Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2009/08/03 6:0 p.m.64 views

CVE-2009-2656

The CVE-2009-2656 entry concerns an unspecified vulnerability in the com.android.phone process on Android 1.0/1.1/1.5 that allows remote attackers to cause a denial of service (network disconnection) by sending a crafted SMS. The issue was demonstrated by Collin Mulliner and Charlie Miller at Bla...

5CVSS6.5AI score0.00983EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.64 views

CVE-2014-7915

The CVE relates to an integer overflow in SampleTable.cpp of Android’s libstagefright (Android before 5.0.0; some references extend to related 4.x/5.x lines). The root cause is an integer overflow in SampleTable.cpp in libstagefright, leading to unspecified impact per early descriptions, with fol...

10CVSS6.9AI score0.00623EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.64 views

CVE-2015-3834

Technical details about CVE-2015-3834 are not publicly available in the provided connected documents. The initial entry describes the vulnerability but lacks corroborating specifics in the connected sources. Monitor for updates and new disclosures.

10CVSS7.7AI score0.01223EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.64 views

CVE-2015-3836

The CVE-2015-3836 entry concerns Android devices affected by a buffer overflow in the Sonivox Parse_wave routine (arm-wt-22k/lib_src/eas_mdls.c) used by the DLS-to-EAS converter. The issue arises because a negative value in a size field is not rejected, enabling remote attackers to execute arbitr...

10CVSS8AI score0.02804EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.64 views

CVE-2015-6608

Mediaserver on Android is affected: versions 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 are vulnerable to remote code execution or memory corruption via a crafted media file. Root cause cited as memory corruption in mediaserver. CVE-2015-6608 is the umbrella entry; associated internal bugs...

10CVSS7.6AI score0.02359EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.64 views

CVE-2015-6617

CVE-2015-6617 affects Skia in Android builds prior to 5.1.1 LMY48Z and 6.0 before 2015-12-01. A crafted media file could cause memory corruption, enabling remote code execution or a denial of service. The issue is addressed in Nexus updates (Builds LMY48Z+ and Android 6.0 with patch level 2015-12...

9.3CVSS9.2AI score0.0227EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.64 views

CVE-2016-0809

CVE-2016-0809 is a use-after-free in the wifi_cleanup function of Broadcom’s Wi‑Fi driver (bcmdhd/wifi_hal/wifi_hal.cpp) used by Android 6.x. The issue could allow local privilege escalation when an attacker with physical access executes a crafted app. Affected: Android 6.x prior to 2016-02-01. R...

8.8CVSS8.5AI score0.00555EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.64 views

CVE-2016-0828

The CVE concerns Android mediaserver: BnGraphicBufferConsumer::onTransact in libs/gui/IGraphicBufferConsumer.cpp failing to initialize a slot variable. This uninitialized state can let a remote attacker trigger an ATTACH_BUFFER action to read sensitive data and bypass a protection mechanism. Affe...

7.5CVSS7.3AI score0.00749EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.64 views

CVE-2016-2489

CVE-2016-2489 is an elevation-of-privilege vulnerability in the Qualcomm video driver for Android, affecting Nexus devices (Nexus 5, 5X, 6, 6P) before 2016-06-01. A crafted local application could trigger memory/cpu access in the Qualcomm video driver, enabling code execution with kernel privileg...

9.3CVSS8AI score0.00502EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.64 views

CVE-2017-0413

CVE-2017-0413 is an information-disclosure vulnerability in AOSP Messaging on Android (versions 6.0, 6.0.1, 7.0, 7.1.1). The issue could allow a local malicious application to bypass OS protections that isolate app data, exposing data the app should not access. The description and connected sourc...

5.5CVSS5.2AI score0.00653EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.64 views

CVE-2017-0415

CVE-2017-0415 is an elevation of privilege in Android’s Mediaserver. A local attacker could exploit this to run arbitrary code with privileged process rights. Affected versions: Android 6.0, 6.0.1, 7.0, 7.1.1 (Mediaserver). The provided connected documents identify the issue but do not specify a ...

9.3CVSS7.2AI score0.00911EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.64 views

CVE-2017-0420

CVE-2017-0420 is an information-disclosure vulnerability in AOSP Mail. A local malicious app could bypass OS protections that isolate app data, potentially accessing data from other apps. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected sources conf...

5.5CVSS4.9AI score0.00653EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.64 views

CVE-2017-0430

CVE-2017-0430 affects Android, involving an elevation of privilege in the Broadcom Wi‑Fi driver that could allow a local malicious application to execute arbitrary code in the kernel context. Affected components are Android kernels 3.10 and 3.18 with Broadcom Wi‑Fi driver involvement; the issue i...

