Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2026/04/06 6:20 p.m.64 views

CVE-2025-48651

Summary: CVE-2025-48651 pertains to StrongBox in Android. In KMKeymasterApplet.java’s importWrappedKey, insufficient input validation could allow access to restricted keys, enabling local information disclosure without extra privileges or user interaction. The issue is classed as a local vulnerab...

5.5CVSS6AI score0.00096EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.63 views

CVE-2023-20746

The CVE-2023-20746 entry details a vulnerability in the vcu component of MediaTek chips. Root cause: an out-of-bounds write caused by improper locking. Impact: local escalation of privilege to SYSTEM level with no user interaction required. Affected scope is limited to the vcu module; exploitatio...

6.7CVSS6.7AI score0.00075EPSS
CVE
CVE
added 2023/09/04 2:27 a.m.63 views

CVE-2023-20845

CVE-2023-20845 affects imgsys. The vulnerability is an out-of-bounds read caused by missing valid range checking, leading to local information disclosure with system execution privileges required and user interaction for exploitation. Patch ID ALPS07197795 / Issue ID ALPS07340357 is associated wi...

4.2CVSS4AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.63 views

CVE-2023-21362

CVE-2023-21362 affects Google Android (Android Framework). The issue is a DoS caused by resource exhaustion that can lead to local denial of service without extra privileges. The available documents cite it as a Framework DoS in Android 14 release notes, with no exploitation details provided. Mit...

5.5CVSS5.6AI score0.0008EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.63 views

CVE-2023-21364

CVE-2023-21364 affects Android’s ContactsProvider, causing a crash loop through resource exhaustion that can lead to local persistent DoS in the Phone app. The vulnerability is connected to the ContactsProvider component and is exploitable with local access and low privileges, without user intera...

5.5CVSS5.5AI score0.00085EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.63 views

CVE-2023-21398

CVE-2023-21398 affects the Android ecosystem with a logic error in the sdksandbox component that enables a strandhogg-style overlay attack, leading to local elevation of privilege without extra execution privileges and with no user interaction required. Multiple sources (NVD, Red Hat, CNVD, CN) d...

7.8CVSS7.8AI score0.00116EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.63 views

CVE-2023-32828

The CVE-2023-32828 issue affects the vpu component and is described as an integer overflow causing an out-of-bounds write. This could enable local escalation of privilege with System-level execution privileges required; no user interaction is needed. Reported patch ID: ALPS07767817 (Issue ALPS077...

6.7CVSS6.7AI score0.00089EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.63 views

CVE-2023-32885

The CVE-2023-32885 entry concerns a memory corruption issue in the display DRM module, affecting MediaTek chips. The root cause is a missing bounds check, enabling local privilege escalation with System execution privileges needed; exploitation requires local access and no user interaction is req...

6.7CVSS6.8AI score0.00093EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.63 views

CVE-2023-42644

CVE-2023-42644 affects the dm service, where a possible missing permission check could permit local information disclosure without requiring additional execution privileges. Connected sources consistently describe a local-privilege-check omission as the root cause. Consequences are limited to inf...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2024/07/01 3:18 a.m.63 views

CVE-2024-20080

The CVE-2024-20080 entry affects the gnss service, caused by improper certificate validation. This can enable remote escalation of privilege without additional privileges, with no user interaction required. The vulnerability is rated critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and i...

9.8CVSS7.5AI score0.00285EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.63 views

CVE-2024-20118

CVE-2024-20118 affects the MediaTek mms component, with an out-of-bounds write caused by an incorrect bounds check. This can lead to local escalation of privilege and SYSTEM privileges are required for exploitation; no user interaction is needed. A patch is referenced as ALPS09062392 (MSV-1621). ...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/12/02 3:6 a.m.63 views

CVE-2024-20128

CVE-2024-20128 affects MediaTek Telephony components (Telephony in MediaTek chipsets). The issue is an out-of-bounds read due to a missing bounds check, which could allow remote denial of service without user interaction. Impact is described as high (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) per CVSS ...

7.5CVSS7.2AI score0.00294EPSS
CVE
CVE
added 2025/02/03 3:24 a.m.63 views

CVE-2025-20642

CVE-2025-20642 describes an out-of-bounds write in the DA module caused by a missing bounds check. This could enable local privilege escalation when an attacker has physical access to the device, with user interaction required for exploitation. A patch is identified as ALPS09291146 (MSV-2057); no...

