Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/10/10 10:0 a.m.42 views

CVE-2016-6694

CVE-2016-6694 affects the Qualcomm QDSP6v2 driver in Android, specifically the file sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c. The root cause is described as a vulnerability in the parameter data handling that can be exploited via crafted parameter data, enabling a denial of service and possibly...

9.8CVSS9.5AI score0.00949EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.42 views

CVE-2016-6716

CVE-2016-6716 affects the AOSP Launcher on Android 7.0 (before 2016-11-01). The issue allows a local malicious app to create shortcuts that run with elevated privileges without user consent, constituting a local privilege-escalation by bypassing user interaction. Root cause is a bypass of prompts...

5.5CVSS5.8AI score0.00342EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.42 views

CVE-2016-6719

CVE-2016-6719 is an elevation-of-privilege issue in the Bluetooth component of Android. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-11-01; 7.0 before 2016-11-01. Description: a local malicious application could pair with any Bluetooth device without...

5.5CVSS5.8AI score0.00342EPSS
CVE
CVE
added 2016/10/31 10:0 a.m.42 views

CVE-2016-7989

CVE-2016-7989 affects Samsung Galaxy S4–S7. A malformed OTA WAP PUSH SMS containing an OMACP message triggers an unhandled ArrayIndexOutOfBoundsException in Samsung’s WifiServiceImpl (wifi-service.jar), causing the Android runtime to crash repeatedly and render the device unusable until a factory...

7.8CVSS7.1AI score0.00604EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.42 views

CVE-2016-8446

Technical details about CVE-2016-8446 (MediaTek components in Android) are not provided in the connected documents. Public info here is limited to the NVD entry; patch/version/exploit specifics are not included. Monitor for updates.

7.6CVSS7AI score0.00548EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.42 views

CVE-2017-13205

CVE-2017-13205 is described as an information disclosure vulnerability in Android’s media framework (libmpeg2) affecting Android 7.0–8.1. The initial description provides affected versions and an Android ID but no exploitation details. Connected records (Pixel/Nexus bulletin) reference this CVE w...

9.1CVSS7.1AI score0.00641EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.42 views

CVE-2017-15813

CVE-2017-15813: In Android for MSM, Firefox OS for MSM, and QRD Android builds using the Linux kernel in CAF, a buffer overflow can occur when reading firmware logs. The NVD entry shows a high/severe impact with CVSS3.0: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (base 9.8). Connected documents do not p...

9.8CVSS8.9AI score0.0044EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.42 views

CVE-2017-15818

CVE-2017-15818 describes an integer overflow in CAF-built Android stacks (Android for MSM, Firefox OS for MSM, QRD Android) when loading a user application in qseecom. The vulnerability arises in the Linux kernel path used by CAF and can occur if the application partition size rounds up to page_s...

7.8CVSS8.1AI score0.00192EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.42 views

CVE-2017-15859

CVE-2017-15859 is a buffer overrun in the Qualcomm Atheros WLAN stack (qcacld-2.0), triggered when QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB carries fewer than 1 byte in the TXPOWER_SCALE_DECR_DB attribute. Affected: Android for MSM, Firefox OS for MSM, and QRD Android devices prior to ...

7.5CVSS7.5AI score0.00542EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2017-8238

CVE-2017-8238 affects Android CAF builds that use the Linux kernel, with a buffer overflow in a camera function. Documented impact indicates high severity (I/H/A) and local exploitability (CVSSv3: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H); CVSSv2 references network vector in that scheme. Connected rec...

9.3CVSS7.4AI score0.00354EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2017-8253

CVE-2017-8253 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue can allow kernel memory overwrite when an invalid master is sent from userspace, leading to elevation of privilege within the kernel context. The initial document lists it as a high-severity, EoP-typ...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.42 views

CVE-2018-11818

CVE-2018-11818 describes a race condition in CAF Android/Qualcomm MSM kernel drivers where LUT configuration is passed from userspace via ioctl and can race with LUT register updates in the kernel. Affected components include the MDSS/Display path in Android/Linux kernels used on Android for MSM ...

7CVSS6.6AI score0.00138EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.42 views

CVE-2018-11883

CVE-2018-11883 affects CAF-based Android WLAN implementations (Android for MSM, Firefox OS for MSM, QRD Android) running in the Linux kernel. The issue arises in the policy manager unit test: if the mode parameter in the WLAN function is out of bounds, it can trigger an out-of-bounds access when ...

