8153 matches found
CVE-2009-2656
The CVE-2009-2656 entry concerns an unspecified vulnerability in the com.android.phone process on Android 1.0/1.1/1.5 that allows remote attackers to cause a denial of service (network disconnection) by sending a crafted SMS. The issue was demonstrated by Collin Mulliner and Charlie Miller at Bla...
CVE-2014-7915
The CVE relates to an integer overflow in SampleTable.cpp of Android’s libstagefright (Android before 5.0.0; some references extend to related 4.x/5.x lines). The root cause is an integer overflow in SampleTable.cpp in libstagefright, leading to unspecified impact per early descriptions, with fol...
CVE-2015-3834
Technical details about CVE-2015-3834 are not publicly available in the provided connected documents. The initial entry describes the vulnerability but lacks corroborating specifics in the connected sources. Monitor for updates and new disclosures.
CVE-2015-3836
The CVE-2015-3836 entry concerns Android devices affected by a buffer overflow in the Sonivox Parse_wave routine (arm-wt-22k/lib_src/eas_mdls.c) used by the DLS-to-EAS converter. The issue arises because a negative value in a size field is not rejected, enabling remote attackers to execute arbitr...
CVE-2015-6608
Mediaserver on Android is affected: versions 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 are vulnerable to remote code execution or memory corruption via a crafted media file. Root cause cited as memory corruption in mediaserver. CVE-2015-6608 is the umbrella entry; associated internal bugs...
CVE-2015-6617
CVE-2015-6617 affects Skia in Android builds prior to 5.1.1 LMY48Z and 6.0 before 2015-12-01. A crafted media file could cause memory corruption, enabling remote code execution or a denial of service. The issue is addressed in Nexus updates (Builds LMY48Z+ and Android 6.0 with patch level 2015-12...
CVE-2016-0809
CVE-2016-0809 is a use-after-free in the wifi_cleanup function of Broadcom’s Wi‑Fi driver (bcmdhd/wifi_hal/wifi_hal.cpp) used by Android 6.x. The issue could allow local privilege escalation when an attacker with physical access executes a crafted app. Affected: Android 6.x prior to 2016-02-01. R...
CVE-2016-0828
The CVE concerns Android mediaserver: BnGraphicBufferConsumer::onTransact in libs/gui/IGraphicBufferConsumer.cpp failing to initialize a slot variable. This uninitialized state can let a remote attacker trigger an ATTACH_BUFFER action to read sensitive data and bypass a protection mechanism. Affe...
CVE-2016-2489
CVE-2016-2489 is an elevation-of-privilege vulnerability in the Qualcomm video driver for Android, affecting Nexus devices (Nexus 5, 5X, 6, 6P) before 2016-06-01. A crafted local application could trigger memory/cpu access in the Qualcomm video driver, enabling code execution with kernel privileg...
CVE-2017-0413
CVE-2017-0413 is an information-disclosure vulnerability in AOSP Messaging on Android (versions 6.0, 6.0.1, 7.0, 7.1.1). The issue could allow a local malicious application to bypass OS protections that isolate app data, exposing data the app should not access. The description and connected sourc...
CVE-2017-0415
CVE-2017-0415 is an elevation of privilege in Android’s Mediaserver. A local attacker could exploit this to run arbitrary code with privileged process rights. Affected versions: Android 6.0, 6.0.1, 7.0, 7.1.1 (Mediaserver). The provided connected documents identify the issue but do not specify a ...
CVE-2017-0420
CVE-2017-0420 is an information-disclosure vulnerability in AOSP Mail. A local malicious app could bypass OS protections that isolate app data, potentially accessing data from other apps. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected sources conf...
CVE-2017-0430
CVE-2017-0430 affects Android, involving an elevation of privilege in the Broadcom Wi‑Fi driver that could allow a local malicious application to execute arbitrary code in the kernel context. Affected components are Android kernels 3.10 and 3.18 with Broadcom Wi‑Fi driver involvement; the issue i...
CVE-2017-0446
CVE-2017-0446: Elevation of privilege in the HTC touchscreen driver on Android kernel 3.18, allowing a local attacker to execute arbitrary code in kernel context. Exploitation requires compromising a privileged process and local access. Publicly available patch/fix details are not provided in the...
CVE-2017-0472
CVE-2017-0472 involves a remote code execution in Android’s Mediaserver triggered by specially crafted media files, leading to memory corruption during media/file processing. Affected products and versions (per sources) include Android 6.0–7.1.1. The issue is described as Critical due to potentia...
CVE-2017-0509
CVE-2017-0509 is an elevation-of-privilege in the Broadcom Wi‑Fi driver that could let a local malicious app execute arbitrary code in the kernel. Affected product: Android. Root cause: Broadcom Wi‑Fi driver vulnerability enabling local code execution with no privileges required and user interact...
