Lucene search

K

525 matches found

CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2014-9883

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR56516...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2014-9884

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2014-9890

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualco...

9.3CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.39 views

CVE-2015-6645

SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.

7.1CVSS5.7AI score0.0005EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2015-8938

The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.

9.3CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2016/02/07 1:59 a.m.39 views

CVE-2016-0808

Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka inter...

6.2CVSS6.5AI score0.00017EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.39 views

CVE-2016-0837

MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via a crafted media file, aka ...

10CVSS8.8AI score0.01215EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.39 views

CVE-2016-2439

Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via a long PIN value, aka internal bug 27411268.

8.8CVSS8.2AI score0.01529EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.39 views

CVE-2016-2479

The mm-video-v4l2 vdec component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem ...

9.3CVSS8.1AI score0.00088EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.39 views

CVE-2016-2488

The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.39 views

CVE-2016-2493

The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.39 views

CVE-2016-3751

Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal ...

7.8CVSS8.3AI score0.00099EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.39 views

CVE-2016-3821

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a craft...

9.8CVSS8.8AI score0.01405EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.39 views

CVE-2016-3854

drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm interna...

7.8CVSS7.8AI score0.00083EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.39 views

CVE-2016-3861

LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of serv...

9.3CVSS7.8AI score0.12447EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.39 views

CVE-2016-3914

Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database between two open operation...

9.3CVSS8AI score0.00109EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.39 views

CVE-2016-3918

email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not ensure that certain values are integers, which allows attackers to read arbitrary attachments via a crafted application ...

5.5CVSS6.1AI score0.00105EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.39 views

CVE-2016-6677

The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 30259955.

5.5CVSS5.8AI score0.00063EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.39 views

CVE-2016-6725

A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. A...

10CVSS9.1AI score0.03055EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.39 views

CVE-2016-6738

An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. A...

9.3CVSS7.1AI score0.00065EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.38 views

CVE-2014-9864

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.

9.3CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.38 views

CVE-2014-9877

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qua...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.38 views

CVE-2014-9889

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug ...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.38 views

CVE-2015-8893

app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.

5.5CVSS5.8AI score0.00087EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.38 views

CVE-2015-8941

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qu...

9.3CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.38 views

CVE-2016-0842

The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25818142.

10CVSS8.2AI score0.00791EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.38 views

CVE-2016-2429

libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not prevent free operations on uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupti...

10CVSS8.8AI score0.01215EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.38 views

CVE-2016-2461

OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles resets of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bugs 27324690 and 27696681.

7.6CVSS7.1AI score0.00089EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.38 views

CVE-2016-2464

libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.

9.3CVSS8AI score0.00254EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.38 views

CVE-2016-2468

The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454.

9.3CVSS7.6AI score0.00386EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.38 views

CVE-2016-3753

mediaserver in Android 4.x before 4.4.4 allows remote attackers to obtain sensitive information via unspecified vectors, aka internal bug 27210135.

7.5CVSS7AI score0.00172EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.38 views

CVE-2016-3812

The MediaTek video codec driver in Android before 2016-07-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28174833 and MediaTek internal bug ALPS02688832.

5.5CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.38 views

CVE-2016-3844

mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.38 views

CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.

7.8CVSS7.8AI score0.00092EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.38 views

CVE-2016-3874

CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and...

9.3CVSS7.5AI score0.00135EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.38 views

CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345.

7.2CVSS6.7AI score0.00031EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.38 views

CVE-2016-3881

The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboo...

7.1CVSS5.4AI score0.00396EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.38 views

CVE-2016-3911

core/java/android/os/Process.java in Zygote in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30143607.

9.3CVSS8AI score0.00059EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.38 views

CVE-2016-3935

Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29999665 and Qualcomm int...

9.3CVSS7.6AI score0.00071EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.38 views

CVE-2016-6692

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.

9.8CVSS9.5AI score0.00186EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.38 views

CVE-2016-6704

An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is...

9.3CVSS7.4AI score0.00173EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.38 views

CVE-2016-6710

An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to bypass operating system protections that isolate application data from other applications...

5.5CVSS5.5AI score0.00053EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.38 views

CVE-2016-6729

An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which...

9.3CVSS7.4AI score0.00037EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.38 views

CVE-2016-6737

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, whic...

9.3CVSS7.3AI score0.00037EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.38 views

CVE-2016-6747

A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA N-CVE-2...

7.1CVSS5.7AI score0.00117EPSS
CVE
CVE
added 2016/10/31 10:59 a.m.38 views

CVE-2016-7991

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542.

7.8CVSS7.2AI score0.00077EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.37 views

CVE-2014-9779

arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679.

9.3CVSS6.9AI score0.00123EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.37 views

CVE-2014-9783

drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal ...

9.3CVSS7.5AI score0.00067EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.37 views

CVE-2014-9875

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.37 views

CVE-2014-9898

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qua...

5.5CVSS5.2AI score0.0009EPSS
Total number of security vulnerabilities525