7.8CVSS7.4AI score0.00177EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.42 views

CVE-2018-11889

CVE-2018-11889 affects Android builds using CAF WLAN (Android for MSM, etc.) that rely on the Linux kernel. The vulnerability arises when requesting RSSI timeout, where the local variable context in a WLAN function is freed, potentially leading to access to invalid memory. This could enable memor...

7.8CVSS7.3AI score0.00202EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.42 views

CVE-2018-11891

CVE-2018-11891 is a high-severity issue affecting Qualcomm WLAN HOST code linked to CAF Android/Linux WLAN components. The vulnerability stems from a missing bounds check on array length in the WLAN HOST path, potentially enabling an out-of-bounds read in affected devices. Connected sources corro...

8.8CVSS8.7AI score0.0048EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.42 views

CVE-2018-11902

CVE-2018-11902 affects Qualcomm WLAN host components in Android CAF builds; root cause is lack of length validation for a value received from firmware, leading to out-of-bounds access in WLAN HOST. The CVE is listed with High severity (per Qualcomm’s 2019-10-05 bulletin grouping for WLAN host). N...

7.8CVSS7.4AI score0.00202EPSS
CVE
CVE
added 2018/12/07 2:0 p.m.42 views

CVE-2018-11905

CVE-2018-11905 is a high-severity issue affecting Android CAF builds using the Linux kernel, involving a possible buffer overflow in a WLAN function caused by insufficient input validation of firmware-supplied values. The CVE is documented with a 3.0/3.0 score of 9.8 (CRITICAL) and a network atta...

10CVSS9.4AI score0.00888EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.42 views

CVE-2018-11912

The CVE-2018-11912 entry concerns CAF-based Android/Linux that may allow unprivileged access due to improper daemon configuration. Affected: Android releases for MSM, Firefox OS for MSM, and QRD Android built on CAF Linux kernel. Root cause stated as misconfigured daemons; impact described as unp...

7.8CVSS7.4AI score0.00162EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.42 views

CVE-2018-11986

CVE-2018-11986 : The vulnerability affects Android releases under CAF using the Linux kernel, specifically in the camera subsystem’s microcontroller FIFO (TX/RX) handling that exchanges commands between Micro FW and the CPP driver. The issue is a possible buffer overflow in these FIFOs. The NVD e...

7.8CVSS7.7AI score0.00142EPSS
CVE
CVE
added 2018/08/17 8:0 p.m.42 views

CVE-2018-14981

CVE-2018-14981 affects LG devices running Android 6.0–8.1, where the SystemUI application’s intents grant incorrect access control. The root cause is an access-control fault in SystemUI intents, enabling bypass of security restrictions; exploitation status is not detailed in the provided document...

9.8CVSS9.3AI score0.00565EPSS
CVE
CVE
added 2020/04/08 5:15 p.m.42 views

CVE-2018-21047

The CVE-2018-21047 entry concerns Samsung mobile devices running O(8.x). A FRP (Factory Reset Protection) bypass via the voice assistant exists because Internet access begins before the Setup Wizard finishes, enabling bypass of initial device protection. The Samsung internal identifier is SVE-201...

7.5CVSS7.5AI score0.0035EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.42 views

CVE-2018-3563

CVE-2018-3563 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF kernel prior to the 2018-04-05 security patch level. The root cause is an untrusted pointer dereference in the function apr_cb_func , which can lead to arbitrary code execution. The vulnerability ...

7.8CVSS7.5AI score0.0049EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.42 views

CVE-2018-3572

CVE-2018-3572 is supported by multiple connected records that confirm a vulnerability in Qualcomm audio drivers on Android devices (CAF Android for MSM, Firefox OS for MSM, QRD Android) using the Linux kernel. The root cause is an out-of-bounds risk where an index for a DSP buffer is not checked ...

7.8CVSS7.4AI score0.00165EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.42 views

CVE-2018-3573

CVE-2018-3573 is listed under Qualcomm components as a Bootloader issue. Connected data indicate a vulnerability in the Qualcomm bootloader affecting Android variants (CAF) where, during relocation of kernel images from a crafted boot image, an out-of-bounds access can occur. The sources also pla...

7.8CVSS7.3AI score0.00169EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.42 views

CVE-2018-3576

CVE-2018-3576 describes an improper validation of an array index in the Qualcomm WLAN driver’s sapInterferenceRssiCount() function, causing array out-of-bounds access on Android devices using the Linux kernel (CAF Android for MSM, Firefox OS for MSM, QRD Android). The issue affects Android releas...