9.3CVSS7.2AI score0.00888EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.64 views

CVE-2017-0446

CVE-2017-0446: Elevation of privilege in the HTC touchscreen driver on Android kernel 3.18, allowing a local attacker to execute arbitrary code in kernel context. Exploitation requires compromising a privileged process and local access. Publicly available patch/fix details are not provided in the...

7.6CVSS6.6AI score0.00863EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.64 views

CVE-2017-0472

CVE-2017-0472 involves a remote code execution in Android’s Mediaserver triggered by specially crafted media files, leading to memory corruption during media/file processing. Affected products and versions (per sources) include Android 6.0–7.1.1. The issue is described as Critical due to potentia...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.64 views

CVE-2017-0509

CVE-2017-0509 is an elevation-of-privilege in the Broadcom Wi‑Fi driver that could let a local malicious app execute arbitrary code in the kernel. Affected product: Android. Root cause: Broadcom Wi‑Fi driver vulnerability enabling local code execution with no privileges required and user interact...

9.3CVSS7.2AI score0.00761EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.64 views

CVE-2017-0549

CVE-2017-0549 describes a remote denial-of-service vulnerability in Mediaserver’s libavc component used by Android. A specially crafted file could cause memory/processing issues in Mediaserver, allowing a device hang or reboot. Affected products/versions cited: Android 6.0, 6.0.1, 7.0, 7.1.1. The...

7.1CVSS5.7AI score0.00712EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.64 views

CVE-2017-0565

CVE-2017-0565 is a local elevation-of-privilege vulnerability in the MediaTek thermal driver on Android. A local malicious application can execute arbitrary code in the kernel context by exploiting the thermal driver. The issue is classified as High severity; exploitation requires compromising a ...

7.6CVSS6.9AI score0.00783EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.64 views

CVE-2017-0594

CVE-2017-0594 affects Android Mediaserver’s Mediaserver component, specifically codecs/aacenc/SoftAACEncoder2.cpp in libstagefright. The issue is an elevation of privilege vulnerability that could allow a local malicious application to execute arbitrary code within the context of a privileged pro...

9.3CVSS7.2AI score0.00728EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.64 views

CVE-2017-0635

CVE-2017-0635 describes a remote denial-of-service in Android’s Mediaserver, via HevcUtils.cpp in libstagefright. An attacker can craft a file that causes a device hang or reboot. Affected products/versions (per the provided doc): Android 7.0, 7.1.1, and 7.1.2. The vulnerability arises from proce...

7.1CVSS5.4AI score0.00425EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.64 views

CVE-2017-0777

CVE-2017-0777 is an information-disclosure vulnerability in the Android media framework affecting Android 7.0, 7.1.1 and 7.1.2. The supplied documents state an information-disclosure issue but do not specify the exact root cause, vulnerable component versioning beyond the Android OS versions, or ...

5.5CVSS5.8AI score0.00398EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.64 views

CVE-2017-0798

CVE-2017-0798 is an elevation of privilege vulnerability in the MediaTek kernel within Android’s kernel. The issue affects MediaTek kernel components (kernel level) and is classified as an EoP with High impact, enabling a local attacker with some access to gain higher privileges. The CVE entry re...

9.3CVSS8AI score0.00416EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.64 views

CVE-2017-0841

CVE-2017-0841 describes a remote code execution vulnerability in Android’s libutils affecting Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID: A-37723026). The Connected documents corroborate the affected component (libutils) and the Android product, but do not p...

9.3CVSS7.7AI score0.01337EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.64 views

CVE-2017-13176

CVE-2017-13176 refers to a vulnerability in Android where the parseURL function of URLStreamHandler performs improper input validation of the host field. Exploitation could enable remote elevation of privilege with user interaction required, across Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, ...

9.3CVSS8.2AI score0.01202EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.64 views

CVE-2017-13277

CVE-2017-13277 affects Android’s ihevcd_fmt_conv.c, with an out-of-bounds write due to a missing bounds check. This could enable remote code execution and requires user interaction to exploit. Affected versions include Android 6.0 through 8.1. The issue is documented in multiple sources, all attr...

9.3CVSS7.9AI score0.01038EPSS
CVE
CVE
added 2020/04/08 5:44 p.m.64 views

CVE-2018-21057

CVE-2018-21057 concerns a stack-based buffer overflow in the Shannon Baseband on Samsung mobile devices running N(7.x), O(8.x), and P(9.0) (Exynos chipsets). The vulnerability is identified by Samsung as SVE-2018-12757. Publicly provided details in the connected documents confirm the affected sub...

