Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/12/20 3:0 p.m.42 views

CVE-2018-11961

CVE-2018-11961 affects Qualcomm GPS_AP_LINUX (Android CAF/Linux kernel stack). Root cause: an out-of-bounds vector index when updating GNSS configurations. Impact: local access leading to potential elevation of privilege or code execution as indicated by CVSS metrics (CVSSv3: 7.8 HIGH; local vect...

7.8CVSS7.4AI score0.00178EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.41 views

CVE-2018-11836

CVE-2018-11836 affects Qualcomm WLAN HOST components in CAF Linux kernel builds for Android (Android for MSM, etc.). The issue is an improper length check that can cause out-of-bounds access in WLAN, enabling local, low-privilege exploitation with no user interaction. Documented impact is high (C...

7.8CVSS7.4AI score0.00197EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.41 views

CVE-2018-11840

CVE-2018-11840 describes a double free vulnerability in the WLAN driver ioctl handling in CAF Android/Linux kernel releases. The temporary buffer used to construct the reply can be freed twice, potentially enabling local exploitation with impacts to confidentiality, integrity, and availability as...

7.8CVSS7.5AI score0.00192EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.41 views

CVE-2018-11906

CVE-2018-11906 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built from CAF Linux kernel. The vulnerability is due to default privileged access to ADB and debug-fs, enabling local attackers with low complexity to achieve high-impact confidentiality, integrity, and av...

7.8CVSS7.3AI score0.0018EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.41 views

CVE-2018-11907

CVE-2018-11907 : Affects CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The issue is improper access control that can allow device nodes and executables to be run from /firmware/. The available documents reiterate the impact as a potential issue but ...

7.8CVSS7.3AI score0.00162EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.41 views

CVE-2018-11995

CVE-2018-11995 affects Android builds using CAF components with the Linux kernel. The vulnerability arises from a partition name-check variable that is not reset for every iteration, which can cause improper termination in the META image. The root cause is the variable’s retention across iteratio...

7.8CVSS8AI score0.00202EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.41 views

CVE-2018-13889

CVE-2018-13889 affects Android CAF kernel use-after-free in heap memory, leading to heap access after free in CAF-based Android releases (Android for MSM, Firefox OS for MSM, QRD Android). The vulnerability is tied to the Linux kernel portion used by CAF; the NVD entry shows a base score of 7.2 (...

7.8CVSS5.9AI score0.00184EPSS
CVE
CVE
added 2018/08/17 8:0 p.m.41 views

CVE-2018-15482

CVE-2018-15482 affects LG devices running Android 6.0–8.1, with an incorrect access-control flaw in the MLT application intents. This allows a remote attacker to bypass security restrictions and access the MLT app by sending a crafted request. Impact is described as high/critical in CVSS metrics ...

9.8CVSS9.3AI score0.00666EPSS
CVE
CVE
added 2020/04/08 5:23 p.m.41 views

CVE-2018-21068

The CVE-2018-21068 entry describes a vulnerability affecting Samsung mobile devices running Android O (8.0). In Secure Folder mode, an application can be executed without entering a password through a split-screen scenario. Root cause/details are not fully disclosed in the provided documents; no ...

6.2CVSS6.5AI score0.0015EPSS
CVE
CVE
added 2020/04/08 2:46 p.m.41 views

CVE-2018-21084

Samsung mobile devices running L(5.1), M(6.0), and N(7.x) contain a race condition leading to a read-after-free in get_kek (CVE-2018-21084; Samsung ID SVE-2017-11174). Connected sources confirm the vulnerability exists but do not specify affected models beyond the Android/Samsung platforms or pro...

8.1CVSS8AI score0.00309EPSS
CVE
CVE
added 2020/04/08 2:45 p.m.41 views

CVE-2018-21086

CVE-2018-21086 concerns Samsung mobile devices running L(5.x), M(6.0), and N(7.x). The issue is a race condition that results in a double free in the function vnswap_init_backing_storage . The Samsung internal ID is SVE-2017-11177 (Feb 2018). The CVE description does not specify vendor advisories...

8.1CVSS8.1AI score0.00326EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.41 views

CVE-2018-5822

CVE-2018-5822 describes a buffer overwrite in WLAN firmware affecting Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android on CAF builds prior to the 2018-04-05 patch level. The issue arises from compromised WLAN FW and is mitigated by updating to the 2018-04-05 security patch level (or ...