7.8CVSS7.2AI score0.00165EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.42 views

CVE-2018-5821

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with CAF builds prior to the 2018-04-05 kernel patch level, CVE-2018-5821 is a memory error in wma_wow_wakeup_host_event() where wake_info->vdev_id from FW is used as an index into wma->interfaces, potentially reading beyond t...

7.5CVSS6.8AI score0.00344EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.42 views

CVE-2018-5824

In CVE-2018-5824, Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android on CAF-based Linux kernels prior to the 2018-04-05 patch level are vulnerable to a buffer overflow when processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages if the firmware tid value is out of r...

7.8CVSS7.5AI score0.0016EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.42 views

CVE-2018-5836

CVE-2018-5836 is elaborated in CNVD-2018-13387 as a Qualcomm WLAN information-disclosure issue affecting Android devices (Pixel/Nexus) prior to 2018-06-05. The root cause is that the wma_nan_rsp_event_handler() path fails to properly validate the data_len value received from firmware, enabling po...

5.5CVSS5.3AI score0.00178EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.42 views

CVE-2018-5850

CVE-2018-5850 affects Android CAF/Linux kernel components. The vulnerability arises from insufficient validation of a key length in csr_update_fils_params_rso(), which can cause an integer underflow and lead to a buffer overflow in affected Android releases using the Linux kernel. Provided docume...

9.3CVSS5.6AI score0.0044EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.42 views

CVE-2018-5855

CVE-2018-5855 affects Qualcomm WLAN Host components within Android CAF builds. The issue arises from padding/shrinking a nested WMI packet, potentially causing a buffer over-read in all CAF Android releases prior to the patched level. According to the CVE entry, this is rated critical (CVSS v3: 9...

10CVSS7AI score0.01121EPSS
CVE
CVE
added 2018/06/15 3:0 p.m.42 views

CVE-2018-5857

In CVE-2018-5857, the issue is a Use-After-Free in the WCD CPE codec used by CAF Android releases (Android for MSM, Firefox OS for MSM, QRD Android) via the Linux kernel. The root cause is a memory management defect in wcd_cpe_core that can be triggered locally. The CVSS metrics indicate a Local ...

7.8CVSS7.3AI score0.00157EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.42 views

CVE-2018-5895

CVE-2018-5895 affects Qualcomm qcacld, specifically the wma_process_utf_event() path in Android on Google Pixel/Nexus devices prior to the 2018-06-05 patch level. The issue is a buffer over-read caused by improper buffer length validation when writing into param_buf->num_wow_packet_buffer, lea...

5.5CVSS5.3AI score0.00166EPSS
CVE
CVE
added 2018/09/19 2:0 p.m.42 views

CVE-2018-5905

CVE-2018-5905 describes a race condition in the Qualcomm Diag driver used in CAF Android builds (Android for MSM, Firefox OS for MSM, QRD Android) that can occur when accessing the number of clients in DIAG services, potentially leading to out-of-bounds access. Affected component is the Diag driv...

7CVSS6.6AI score0.00142EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.42 views

CVE-2018-9444

The CVE-2018-9444 issue affects Android’s media framework, specifically the ih264d_video_decode path in ih264d_api.c. It can cause resource exhaustion via an infinite loop, leading to remote denial of service on affected devices (Android 6.0–7.1.2). Exploitation requires user interaction; no expl...

7.1CVSS5.8AI score0.00532EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.42 views

CVE-2018-9562

CVE-2018-9562 affects Android 9; the flaw is an out-of-bounds read in bta_ag_do_disc of bta_ag_sdp.cc caused by an incorrect parameter size, enabling remote information disclosure without privileges and without user interaction. The issue is listed in Android’s December 2018 security bulletin, wi...

7.5CVSS6.9AI score0.01089EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.42 views

CVE-2018-9571

CVE-2018-9571 affects Android 9, where impd_parse_loud_eq_instructions in impd_drc_dynamic_payload.c allows an out-of-bounds write due to missing bounds checks. This could enable remote code execution with no extra privileges, and exploitation requires user interaction. The vulnerability is docum...

9.3CVSS8.9AI score0.01133EPSS
CVE
CVE
added 2020/03/24 5:53 p.m.42 views

CVE-2019-20541

The CVE-2019-20541 entry concerns Samsung mobile devices running Android P (9.0) on Exynos chipsets, where the Wi-Fi kernel drivers are affected by a stack overflow. Affected Samsung IDs include SVE-2019-14965, 14966, 14968–14970, 14980–14984, 15122–15123 (November 2019). The issue originates in ...