CVE-2017-0549
CVE-2017-0549 describes a remote denial-of-service vulnerability in Mediaserver’s libavc component used by Android. A specially crafted file could cause memory/processing issues in Mediaserver, allowing a device hang or reboot. Affected products/versions cited: Android 6.0, 6.0.1, 7.0, 7.1.1. The...
CVE-2017-0565
CVE-2017-0565 is a local elevation-of-privilege vulnerability in the MediaTek thermal driver on Android. A local malicious application can execute arbitrary code in the kernel context by exploiting the thermal driver. The issue is classified as High severity; exploitation requires compromising a ...
CVE-2017-0594
CVE-2017-0594 affects Android Mediaserver’s Mediaserver component, specifically codecs/aacenc/SoftAACEncoder2.cpp in libstagefright. The issue is an elevation of privilege vulnerability that could allow a local malicious application to execute arbitrary code within the context of a privileged pro...
CVE-2017-0635
CVE-2017-0635 describes a remote denial-of-service in Android’s Mediaserver, via HevcUtils.cpp in libstagefright. An attacker can craft a file that causes a device hang or reboot. Affected products/versions (per the provided doc): Android 7.0, 7.1.1, and 7.1.2. The vulnerability arises from proce...
CVE-2017-0777
CVE-2017-0777 is an information-disclosure vulnerability in the Android media framework affecting Android 7.0, 7.1.1 and 7.1.2. The supplied documents state an information-disclosure issue but do not specify the exact root cause, vulnerable component versioning beyond the Android OS versions, or ...
CVE-2017-0798
CVE-2017-0798 is an elevation of privilege vulnerability in the MediaTek kernel within Android’s kernel. The issue affects MediaTek kernel components (kernel level) and is classified as an EoP with High impact, enabling a local attacker with some access to gain higher privileges. The CVE entry re...
CVE-2017-0841
CVE-2017-0841 describes a remote code execution vulnerability in Android’s libutils affecting Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID: A-37723026). The Connected documents corroborate the affected component (libutils) and the Android product, but do not p...
CVE-2017-13176
CVE-2017-13176 refers to a vulnerability in Android where the parseURL function of URLStreamHandler performs improper input validation of the host field. Exploitation could enable remote elevation of privilege with user interaction required, across Android versions 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, ...
CVE-2017-13277
CVE-2017-13277 affects Android’s ihevcd_fmt_conv.c, with an out-of-bounds write due to a missing bounds check. This could enable remote code execution and requires user interaction to exploit. Affected versions include Android 6.0 through 8.1. The issue is documented in multiple sources, all attr...
CVE-2018-21057
CVE-2018-21057 concerns a stack-based buffer overflow in the Shannon Baseband on Samsung mobile devices running N(7.x), O(8.x), and P(9.0) (Exynos chipsets). The vulnerability is identified by Samsung as SVE-2018-12757. Publicly provided details in the connected documents confirm the affected sub...
CVE-2018-9374
CVE-2018-9374 affects Android’s PackageManagerService.java, specifically installPackageLI, enabling a possible permissions bypass that could lead to local elevation of privilege. Exploitation would require local user privileges with no user interaction, per the CVE description. The issue is liste...
CVE-2018-9393
CVE-2018-9393 affects the MTK WLAN driver: a possible out-of-bounds write in procfile_write() of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c due to a missing bounds check. This can lead to local privilege escalation with System execution privileges; exploitation reportedly doe...
CVE-2018-9400
The CVE-2018-9400 issue affects Mediatek GT1151 touchscreen drivers (GT1151/gt1x_generic.c and gt1x_tools.c). Root cause: missing bounds check enabling an out-of-bounds write in gt1x_debug_write_proc and gt1x_tool_write. Impact: local escalation of privilege with System execution privileges requi...
CVE-2018-9462
CVE-2018-9462 describes an out-of-bounds write in the Android kernel component ftm4_pdc.c, within the store_cmd function, caused by an incorrect bounds check. This can enable local escalation of privilege to system execution privileges, with no user interaction required. The description specifies...
CVE-2019-2050
CVE-2019-2050 affects Android 8.0–9 due to a use-after-free in tearDownClientInterface() within WificondControl.java caused by improper locking. This enables local elevation of privilege with no additional execution privileges and no user interaction required. Public docs indicate a platform-wide...
CVE-2019-2145
CVE-2019-2145 is a vulnerability in the Android libxaac library (Android-10) causing an information-disclosure via an out-of-bounds read due to missing bounds checks. The exploit requires user interaction and could allow partial confidentiality impact, with higher impact if exploited in context. ...
CVE-2019-9269
CVE-2019-9269 is an Android 10 elevation-of-privilege issue described as a local permissions bypass in System Settings caused by a cached Linux user ID. The vulnerability could allow a local attacker to bypass permissions with no additional execution privileges required; exploitation reportedly r...