7.5CVSS6.9AI score0.00421EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.41 views

CVE-2018-5830

CVE-2018-5830 describes a potential buffer overflow in the Android CAF/Linux kernel stack when processing the HTT_T2H_MSG_TYPE_MGMT_TX_COMPL_IND message, affecting Android for MSM, Firefox OS for MSM, and QRD Android builds prior to the 2018-06-05 patch level. Root cause is a buffer overflow in t...

7.8CVSS7.6AI score0.00215EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.41 views

CVE-2018-5843

The connected CNVD entry CNVD-2018-22555 ties CVE-2018-5843 to the Qualcomm Modem driver in Android on Pixel/Nexus, describing a vulnerability in wma_pdev_div_info_evt_handler() where there is no upper bound check on event->num_chains_valid from firmware, allowing a buffer overwrite of the fix...

7.8CVSS7.3AI score0.00168EPSS
CVE
CVE
added 2018/11/27 6:0 p.m.41 views

CVE-2018-5861

CVE-2018-5861 is documented as a heap-overflow risk in CAF Android bootloader code using the Linux kernel, affecting Android for MSM/QRD Android builds with Qualcomm bootloaders. The vulnerability arises from incomplete partition-size checks during loading of secure applications, with CVSS v3.0 i...

7.8CVSS7.6AI score0.00169EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.41 views

CVE-2018-5886

CVE-2018-5886 describes a vulnerability where a pointer in an ADSPRPC command is not properly validated in CAF Android builds using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android). The root cause is improper validation of a pointer in the ADSPRPC path, which can allow access t...

7.5CVSS7.2AI score0.00596EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.41 views

CVE-2018-9457

CVE-2018-9457 concerns Android devices where, in BluetoothPairingController.java during onCheckedChanged, a permissions bypass could allow an attacker to retrieve contact information, leading to local information disclosure without additional privileges and without user interaction. Affected vers...

5.5CVSS5.1AI score0.00162EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.41 views

CVE-2018-9544

CVE-2018-9544 : In Android 9, the Bluetooth BTIF path btif_hd.cc: register_app allows an out-of-bounds read due to a missing bounds check. This can lead to local information disclosure in the Bluetooth service without extra privileges or user interaction. Affected: Android 9. Root cause: insuffic...

5.5CVSS5.6AI score0.00164EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.41 views

CVE-2018-9569

CVE-2018-9569 affects Android 9, involving an out-of-bounds write in impd_init_drc_decode_post_config within impd_drc_gain_decoder.c. The issue originates from an incorrect bounds check, enabling potential remote code execution with no extra privileges required, with user interaction needed for e...

9.3CVSS8.9AI score0.01133EPSS
CVE
CVE
added 2018/12/07 11:0 p.m.41 views

CVE-2018-9577

The CVE-2018-9577 issue affects Android 9 and is caused by a missing bounds check in impd_parametric_drc_parse_gain_set_params within impd_drc_static_payload.c, leading to a possible out-of-bounds write. This could enable remote code execution with user interaction required, as described in the N...

9.3CVSS8.5AI score0.00863EPSS
CVE
CVE
added 2020/03/24 6:54 p.m.41 views

CVE-2019-20583

CVE-2019-20583 affects Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS. The issue is a type confusion in the EXT_FR Trustlet that can lead to arbitrary code execution. Exploitation details are not provided in the documents. The vulnerability is documented across multiple sources con...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/03/24 6:57 p.m.41 views

CVE-2019-20585

The CVE-2019-20585 issue affects Samsung mobile devices running O(8.x) and P(9.0) with TEEGRIS. Root cause: type confusion in the SEC_FR Trustlet that permits arbitrary code execution. Affected component: SEC_FR Trustlet on Samsung devices; Samsung ID SVE-2019-14851. No concrete remediation or ex...

10CVSS9.6AI score0.00864EPSS
CVE
CVE
added 2020/03/24 7:9 p.m.41 views

CVE-2019-20598

The CVE-2019-20598 entry concerns Samsung mobile devices running O(8.x) software where Bixby can leak the keyboard’s learned words and clipboard contents through the lock screen. The vulnerability is documented with Samsung IDs SVE-2018-12896 and SVE-2018-12897. Connected records (e.g., Red Hat C...