10CVSS9.7AI score0.00561EPSS
CVE
CVE
added 2024/11/27 11:42 p.m.64 views

CVE-2018-9374

CVE-2018-9374 affects Android’s PackageManagerService.java, specifically installPackageLI, enabling a possible permissions bypass that could lead to local elevation of privilege. Exploitation would require local user privileges with no user interaction, per the CVE description. The issue is liste...

7.8CVSS9AI score0.00084EPSS
CVE
CVE
added 2024/12/04 5:17 p.m.64 views

CVE-2018-9393

CVE-2018-9393 affects the MTK WLAN driver: a possible out-of-bounds write in procfile_write() of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c due to a missing bounds check. This can lead to local privilege escalation with System execution privileges; exploitation reportedly doe...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2024/12/04 11:14 p.m.64 views

CVE-2018-9400

The CVE-2018-9400 issue affects Mediatek GT1151 touchscreen drivers (GT1151/gt1x_generic.c and gt1x_tools.c). Root cause: missing bounds check enabling an out-of-bounds write in gt1x_debug_write_proc and gt1x_tool_write. Impact: local escalation of privilege with System execution privileges requi...

7.8CVSS6.9AI score0.00084EPSS
CVE
CVE
added 2024/12/04 11:39 p.m.64 views

CVE-2018-9462

CVE-2018-9462 describes an out-of-bounds write in the Android kernel component ftm4_pdc.c, within the store_cmd function, caused by an incorrect bounds check. This can enable local escalation of privilege to system execution privileges, with no user interaction required. The description specifies...

7.8CVSS6.7AI score0.00084EPSS
CVE
CVE
added 2019/05/08 4:28 p.m.64 views

CVE-2019-2050

CVE-2019-2050 affects Android 8.0–9 due to a use-after-free in tearDownClientInterface() within WificondControl.java caused by improper locking. This enables local elevation of privilege with no additional execution privileges and no user interaction required. Public docs indicate a platform-wide...

7.8CVSS7.7AI score0.00138EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.64 views

CVE-2019-2145

CVE-2019-2145 is a vulnerability in the Android libxaac library (Android-10) causing an information-disclosure via an out-of-bounds read due to missing bounds checks. The exploit requires user interaction and could allow partial confidentiality impact, with higher impact if exploited in context. ...

6.5CVSS6.4AI score0.00583EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.64 views

CVE-2019-9269

CVE-2019-9269 is an Android 10 elevation-of-privilege issue described as a local permissions bypass in System Settings caused by a cached Linux user ID. The vulnerability could allow a local attacker to bypass permissions with no additional execution privileges required; exploitation reportedly r...

7.3CVSS7.3AI score0.00154EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.64 views

CVE-2019-9344

CVE-2019-9344 affects Android 10 NFC server and involves an out-of-bounds read due to a missing bounds check, enabling local information disclosure. The vulnerability targets NFC server components and can be exploited with user interaction; no remote access is indicated. While NVD lists CVSS scor...

5CVSS5.3AI score0.00164EPSS
CVE
CVE
added 2020/01/08 6:31 p.m.64 views

CVE-2020-0004

CVE-2020-0004 affects Android 8.0–10 in WallpaperManagerService.generateCrop, where processing an image that exceeds the maximum texture size can trigger a local DoS in the systemui. The root cause is an image-texture handling issue in WallpaperManagerService.java. The vulnerability is local and ...

5.5CVSS5.3AI score0.00148EPSS
CVE
CVE
added 2020/01/08 6:32 p.m.64 views

CVE-2020-0006

CVE-2020-0006 affects Android 8.0–10, with a heap information-disclosure in rw_i93_send_cmd_write_single_block (rw_i93.cc). The underlying issue is uninitialized data leading to remote information disclosure in the NFC server; exploitation requires user interaction. Impact per the sources is info...

6.5CVSS6.2AI score0.00769EPSS
CVE
CVE
added 2020/09/18 3:5 p.m.64 views

CVE-2020-0334

CVE-2020-0334 is described as an NFC out-of-bounds write on Android 11 that enables local privilege escalation without user interaction. Affected component: NFC handling in Android 11; root cause: missing bounds check leading to out-of-bounds write. Impact is listed as local elevation of privileg...

6.7CVSS7.2AI score0.00153EPSS
CVE
CVE
added 2020/11/08 4:4 a.m.64 views

CVE-2020-28345

CVE-2020-28345 affects LG mobile devices running Android 10. The issue is in the Wi‑Fi subsystem, where a missing NULL parameter check can cause a crash. This is described in multiple sources (e.g., NVD/Red Hat entries) with no public details on a fix in the provided documents. Impact is indicate...