6.6CVSS6.6AI score0.00102EPSS
CVE
CVE
added 2025/05/07 8:24 a.m.63 views

CVE-2025-20979

CVE-2025-20979 concerns an out-of-bounds write in Samsung’s libsavscmn prior to Android 15. Affected component: libsavscmn (cell phone software). Root cause: an out-of-bounds write issue that enables local attackers to execute arbitrary code. Impact: high (local code execution with high confident...

8.4CVSS8.4AI score0.00083EPSS
CVE
CVE
added 2026/03/02 6:42 p.m.63 views

CVE-2026-0006

CVE-2026-0006 is a heap-based out-of-bounds read/write vulnerability that can lead to remote code execution with no user interaction. It is listed under Android System as affected, with an updated AOSP version set to 16 and mitigation via security patch levels 2026-03-01 or later (Android 16-era ...

9.8CVSS6.7AI score0.00581EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.62 views

CVE-2014-9795

CVE-2014-9795 affects the Android/Qualcomm stack on Nexus 5: the aboot.c implementation in Qualcomm components fails to properly guard against an integer overflow when processing crafted start/size values, enabling a local attacker to bypass access restrictions. The issue is tied to Android inter...

10CVSS7.5AI score0.00584EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.62 views

CVE-2015-3845

CVE-2015-3845 affects Android Binder’s Parcel handling: the Parcel::appendFrom function in libs/binder/Parcel.cpp does not consider parcel boundaries when identifying binder objects, in Android versions before 5.1.1 LMY48M. The underlying flaw can allow a crafted application to obtain privileges ...

6.8CVSS6.5AI score0.00607EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.62 views

CVE-2015-3867

CVE-2015-3867 is a vulnerability in Android’s libstagefright prior to 5.1.1 LMY48T where processing a specially crafted media file can cause memory corruption and remote code execution in the mediaserver service. The root cause is tied to libstagefright’s handling of media data, enabling an attac...

10CVSS7.8AI score0.01858EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.62 views

CVE-2015-6604

CVE-2015-6604 affects Android’s libstagefright before 5.1.1 LMY48T. A crafted media file could cause memory corruption in mediaserver, enabling remote code execution or a denial of service. Root cause is memory corruption in the media processing pipeline. The public description confirms the compo...

10CVSS7.8AI score0.022EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.62 views

CVE-2015-6620

Android libstagefright vulnerabilities in mediaserver allow local privilege escalation to Signature or SignatureOrSystem for devices running before 5.1.1 LMY48Z and before 2015-12-01 for 6.0. Root cause: flaws in libstagefright enabling memory/logic errors during crafted media processing. Impact ...

9.3CVSS7AI score0.01676EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.62 views

CVE-2015-6634

CVE-2015-6634 concerns memory corruption/remote code execution in Android’s display drivers prior to 5.1.1 LMY48Z when processing a crafted media file. The vulnerability, tracked as internal bug 24163261, could allow remote attackers to execute arbitrary code or cause a denial of service via medi...

9.3CVSS7.8AI score0.01858EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.62 views

CVE-2016-0810

CVE-2016-0810 affects Android mediaserver’s mediaserver component, specifically the MediaLib SoundPool handling in media/libmedia/SoundPool.cpp. The root cause is mishandled locking requirements, which can allow a crafted application to escalate privileges to obtain Signature or SignatureOrSystem...

7.8CVSS8AI score0.0023EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.62 views

CVE-2016-10385

CVE-2016-10385 is a high-severity use-after-free in IMS RCS across Qualcomm Android CAF builds using the Linux kernel. Public docs note a remote-exploitable condition with critical impact ( CVSSv3 9.8 ). The vulnerability affects Qualcomm firmware in CAF Android releases; Android security bulleti...

10CVSS8.8AI score0.00937EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.62 views

CVE-2016-6729

CVE-2016-6729 is an elevation-of-privilege vulnerability in the Qualcomm bootloader used by Android prior to 2016-11-05. A local malicious app could execute arbitrary code in kernel context, potentially leading to permanent device compromise that may require reflashing. Android ID: A-30977990; re...