2.4CVSS4.3AI score0.00134EPSS
CVE
CVE
added 2020/03/24 7:36 p.m.41 views

CVE-2019-20620

CVE-2019-20620 affects Samsung mobile devices running P (Android 9.0) software. The issue is that the Settings application allows unauthenticated changes, per the Samsung notice referencing SVE-2019-13814 and SVE-2019-13815. Documents do not specify the exact vulnerable component, root cause deta...

7.5CVSS7.6AI score0.00333EPSS
CVE
CVE
added 2020/03/24 7:40 p.m.41 views

CVE-2019-20624

CVE-2019-20624 affects Samsung mobile devices running N(7.x) and O(8.x). The issue involves S-Voice leaking keyboard learned words via the lock screen, exposing partially sensitive user input. The Samsung internal ID SVE-2018-12981 is referenced. Public details across sources are limited to the d...

5.3CVSS5.4AI score0.00328EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-2078

CVE-2019-2078 is a vulnerability in the libxaac library used by Android 10. It arises from a missing bounds check causing an out-of-bounds write, potentially enabling remote code execution. Exploitation would require user interaction. Multiple connected sources (e.g., Red Hat and CNVD records) co...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-2087

CVE-2019-2087 affects Android 10 libxaac. Root cause: out-of-bounds write from a missing bounds check, enabling remote code execution with no privileges and requiring user interaction. Mitigation: apply patches as part of Android 10 updates; devices with a security patch level of 2019-09-01 or la...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/08/20 7:55 p.m.41 views

CVE-2019-2127

CVE-2019-2127 affects Android Media Framework: memory corruption via a use-after-free in AudioInputDescriptor::setClientActive. This can enable local elevation of privilege with no extra execution privileges and no user interaction required. Affected versions include Android 7.0–9.0. The issue is...

7.8CVSS8.3AI score0.0017EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-2141

The CVE-2019-2141 issue affects Android 10, specifically the libxaac library. The root cause is an out-of-bounds write due to a missing bounds check in libxaac, which could enable remote code execution. The vulnerability is described as requiring user interaction for exploitation and having poten...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-2157

CVE-2019-2157 describes an out-of-bounds read in libxaac leading to information disclosure on Android 10 due to a missing bounds check. The issue requires user interaction to exploit and could be triggered over the network according to CVSS guidance in the public records. Connected sources confir...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9246

CVE-2019-9246 describes an out-of-bounds read in the Android NFC stack due to a missing bounds check. This could allow local information disclosure on affected devices and requires user interaction for exploitation. The vulnerability is associated with Android 10 (Android-10). According to the An...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9263

CVE-2019-9263 affects Android 10 telephony and describes a bypass of user interaction requirements due to missing permission checks. This can enable local elevation of privilege with no additional execution privileges needed, and exploitation does not require user interaction. The issue is charac...

7.8CVSS8.1AI score0.00145EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9279

CVE-2019-9279 maps to Android 10’s wifi hotspot service vulnerability: a null pointer dereference causes a remote DoS without user interaction. Affected component is the wifi hotspot service in Android 10; exploitation results in denial of service (availability impact) with network access as the ...

7.5CVSS7.6AI score0.00987EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9312

The CVE-2019-9312 entry concerns Android 10 Bluetooth: an out-of-bounds read caused by a missing bounds check in Bluetooth could disclose local information without extra privileges and without user interaction. Affected component is Bluetooth stack on Android 10 (Android ID A-78288018). Reported ...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9326

CVE-2019-9326 affects Android 10 Bluetooth: a missing bounds check in the Bluetooth stack enables an out-of-bounds read that can disclose remote information without requiring privileges or user interaction. Impact is information disclosure; CVSS v3.1 base score 7.5 (HIGH), network attack vector, ...

7.5CVSS7.2AI score0.00804EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9334

CVE-2019-9334 concerns the Android 10 ecosystem where a vulnerability in the Media/Library stack (libhevc) allows information disclosure via uninitialized data. The issue affects Android 10 and is described as enabling remote information disclosure with no additional execution privileges; exploit...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9361

The CVE-2019-9361 entry concerns Android 10’s libavc (media framework) with an information-disclosure flaw caused by uninitialized data. Affected component: libavc in Android 10 (Android-10). Impact: potential remote information disclosure without executing code; exploitation requires user intera...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9379

CVE-2019-9379 affects the Android 10 libstagefright component. The issue is a resource-exhaustion DoS caused by a missing bounds check in a multimedia processing path. The impact is remote denial of service with no privileges required, and exploitation requires user interaction. There is no docum...

