Lucene search

K

525 matches found

CVE
CVE
added 2016/05/09 10:59 a.m.42 views

CVE-2016-2432

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.

9.3CVSS7.5AI score0.00044EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.42 views

CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer....

5.5CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.42 views

CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.

9.3CVSS7.8AI score0.0017EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.42 views

CVE-2016-3915

camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.

9.3CVSS8AI score0.00135EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.42 views

CVE-2016-3938

drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232.

9.3CVSS8AI score0.00073EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.42 views

CVE-2016-6734

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which m...

9.3CVSS7.4AI score0.00108EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.41 views

CVE-2014-9785

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747.

9.3CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.41 views

CVE-2014-9873

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR5568...

7.8CVSS7.3AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.41 views

CVE-2014-9893

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm in...

5.5CVSS5.2AI score0.0009EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.41 views

CVE-2014-9902

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and...

10CVSS9AI score0.03882EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.41 views

CVE-2015-8937

drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.41 views

CVE-2015-8940

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.

9.3CVSS7.6AI score0.00059EPSS
CVE
CVE
added 2016/02/07 1:59 a.m.41 views

CVE-2016-0804

The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code ...

10CVSS9.4AI score0.01215EPSS
CVE
CVE
added 2016/03/12 9:59 p.m.41 views

CVE-2016-0816

mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803.

10CVSS8.8AI score0.02229EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.41 views

CVE-2016-2425

mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.

5.5CVSS5.6AI score0.00125EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.41 views

CVE-2016-2435

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.

9.3CVSS7.5AI score0.00061EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.41 views

CVE-2016-3775

The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X, Nexus 6, Nexus 6P, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28588279.

9.3CVSS7.3AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.41 views

CVE-2016-3806

The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.41 views

CVE-2016-3815

The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28522274.

5.5CVSS5.4AI score0.00062EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.41 views

CVE-2016-3880

Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted ...

7.1CVSS5.8AI score0.00479EPSS
CVE
CVE
added 2016/12/13 7:59 p.m.41 views

CVE-2016-6711

A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibil...

7.1CVSS5.2AI score0.00472EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.41 views

CVE-2016-6740

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ...

9.3CVSS7.5AI score0.00065EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.40 views

CVE-2013-7457

Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.

10CVSS7.4AI score0.00058EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.40 views

CVE-2014-9787

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.

9.3CVSS7.6AI score0.00071EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.40 views

CVE-2014-9868

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal ...

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.40 views

CVE-2014-9878

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.

7.8CVSS7.6AI score0.00076EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.40 views

CVE-2015-6640

The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted applicat...

9.3CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.40 views

CVE-2015-6642

The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.

9.8CVSS8.9AI score0.00138EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.40 views

CVE-2016-2419

media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demo...

10CVSS7.7AI score0.00201EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.40 views

CVE-2016-2421

Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.

6.6CVSS6.2AI score0.00014EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2441

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602.

7.6CVSS7AI score0.00035EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2442

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.

7.6CVSS7AI score0.00058EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2448

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as dem...

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2451

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig...

9.3CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2463

Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media f...

8.4CVSS8.4AI score0.00615EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2469

The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992.

9.3CVSS7.6AI score0.00134EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2491

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.

9.3CVSS7.9AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2494

Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.

9.3CVSS8AI score0.01072EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.40 views

CVE-2016-3809

The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.

5.5CVSS5.7AI score0.00072EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.40 views

CVE-2016-3933

mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.40 views

CVE-2016-6678

The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434.

5.5CVSS5.8AI score0.00109EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.40 views

CVE-2016-6683

The kernel in Android before 2016-10-05 on Nexus devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30143283.

5.5CVSS5.6AI score0.00063EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.40 views

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High becau...

5.9CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.40 views

CVE-2016-6730

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which m...

9.3CVSS7AI score0.00102EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.40 views

CVE-2016-6741

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ...

9.3CVSS7.5AI score0.00065EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.40 views

CVE-2016-6746

An information disclosure vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. A...

5.5CVSS5.2AI score0.00072EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.39 views

CVE-2014-9777

The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android interna...

9.3CVSS7.5AI score0.0007EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.

9.3CVSS7.3AI score0.00059EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2014-9865

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.

9.3CVSS7.5AI score0.00052EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2014-9879

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.

7.8CVSS7.5AI score0.00076EPSS
Total number of security vulnerabilities525