9.3CVSS7.4AI score0.00636EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.62 views

CVE-2016-6733

The CVE-2016-6733 entry describes an elevation-of-privilege vulnerability in the NVIDIA GPU driver for Android prior to 2016-11-05 that could allow a local malicious app to execute code in the kernel context. The impact is described as Critical, including potential permanent device compromise req...

9.3CVSS7AI score0.00666EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.62 views

CVE-2017-0418

CVE-2017-0418 is an elevation of privilege in Android’s Audioserver that could allow a local malicious application to run arbitrary code in the context of a privileged process. Affected products are Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The provided documents consisten...

9.3CVSS7.2AI score0.00911EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.62 views

CVE-2017-0436

Summary of CVE-2017-0436 (Qualcomm sound driver privilege escalation) : The vulnerability affects Android, specifically the Qualcomm sound driver within kernel contexts (kernel versions 3.10 and 3.18). It enables a local, malicious application to elevate privileges and execute arbitrary code in t...

7.6CVSS6.6AI score0.0087EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.62 views

CVE-2017-0451

CVE-2017-0451 describes an information-disclosure vulnerability in the Qualcomm sound driver on Android. The issue enables a local malicious application to access data outside its granted permissions after compromising a privileged process. Affected components include Android kernels around 3.10 ...

4.7CVSS4.3AI score0.00574EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.62 views

CVE-2017-0465

CVE-2017-0465 describes an elevation of privilege vulnerability in the Qualcomm ADSPRPC driver that could allow a local attacker to execute arbitrary code in the kernel context on Android devices. Affected components/versions in the public records include the Android kernel (Kernel-3.10, Kernel-3...

7.6CVSS6.6AI score0.00592EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.62 views

CVE-2017-0550

CVE-2017-0550 corresponds to a remote denial-of-service in libavc within Android’s Mediaserver. The vulnerability affects Android 6.0–7.1.1 and could be triggered by a specially crafted file, potentially causing device hang or reboot. Connected documents corroborate the Mediaserver/libavc context...

7.1CVSS5.7AI score0.00712EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.62 views

CVE-2017-0646

CVE-2017-0646 is an information-disclosure vulnerability in the Android Bluetooth component that could allow a local malicious app to access data beyond its permissions. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-33899337). The connected...

5.5CVSS5.1AI score0.00449EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.62 views

CVE-2017-0668

The CVE-2017-0668 entry describes an information disclosure vulnerability in the Android framework affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-22011579). The connected sources re-iterate that this is an information disclosure issue in Framework/...

5.5CVSS5.5AI score0.00383EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.62 views

CVE-2017-0670

CVE-2017-0670 describes a denial‑of‑service in the Android framework affecting Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID: A-36104177). The vulnerability is listed under the Android Framework component as a DoS issue; no detailed root cause or exploit information...

5.5CVSS5.6AI score0.00342EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.62 views

CVE-2017-0733

The CVE-2017-0733 entry describes a denial-of-service vulnerability in Android’s media framework (libmediaplayerservice). Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The initial description does not specify the exact root cause beyond the DoS label;...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.62 views

CVE-2017-0763

CVE-2017-0763 is a remote code execution vulnerability in Android’s media framework libhevc. Affected products include Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The root cause is a flaw in the media framework’s HEVC decoding path that could allow an attacker to run ar...

9.3CVSS7.9AI score0.01053EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.62 views

CVE-2017-0780

CVE-2017-0780 is a DoS in Android's runtime (FrameSequenceDrawable) triggered when processing GIF-based frames in MMS. The root cause is a Null Pointer Exception path: acquireAndValidateBitmap can accept a null or invalid Bitmap from a custom FrameSequenceDrawable.BitmapProvider, leading to an NP...

7.1CVSS5.4AI score0.00331EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.62 views

CVE-2017-0796

CVE-2017-0796 is an Elevation of Privilege in the MediaTek AUXADC driver within the Android kernel. Affected component: MediaTek AUXADC driver (on Android devices). Root cause: unspecified in the provided text beyond the vendor/product mapping; the entry states elevation of privilege. Impact acco...

9.3CVSS8AI score0.00414EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.62 views

CVE-2017-0804

CVE-2017-0804 is an Elevation of Privilege vulnerability in the MediaTek MMC driver within the Android kernel. It affects the MMC driver component and is documented as a local privilege escalation (attack vector local, low attack complexity) with a high impact on confidentiality, integrity, and a...

