CAF/Linux SCM call handling; monitor for updates from the cited sources.

9.3CVSS7.5AI score0.00599EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2014-9977

CVE-2014-9977 describes a buffer overflow in the PlayReady DRM within Qualcomm closed‑source components used by Android CAF on Linux, enabling potential arbitrary code execution or denial of service as described in linked CNVD/NVD entries. Affected: Qualcomm PlayReady DRM in Android CAF/Linux ker...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2014-9978

CVE-2014-9978 (and related CNVD-2017-25680) describes a buffer overflow in the QTEE service of Qualcomm closed‑source components used by Android CAF/Linux kernels. The vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service within Qualcomm/Android enviro...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/06/06 6:0 p.m.42 views

CVE-2015-3830

Technical details for CVE-2015-3830 are not publicly available in the provided connected documents; monitor for updates.

6.5CVSS6.3AI score0.00474EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2015-8890

The CVE-2015-8890 issue affects Android on Nexus 5 and Nexus 7 (2013) where platform/msm_shared/partition_parser.c in the Qualcomm component does not validate certain GPT data, allowing a crafted MMC to bypass access restrictions. The root cause is insufficient validation of GPT data in the parti...

9.3CVSS7.3AI score0.00543EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.42 views

CVE-2015-9003

In CVE-2015-9003, a cryptographic issue in TrustZone could potentially affect all Android releases from CAF using the Linux kernel. The connected documents identify TrustZone/Android CAF/Linux kernel as the affected area, but do not provide detailed root cause, affected subcomponents, specific vu...

9.3CVSS7.4AI score0.00578EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2015-9021

CVE-2015-9021 describes a security issue where, in all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. The entry lists a MEDIUM overall impact (CVSS2: AV:N/AC:M/Au:N/C:N/I:N/A:P; CVSS3: LOCAL, LOW/L, NONE to partial impacts) and indicates no public...

5.5CVSS5.8AI score0.00473EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9039

Summary: CVE-2015-9039 affects the Qualcomm eMBMS component in Android CAF builds that use the Linux kernel. The root cause is an assertion that can be reached by a sequence of downlink messages in eMBMS, enabling a potential unauthorized operation. The vulnerability has a high/critical impact pr...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9046

Technical details about CVE-2015-9046 are not publicly provided in the supplied documents. No specific impact, affected products, or fixes are disclosed here. Monitor for updates.

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9050

CVE-2015-9050 describes an out-of-bounds access during a CA call in Qualcomm CAF Android/Linux kernel components. The NVD entry assigns CRITICAL risk (CVSS3: 9.8) with network attack vector and no user interaction. Connected documents refer to Qualcomm/Android out-of-bounds issues but do not prov...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9052

CVE-2015-9052 affects Qualcomm components in Android CAF builds using the Linux kernel LTE stack; the issue is an assertion that can be reached while processing a downlink message. The provided documents do not specify affected product versions, exact root cause details, exploit status, or availa...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.42 views

CVE-2016-0830

CVE-2016-0830 affects Android 6.x Bluetooth; btif_config.c handling of configuration entries can cause memory corruption and a persistent daemon crash when many entries are triggered, leading to remote DoS. The issue is tied to internal bug 26071376. Remediation is upgrading to patch level March ...

6.5CVSS6.5AI score0.00531EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.42 views

CVE-2016-10231

CVE-2016-10231 is an elevation-of-privilege vulnerability in the Qualcomm sound codec driver affecting the Android kernel. The issue could allow a local attacker with access to the device to execute code with kernel privileges. Public references in the connected records tie it to the Qualcomm sou...

9.3CVSS8AI score0.00651EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2016-10382

CVE-2016-10382 affects Qualcomm products running CAF Android builds on the Linux kernel. The issue is insufficient access control for the I2C bus, enabling potential improper access. Public details consistently describe it as a high-severity vulnerability with a CVSSv3 base score of 9.8 (CRITICAL...

10CVSS7.8AI score0.00805EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.42 views

CVE-2016-2458

The CVE-2016-2458 issue affects AOSP Mail: the compose functionality in Android 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-05-01) does not adequately restrict attachments, enabling information disclosure via a crafted app related to ComposeActivity.java and ComposeActivityEmail.java....

5.5CVSS5.5AI score0.00471EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-2501

CVE-2016-2501 affects the Qualcomm camera driver in Android before 2016-07-05 on Nexus devices (5X/6/6P/7). The vulnerability enables elevation of privilege by a local attacker via a crafted app, due to issues in the Qualcomm camera driver (Android internal bug 27890772; Qualcomm internal bug CR1...