CVE-2019-9344
CVE-2019-9344 affects Android 10 NFC server and involves an out-of-bounds read due to a missing bounds check, enabling local information disclosure. The vulnerability targets NFC server components and can be exploited with user interaction; no remote access is indicated. While NVD lists CVSS scor...
CVE-2020-0004
CVE-2020-0004 affects Android 8.0–10 in WallpaperManagerService.generateCrop, where processing an image that exceeds the maximum texture size can trigger a local DoS in the systemui. The root cause is an image-texture handling issue in WallpaperManagerService.java. The vulnerability is local and ...
CVE-2020-0006
CVE-2020-0006 affects Android 8.0–10, with a heap information-disclosure in rw_i93_send_cmd_write_single_block (rw_i93.cc). The underlying issue is uninitialized data leading to remote information disclosure in the NFC server; exploitation requires user interaction. Impact per the sources is info...
CVE-2020-0334
CVE-2020-0334 is described as an NFC out-of-bounds write on Android 11 that enables local privilege escalation without user interaction. Affected component: NFC handling in Android 11; root cause: missing bounds check leading to out-of-bounds write. Impact is listed as local elevation of privileg...
CVE-2020-28345
CVE-2020-28345 affects LG mobile devices running Android 10. The issue is in the Wi‑Fi subsystem, where a missing NULL parameter check can cause a crash. This is described in multiple sources (e.g., NVD/Red Hat entries) with no public details on a fix in the provided documents. Impact is indicate...
CVE-2021-0674
CVE-2021-0674 affects the ALAC (ALAC decoder) used in MediaTek and related chipsets. The issue is an out-of-bounds read caused by an incorrect bounds check in the ALAC decoder, leading to local information disclosure without user interaction. Affected state: local access, no privileges required. ...
CVE-2021-0975
CVE-2021-0975 affects Android 13 with a side-channel in USB Manager that can reveal whether an app is installed without query permissions. This enables local information disclosure of installed packages with no extra execution privileges and no user interaction required. Exploitation status is no...
CVE-2021-1041
CVE-2021-1041 is documented in multiple sources as a local, memory-corruption–related information-disclosure vulnerability affecting Android kernel components, with Pixel’s bulletin identifying it under the Camera entry and rating it High severity. The core issue is described as an out-of-bounds ...
CVE-2021-25335
Technical details about CVE-2021-25335 are not publicly available in the provided connected documents. No affected product/version specifics or exploitation details are given here. Monitor for updates from Samsung security advisories and NVD entries.
CVE-2021-25344
The CVE-2021-25344 issue affects Samsung knox_custom service (mobile app). Root cause: missing privilege check in knox_custom before SMR Mar-2021 Release 1. Impact: attacker may access the device serial number without permission (local attack). Public details confirm the vulnerability and timing;...
CVE-2021-25347
CVE-2021-25347 affects the Samsung Email application. A hijacking vulnerability in versions prior to the SMR Feb-2021 Release 1 could allow an attacker to intercept when the provider is executed. The available documents consistently describe interception as the impact, but do not provide detailed...
CVE-2021-25365
CVE-2021-25365 concerns an improper exception control in the Samsung softsimd component prior to SMR APR-2021 Release 1. The vulnerability allows unprivileged applications to access the softsimd API. The entry is tied to Samsung SMR APR-2021 Release 1, indicating a patch/maintenance release in th...
CVE-2021-38591
CVE-2021-38591 affects LG mobile devices running Android P/Q on mt6762/mt6765/mt6883. Root cause: misconfiguration of a debug command that allows attackers to modify NvRAM content. Documented impact is limited to NvRAM manipulation; no exploit details or in‑the‑wild data are provided. No remediat...
CVE-2022-20212
The vulnerability CVE-2022-20212 affects Android (Android-10 and Android-11) via wifi.RequestToggleWifiActivity in AndroidManifest.xml, enabling a tapjacking/overlay-based Elevation of Privilege. The underlying issue is a local EoP that can be exploited with user interaction, leading to a higher-...
CVE-2022-20249
CVE-2022-20249 affects Android 13 via a side-channel vulnerability in the LocaleManager that can disclose whether an app is installed without query permissions, enabling local information disclosure with no extra execution privileges. The root cause is information leakage through a locale-related...
CVE-2022-20304
CVE-2022-20304 affects Android 13 and describes a side-channel information disclosure that can determine a user’s account, enabling local information disclosure with User privileges and no user interaction required. Affected component: Android OS (Android 13). Root cause: side-channel information...
CVE-2022-20323
CVE-2022-20323 affects Android 13, with a missing permission check in the PackageManager that can disclose local information. The issue enables a local information disclosure vulnerability without user interaction, requiring user privileges. Vulnerable component: PackageManager (Android framework...