7.5CVSS7.5AI score0.0041EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.64 views

CVE-2021-0674

CVE-2021-0674 affects the ALAC (ALAC decoder) used in MediaTek and related chipsets. The issue is an out-of-bounds read caused by an incorrect bounds check in the ALAC decoder, leading to local information disclosure without user interaction. Affected state: local access, no privileges required. ...

5.5CVSS5.7AI score0.00511EPSS
CVE
CVE
added 2022/08/11 3:6 p.m.64 views

CVE-2021-0975

CVE-2021-0975 affects Android 13 with a side-channel in USB Manager that can reveal whether an app is installed without query permissions. This enables local information disclosure of installed packages with no extra execution privileges and no user interaction required. Exploitation status is no...

5.5CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2021/12/15 6:5 p.m.64 views

CVE-2021-1041

CVE-2021-1041 is documented in multiple sources as a local, memory-corruption–related information-disclosure vulnerability affecting Android kernel components, with Pixel’s bulletin identifying it under the Camera entry and rating it High severity. The core issue is described as an out-of-bounds ...

5.5CVSS5.1AI score0.00114EPSS
CVE
CVE
added 2021/03/04 8:58 p.m.64 views

CVE-2021-25335

Technical details about CVE-2021-25335 are not publicly available in the provided connected documents. No affected product/version specifics or exploitation details are given here. Monitor for updates from Samsung security advisories and NVD entries.

2.5CVSS4.1AI score0.00111EPSS
CVE
CVE
added 2021/03/04 9:4 p.m.64 views

CVE-2021-25344

The CVE-2021-25344 issue affects Samsung knox_custom service (mobile app). Root cause: missing privilege check in knox_custom before SMR Mar-2021 Release 1. Impact: attacker may access the device serial number without permission (local attack). Public details confirm the vulnerability and timing;...

6.2CVSS5.6AI score0.00118EPSS
CVE
CVE
added 2021/03/04 9:5 p.m.64 views

CVE-2021-25347

CVE-2021-25347 affects the Samsung Email application. A hijacking vulnerability in versions prior to the SMR Feb-2021 Release 1 could allow an attacker to intercept when the provider is executed. The available documents consistently describe interception as the impact, but do not provide detailed...

5.3CVSS5.2AI score0.00114EPSS
CVE
CVE
added 2021/04/09 5:36 p.m.64 views

CVE-2021-25365

CVE-2021-25365 concerns an improper exception control in the Samsung softsimd component prior to SMR APR-2021 Release 1. The vulnerability allows unprivileged applications to access the softsimd API. The entry is tied to Samsung SMR APR-2021 Release 1, indicating a patch/maintenance release in th...

7.8CVSS7.5AI score0.00111EPSS
CVE
CVE
added 2021/08/11 11:12 p.m.64 views

CVE-2021-38591

CVE-2021-38591 affects LG mobile devices running Android P/Q on mt6762/mt6765/mt6883. Root cause: misconfiguration of a debug command that allows attackers to modify NvRAM content. Documented impact is limited to NvRAM manipulation; no exploit details or in‑the‑wild data are provided. No remediat...

3.3CVSS4.3AI score0.00104EPSS
CVE
CVE
added 2022/07/13 6:27 p.m.64 views

CVE-2022-20212

The vulnerability CVE-2022-20212 affects Android (Android-10 and Android-11) via wifi.RequestToggleWifiActivity in AndroidManifest.xml, enabling a tapjacking/overlay-based Elevation of Privilege. The underlying issue is a local EoP that can be exploited with user interaction, leading to a higher-...

7.8CVSS7.6AI score0.00113EPSS
CVE
CVE
added 2022/08/11 3:9 p.m.64 views

CVE-2022-20249

CVE-2022-20249 affects Android 13 via a side-channel vulnerability in the LocaleManager that can disclose whether an app is installed without query permissions, enabling local information disclosure with no extra execution privileges. The root cause is information leakage through a locale-related...

3.3CVSS4.2AI score0.0009EPSS
CVE
CVE
added 2022/08/11 3:22 p.m.64 views

CVE-2022-20304

CVE-2022-20304 affects Android 13 and describes a side-channel information disclosure that can determine a user’s account, enabling local information disclosure with User privileges and no user interaction required. Affected component: Android OS (Android 13). Root cause: side-channel information...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:26 p.m.64 views

CVE-2022-20323

CVE-2022-20323 affects Android 13, with a missing permission check in the PackageManager that can disclose local information. The issue enables a local information disclosure vulnerability without user interaction, requiring user privileges. Vulnerable component: PackageManager (Android framework...

5.5CVSS5.5AI score0.00092EPSS
Total number of security vulnerabilities8153