9.3CVSS7.5AI score0.00502EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-2507

CVE-2016-2507 affects Android Mediaserver (libstagefright) via an integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c. The issue can allow a remote attacker to execute arbitrary code or cause a denial of service through a crafted media file. Affected Android versions include 4.x up to...

9.3CVSS7.9AI score0.0116EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-3748

CVE-2016-3748 affects the Android 6.x sockets subsystem. A local attacker could bypass intended system-call restrictions by a crafted app making an ioctl call, via internal bug 28171804. The published details indicate an elevation-of-privilege flaw in sockets (local access to system calls outside...

8.4CVSS7.5AI score0.00367EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-3754

CVE-2016-3754 affects Android Mediaserver: Mediaserver in Android versions 4.x up to 4.4.4, 5.x up to 5.0.2/5.1.x up to 5.1.1, and 6.x up to 2016-07-01 mishandles memory limits for process memory, allowing remote attackers to cause a denial of service (device hang or reboot) by feeding a crafted ...

7.8CVSS7AI score0.00941EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-3761

CVE-2016-3761 affects Android NFC: NfcService.java in the NFC stack is vulnerable on Android 4.x up to 4.4.3, 5.0.x up to 5.0.1, 5.1.x up to 5.1.0, and 6.x prior to the 2016-07-01 patch level. A crafted background application can cause a foreground-app information disclosure. Root cause is descri...

4CVSS4.6AI score0.0018EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-3765

CVE-2016-3765 affects Android 6.x Mediaserver, specifically the decoder/impeg2d_bitstream.c component. The flaw allows an attacker-controlled crafted app to trigger an out-of-bounds read in Mediaserver during media file processing, enabling potential information disclosure from process memory and...

7.7CVSS7.1AI score0.00391EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-3800

CVE-2016-3800 describes a privilege-escalation flaw in the MediaTek video driver on Android One devices prior to 2016-07-05, allowing a crafted app to gain elevated privileges through Mediaserver/kernel context. Connected sources confirm the issue is tied to the MediaTek video driver and Android ...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.42 views

CVE-2016-3813

CVE-2016-3813 is an information-disclosure vulnerability in the Qualcomm USB driver affecting Android on Nexus 5, 5X, 6, and 6P prior to 2016-07-05. A local attacker could exfiltrate sensitive data via a crafted application due to Android internal bug 28172322 and Qualcomm internal bug CR1010222....

5.5CVSS5.5AI score0.00426EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.42 views

CVE-2016-3827

CVE-2016-3827 affects Android 6.0.1 Mediaserver (libstagefright: codecs/hevcdec/SoftHEVC.cpp). The root cause is mishandling decoder errors, enabling a denial of service (device hang or reboot) via a crafted media file. Affected的是MediaServer/Mediaserver component; no explicit exploit details are ...

7.1CVSS5.7AI score0.00574EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.42 views

CVE-2016-3864

CVE-2016-3864 affects the Qualcomm Radio Interface Layer in Android on Nexus 5, 5X, 6, 6P, and Android One devices prior to 2016-09-05. A crafted application can privilege-escalate to the attacker’s context via the RIL, per Android/Qualcomm bug references. Impact is local privilege escalation wit...

9.3CVSS7.5AI score0.00471EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.42 views

CVE-2016-3868

CVE-2016-3868 affects the Qualcomm power driver on Nexus 5X and 6P, enabling local privilege escalation via a crafted app. Root cause is in the Qualcomm power driver before 2016-09-05 (Android builds for Nexus devices). The issue is listed as High severity in the 2016-09 Android bulletin; patches...

9.3CVSS7.5AI score0.00623EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.42 views

CVE-2016-3932

CVE-2016-3932 describes an elevation-of-privilege flaw in Android Mediaserver. Mediaserver on Android versions prior to the 2016-10-05 patch level is exploitable by a malicious application that crafts an app to gain privileged access. The vulnerability is tied to the Mediaserver component as part...

9.3CVSS8AI score0.00411EPSS
CVE
CVE
added 2017/09/25 9:0 p.m.42 views

CVE-2016-5868

CVE-2016-5868 affects the Qualcomm networking driver in Android (drivers/net/ethernet/msm/rndis_ipa.c). A crafted application could cause a privileged process to execute arbitrary code, enabling a remote attacker to take control within the affected device. The entry cites this as a vulnerability ...

7.6CVSS7.2AI score0.01444EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2016-5872

CVE-2016-5872 affects Qualcomm components in Android CAF builds that use the Linux kernel, where arguments to several QTEE syscalls are not properly validated. This could allow a crafted input to impact or compromise the kernel under affected conditions, with the CVSS indicating a high-severity, ...

10CVSS7.8AI score0.00836EPSS
Total number of security vulnerabilities8153