7.8CVSS7.5AI score0.00136EPSS
CVE
CVE
added 2020/03/24 6:50 p.m.42 views

CVE-2019-20579

Samsung reports a vulnerability in the Gallery app on Galaxy devices running N(7.x), O(8.x), and P(9.0) that allows attackers to enable location information sharing from the lock screen. The entry references Samsung ID SVE-2019-14462 (August 2019). No concrete exploit details, affected specific m...

2.4CVSS4AI score0.00136EPSS
CVE
CVE
added 2020/03/24 6:58 p.m.42 views

CVE-2019-20587

CVE-2019-20587 corresponds to a type-confusion vulnerability in Samsung mobile devices running O(8.1) and P(9.0) with TEEGRIS. The issue is in the MLDAP Trustlet, enabling arbitrary code execution due to a type confusion flaw. Samsung ID: SVE-2019-14867 (August 2019). Connected sources (Red Hat, ...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/03/24 7:28 p.m.42 views

CVE-2019-20613

CVE-2019-20613 affects Samsung mobile devices running Android N (7.x) and O (8.x). A time-based SQL injection in the Contacts database is described, with Samsung’s internal ID SVE-2018-13452 (March 2019). Multiple connected sources corroborate a SQL injection vulnerability that can expose or mani...

8.1CVSS8.5AI score0.00362EPSS
CVE
CVE
added 2020/03/24 7:33 p.m.42 views

CVE-2019-20618

The vulnerability CVE-2019-20618 affects Samsung mobile devices on Android P (9.0) where the Pin Window feature allows unauthenticated unpinning of an app. The connected Red Hat/EUVD/CNVD/etc. records mirror the same description and confirm the issue stems from Pin Window behavior; no explicit ro...

7.5CVSS7.6AI score0.00333EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-2075

CVE-2019-2075 affects libxaac on Android 10, where a missing bounds check allows an out-of-bounds write that can lead to remote code execution. Exploitation requires user interaction; impact is remote code execution with high severity in the Android 10 context. The issue is confirmed across multi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-2083

CVE-2019-2083 refers to an out-of-bounds write in the Android libxaac library, caused by a missing bounds check. The vulnerability could enable remote code execution on Android 10, with execution requiring user interaction for exploitation. The connected Red Hat and CNVD entries corroborate the s...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-2162

CVE-2019-2162 affects Android 10 via libxaac, where an out-of-bounds read due to a missing bounds check could lead to remote information disclosure. The vulnerability enables information leakage without additional execution privileges, with user interaction required to exploit. Multiple connected...

6.5CVSS6.4AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:21 p.m.42 views

CVE-2019-2188

CVE-2019-2188 affects the Android kernel’s Easel image driver. The issue is memory corruption caused by race conditions, enabling local escalation of privilege to System level without user interaction. Public patch details or fixed versions are not provided in the supplied documents. No exploitat...

6.9CVSS7.2AI score0.00117EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9288

CVE-2019-9288 affects Android 10 via a missing bounds check in libhidcommand_jni, enabling an out-of-bounds write that could cause local elevation of privilege in the USB service without user interaction. Impact is limited to the USB service and requires no additional privileges. Remediation is a...

6.8CVSS7.2AI score0.00167EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9302

CVE-2019-9302 affects Android 10 via the libAACdec library, where an integer overflow can cause an out-of-bounds write leading to remote code execution. The vulnerability requires user interaction to exploit, with impact described as remote code execution and high severity in the CVSS data. Remed...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9307

CVE-2019-9307 affects Android 10 libAACdec in the Media framework, with an integer overflow causing an out-of-bounds write and remote code execution; user interaction is required for exploitation. Android 10 security release notes indicate fixes with patch level 2019-09-01 or later, but no exploi...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9308

CVE-2019-9308 affects Android 10’s libAACdec. The root cause is an out-of-bounds write caused by an integer overflow, enabling remote code execution with no privileges and requiring user interaction to exploit. Remediation is via Android 10 security updates; devices with a patch level of 2019-09-...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.42 views

CVE-2019-9323

CVE-2019-9323 affects the Android Wallpaper Manager service. The issue is an information disclosure caused by a missing permission check, allowing any application to access the wallpaper image without extra privileges, with no user interaction required. The Android 10 release notes indicate this ...

5.3CVSS5.6AI score0.00487EPSS
Total number of security vulnerabilities8153