7.1CVSS6.8AI score0.00685EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9395

CVE-2019-9395 affects Android 10 Bluetooth. A missing bounds check can cause controlled termination, leading to remote DoS without privileges and without user interaction. Impact: availability loss; threat vector: network. Root cause: out-of-bounds condition in Bluetooth handling. Mitigation: app...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9399

CVE-2019-9399 affects Android 10 Print Service. Root cause: improper use of cryptography enabling MITM and remote information disclosure without privileges or user interaction. Impact: partial confidentiality loss. Exploit status not detailed in provided docs. Remediation: apply Android 10 securi...

5.9CVSS6AI score0.00442EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.41 views

CVE-2019-9438

The CVE-2019-9438 entry affects Android 10 Package Manager service. It enables information disclosure to other users via a confused deputy, allowing local disclosure of information about installed packages without extra execution privileges and without user interaction. The documented impact is a...

3.3CVSS4.4AI score0.00138EPSS
CVE
CVE
added 2020/03/15 9:17 p.m.41 views

CVE-2019-9473

CVE-2019-9473 affects the Android 10 Bluetooth stack. The issue is an out-of-bounds read caused by a missing bounds check in Bluetooth code, leading to remote information disclosure without extra execution privileges. Exploitation does not require user interaction and can be achieved over the net...

7.5CVSS7.3AI score0.00804EPSS
CVE
CVE
added 2020/03/10 7:56 p.m.41 views

CVE-2020-0042

The CVE-2020-0042 issue affects the FPC Fingerprint TEE in Android’s fpc_ta_hw_auth_qsee.c. The root cause is a missing bounds check that enables an out-of-bounds read. This could allow local information disclosure and requires system privileges if exploited, with no user interaction needed. Expl...

4.4CVSS4.3AI score0.00158EPSS
CVE
CVE
added 2020/03/10 8:0 p.m.41 views

CVE-2020-0059

CVE-2020-0059 : An out-of-bounds read in the Android Bluetooth stack (btm_ble_batchscan_filter_track_adv_vse_cback in btm_ble_batchscan.cc) due to a missing bounds check could disclose information locally without privileges. Affected: Android 10 devices; impact described as information disclosure...

5.5CVSS5.7AI score0.00156EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0128

CVE-2020-0128 affects Android 10 and is described as an out-of-bounds read in the AMPEG4ElementaryAssembler during addPacket, caused by an integer overflow. The impact is information disclosure via remote access without user interaction. The vulnerability is documented across multiple sources (NV...

7.5CVSS7.4AI score0.00804EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0139

CVE-2020-0139 affects Android 10. The vulnerability is a flaw in NDEF_MsgValidate (ndef_utils.c) where an integer overflow can cause an out-of-bounds read, potentially enabling local information disclosure when a malformed NFC tag is processed by the firmware. Exploitation is described as requiri...

4.4CVSS5AI score0.00143EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0162

CVE-2020-0162 affects Android’s Media Framework (MPEG4Extractor.cpp). The vulnerability arises from improper input validation in parseSampleAuxiliaryInformationOffsets, enabling resource exhaustion that could lead to remote Denial of Service on Android 10. The issue’s impact is a DoS with partial...

6.5CVSS6.9AI score0.00635EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0164

CVE-2020-0164 is an Android/Pixel vulnerability affecting the NFC subsystem. In the function phNxpNciHal_NfcDep_cmd_ext within phNxpNciHal_NfcDepSWPrio.cc, there is an out-of-bounds read caused by a missing bounds check, enabling local information disclosure and potential system-level code execut...

4.4CVSS4.9AI score0.00183EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0170

CVE-2020-0170 affects Android 10, with the vulnerability located in IMY_Event within eas_imelody.c. The issue is a missing bounds check in a resource-management path that can cause resource exhaustion, leading to remote denial of service. Exploitation requires user interaction. The provided docum...

6.5CVSS6.8AI score0.00752EPSS
CVE
CVE
added 2020/06/11 2:43 p.m.41 views

CVE-2020-0171

CVE-2020-0171 affects Android 10; in Parse_lart of eas_mdls.c, a missing bounds check can cause resource exhaustion leading to remote denial of service. Exploitation requires user interaction. Affected platform details are reflected in Google's Pixel bulletin (patch level 2020-06-05 or later) and...

6.5CVSS6.8AI score0.00762EPSS
Total number of security vulnerabilities8153