Android Security Vulnerabilities and Issues — Page 146 of Android CVE List

4.4CVSS4.6AI score0.0001EPSS

CVE-2023-42684

In gsp driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

5.5CVSS5.3AI score0.00011EPSS

CVE-2023-42709

In firewall service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

5.5CVSS5.3AI score0.00012EPSS

CVE-2023-42710

5.5CVSS5.3AI score0.00023EPSS

CVE-2023-42741

In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed

CVE•added 2024/01/18 3:15 a.m.•29 views

CVE-2023-48345

In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed

5.5CVSS5.4AI score0.00012EPSS

CVE•added 2017/05/16 2:29 p.m.•28 views

CVE-2016-10237

If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.

9.3CVSS7.4AI score0.00051EPSS

CVE•added 2016/05/09 10:59 a.m.•28 views

CVE-2016-2440

libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896.

9.3CVSS7.4AI score0.00043EPSS

CVE•added 2016/05/09 10:59 a.m.•28 views

CVE-2016-2458

The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly restrict attachments, which allows attackers to obtain sensitive information via a crafted application, related to ComposeActivity.java and ComposeActivityEmail.java...

5.5CVSS5.5AI score0.00125EPSS

CVE•added 2016/06/13 1:59 a.m.•28 views

CVE-2016-2478

mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or Signatur...

9.3CVSS8AI score0.00043EPSS

CVE•added 2016/07/11 1:59 a.m.•28 views

CVE-2016-3749

server/LockSettingsService.java in LockSettingsService in Android 6.x before 2016-07-01 allows attackers to modify the screen-lock password or pattern via a crafted application, aka internal bug 28163930.

8.4CVSS7.6AI score0.00019EPSS

7.5CVSS7.3AI score0.00053EPSS

CVE-2016-3760

Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.

CVE-2016-3774

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.

CVE-2016-3795

The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.

CVE-2016-3798

The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.

CVE-2016-3807

The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

7.8CVSS7.5AI score0.00023EPSS

CVE-2016-3825

mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.

7.1CVSS5.7AI score0.00192EPSS

CVE-2016-3829

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.

9.3CVSS7.7AI score0.00173EPSS

CVE-2016-3843

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 a...

5.5CVSS5.7AI score0.00012EPSS

CVE-2016-3853

Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.

CVE•added 2016/09/11 9:59 p.m.•28 views

CVE-2016-3859

The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.

9.3CVSS7.5AI score0.00071EPSS

CVE•added 2016/11/25 4:59 p.m.•28 views

CVE-2016-3907

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

5.5CVSS5.1AI score0.00072EPSS

CVE•added 2017/04/17 4:59 p.m.•28 views

CVE-2016-6726

Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.

10CVSS9.2AI score0.00106EPSS

CVE•added 2020/04/07 2:15 p.m.•28 views

CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).

6.5CVSS6.5AI score0.00089EPSS

CVE•added 2018/09/18 6:29 p.m.•28 views

CVE-2018-11869

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.

7.8CVSS7.6AI score0.00044EPSS

CVE•added 2018/11/27 6:0 p.m.•28 views

CVE-2018-11914

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /systemrw/ which presents a potential security.

7.8CVSS7.4AI score0.00025EPSS

CVE•added 2020/04/08 6:15 p.m.•28 views

CVE-2018-21061

An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018).

6.8CVSS6.8AI score0.00017EPSS

CVE•added 2018/07/06 5:29 p.m.•28 views

CVE-2018-5889

While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

7.8CVSS7.6AI score0.00017EPSS

CVE•added 2018/11/27 6:0 p.m.•28 views

CVE-2018-5908

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible buffer overflow in display function due to lack of buffer length validation before copying.

7.8CVSS7.6AI score0.00038EPSS

CVE•added 2018/10/02 7:29 p.m.•28 views

CVE-2018-9473

In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 And...

9.3CVSS7.9AI score0.0034EPSS

CVE•added 2018/11/14 6:29 p.m.•28 views

CVE-2018-9533

In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID...

8.8CVSS8.8AI score0.00409EPSS

CVE•added 2020/03/24 6:15 p.m.•28 views

CVE-2019-20536

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) (released in China) software. The Firewall application mishandles the PermissionWhiteLists protection mechanism. The Samsung ID is SVE-2019-14299 (November 2019).

9.8CVSS9.4AI score0.00129EPSS

CVE•added 2020/03/24 8:15 p.m.•28 views

CVE-2019-20624

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. S-Voice leaks keyboard learned words via the lock screen. The Samsung ID is SVE-2018-12981 (February 2019).

5.3CVSS5.4AI score0.00084EPSS

8.8CVSS9AI score0.00409EPSS

CVE-2019-2076

In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115907334

CVE-2019-2147

In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116474108

CVE-2019-2161

In libxaac there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112553431

CVE-2019-2163

CVE-2019-2168

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118492594

CVE-2019-2171

6.9CVSS7.2AI score0.0001EPSS

CVE-2019-2189

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112312381

6.5CVSS6.5AI score0.00244EPSS

CVE-2019-9317

In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052258

7.5CVSS7.2AI score0.00312EPSS

CVE-2019-9342

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214470