7.8CVSS8AI score0.00368EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.62 views

CVE-2017-0813

Summary of CVE-2017-0813 : A denial-of-service vulnerability exists in the Android media framework (libstagefright) affecting Android versions 7.0, 7.1.1, and 7.1.2. The issue is identified as a DoS in the Media framework component; the provided documents do not specify the root cause details bey...

7.5CVSS6.9AI score0.00933EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.62 views

CVE-2017-0820

CVE-2017-0820 is a DoS vulnerability in the Android media framework affecting Android versions 7.0, 7.1.1, 7.1.2 and 8.0. The issue is tracked in multiple feeds and is listed in the October 2017 Pixel/Nexus Security Bulletin under the Media framework with DoS as the type and NSI as the status. Th...

7.8CVSS7.2AI score0.01267EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.62 views

CVE-2017-0863

CVE-2017-0863 is an elevation-of-privilege vulnerability in the Upstream kernel video driver affecting the Android kernel on Pixel/Nexus devices. The issue enables a local attacker to escalate privileges (local exploit, low attack complexity, no user interaction), with partial confidentiality, in...

7.8CVSS7.2AI score0.00155EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.62 views

CVE-2017-13148

CVE-2017-13148 is a DoS in Android's media framework (libmpeg2). Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. The issue is described as a denial-of-service vulnerability in the media decoding path. The Android bulletin indicates patches exist in the 2017-12-01 and 2017-12-05 lev...

7.1CVSS6.6AI score0.00428EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.62 views

CVE-2017-13248

CVE-2017-13248 affects Android Media framework; the vulnerability is an out-of-bounds write in impeg2_idct_recon_sse42_intr.c (impeg2_idct_recon_sse42_intr) that could allow remote code execution with user interaction. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. The issue ...

9.3CVSS7.9AI score0.01113EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.62 views

CVE-2017-13272

CVE-2017-13272 affects Android (7.0–8.1). The issue is an out-of-bounds write caused by a use-after-free in alarm_ready_generic (alarm.cc), enabling remote escalation of privilege with no user interaction. CVSSv3 base score 9.8 (Network, High impact on confidentiality, integrity, availability). T...

10CVSS8.6AI score0.0188EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.62 views

CVE-2017-13287

CVE-2017-13287 is an Elevation of Privilege vulnerability in Android’s VerifyCredentialResponse.java. In createFromParcel, there is a possible invalid parcel read caused by insufficient input validation. If mPayload in writeToParcel is null, this could allow a local attacker to escalate privilege...

7.8CVSS7.6AI score0.00173EPSS
CVE
CVE
added 2024/11/15 8:52 p.m.62 views

CVE-2017-13309

CVE-2017-13309 affects ConscryptEngine.java in Android's Conscrypt implementation. In readEncryptedData, there is a plaintext leak due to improper crypto usage, enabling local information disclosure without extra privileges or user interaction. The Android security bulletin (2018-05-01) associate...

6.2CVSS6AI score0.00076EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.62 views

CVE-2017-14891

CVE-2017-14891 affects the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12. The issue is an uninitialized variable that can leak stack contents, causing information disclosure. The vulnerability is tied to the kernel/driver sta...

5.3CVSS5.1AI score0.00448EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.62 views

CVE-2017-14909

Technical details about CVE-2017-14909 are not publicly available in the provided documents. Monitor for updates from the connected sources.

10CVSS7.6AI score0.00726EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.62 views

CVE-2017-8255

CVE-2017-8255 affects Qualcomm bootloader components in Android CAF builds that use the Linux kernel. The issue is described as an integer overflow in the bootloader, leading to elevation of privilege (EoP) within the kernel context. Public sources in the provided documents identify the vulnerabi...

9.3CVSS7.4AI score0.00483EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.62 views

CVE-2017-8260

CVE-2017-8260 is a Qualcomm component issue mapped to the Camera driver in Qualcomm parts. Root cause: a type downcast in CAF Linux kernel code allows a value to bypass validation, enabling an out-of-bounds write. Impact: local kernel context elevation via the Camera driver (per the CVE entry in ...

7.8CVSS7.3AI score0.00534EPSS
Total number of security vulnerabilities8153