Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/06/28 12:0 a.m.62 views

CVE-2023-21172

CVE-2023-21172 affects Android 13 where the WifiCallingSettings.java functions allow changing calling preferences for the admin user due to a permissions bypass. This enables local elevation of privilege with no extra execution privileges needed and requires no user interaction to exploit. No spe...

7.8CVSS7.7AI score0.00097EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.62 views

CVE-2023-21326

Summary of CVE-2023-21326 : This Android vulnerability affects the Package Manager Service and allows a local attacker to determine whether an app is installed without query permissions, via a side-channel information disclosure. The impact is information disclosure (confidentiality) with no user...

5.5CVSS5.6AI score0.00088EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.62 views

CVE-2023-21384

CVE-2023-21384 : Affected software is the Android Package Manager. The issue is an information-disclosure vulnerability caused by an unsafe PendingIntent, enabling local information disclosure with low-privilege access. Exploitation requires no user interaction but attacker must have local access...

5.5CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.62 views

CVE-2023-52347

The collected details indicate a vulnerability in the ril service where a missing bounds check can cause an out-of-bounds write, leading to local denial of service with System execution privileges. Affected software: ril service (UNISOC/Unisoc-derived platforms referenced in multiple reports). Ro...

5.5CVSS6.7AI score0.00082EPSS
CVE
CVE
added 2024/03/04 2:43 a.m.62 views

CVE-2024-20029

CVE-2024-20029 concerns the wlan firmware with a vulnerability described as an out-of-bounds write caused by improper input validation. The underlying issue can lead to a local escalation of privilege with System execution privileges, and exploitation does not require user interaction. The availa...

8.4CVSS7AI score0.0009EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.62 views

CVE-2024-20107

CVE-2024-20107 affects MediaTek MT8676 Da component (MediaTek chipsets). It describes an out-of-bounds read due to a missing bounds check, causing local information disclosure without privileges or user interaction. Patch ALPS09124360/Issue MSV-1823 is referenced in multiple sources (NVD/Red Hat)...

6.2CVSS6.2AI score0.00103EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.62 views

CVE-2024-20116

CVE-2024-20116 affects the cmdq component in MediaTek chipsets. The vulnerability is a possible out-of-bounds read caused by a missing bounds check, leading to local information disclosure with system execution privileges required. The issue does not require user interaction. Public references li...

4.4CVSS6.3AI score0.00082EPSS
CVE
CVE
added 2024/09/27 7:37 a.m.62 views

CVE-2024-39435

CVE-2024-39435 affects the Logmanager service. The root cause is a missing verification/input validation in the service, enabling local escalation of privilege without additional execution privileges. The available sources do not specify affected products/vendors beyond the Logmanager service, no...

7.8CVSS7.4AI score0.00079EPSS
CVE
CVE
added 2025/02/03 3:23 a.m.62 views

CVE-2025-20638

CVE-2025-20638 concerns MediaTek chipsets where the DA module exposes a read of uninitialized heap data, enabling local information disclosure. Root cause: uninitialized data in the DA module. Impact: potential leakage of heap contents if an attacker gains physical access; exploitation requires u...

4.6CVSS5.9AI score0.00098EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.62 views

CVE-2025-20652

CVE-2025-20652 describes a potential out-of-bounds read in V5 DA caused by a missing bounds check, leading to local information disclosure. Exploitation requires physical access to the device and does not require prior execution privileges, with user interaction needed for exploitation. A patch i...

4.6CVSS5.9AI score0.00101EPSS
CVE
CVE
added 2025/04/07 3:14 a.m.62 views

CVE-2025-20660

CVE-2025-20660 : In PlayReady TA, a missing bounds check enables an out-of-bounds read that can lead to local privilege escalation when the attacker already has System privileges. The issue does not require user interaction. A patch is available (Patch ID: DTV04436357; MSV-3186). Exploitation sta...

6.7CVSS6.6AI score0.00087EPSS
CVE
CVE
added 2009/10/14 10:0 a.m.61 views

CVE-2009-2999

The CVE-2009-2999 entry affects Android 1.5 CRBxx: remote attackers can cause a DoS (application restart and network disconnection) by sending a malformed WAP Push SMS, triggering an ArrayIndexOutOfBoundsException in com.android.phone. Connected sources confirm a Malformed SMS DoS with fixed vers...

4.3CVSS6.6AI score0.01498EPSS
CVE
CVE
added 2011/08/12 6:0 p.m.61 views

CVE-2011-2357

CVE-2011-2357 describes a cross-application scripting flaw in Android’s Browser URL loading, enabling a non-privileged app to inject JavaScript into arbitrary domains and break sandboxing. The vulnerability has two exploitation vectors: (1) exhausting MAX_TABS and loading a target URL followed by...

4.3CVSS6.4AI score0.04615EPSS
CVE
CVE
added 2017/09/25 7:0 p.m.61 views

CVE-2014-0997

CVE-2014-0997 affects Android devices using WiFiMonitor handling for Wi-Fi Direct. A crafted 802.11 Probe Response frame can trigger an uncaught IllegalArgumentException in WifiMonitor/WifiP2pDevice, causing the Dalvik subsystem to reboot and resulting in a denial of service. Vulnerable on severa...

7.5CVSS7.1AI score0.064EPSS
CVE
CVE
added 2014/09/04 5:0 p.m.61 views

CVE-2014-6060

CVE-2014-6060 describes a denial-of-service condition in the DHCP client dhcpcd. Affected versions are 4.0.0 through 6.x (before 6.4.3). The root cause is a vulnerability in how a remote DHCP server can reset the DHO_OPTIONSOVERLOADED option in the bootfile or servername DHCP option, triggering t...

3.3CVSS7.2AI score0.00441EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.61 views

CVE-2014-9801

CVE-2014-9801 concerns Android components on Nexus 5 (Qualcomm) where multiple integer overflows in lib/libfdt/fdt_rw.c can be triggered by a crafted application to gain privileges. The issue is described as an Android internal bug 28822060 and a Qualcomm internal bug CR705078, affecting Qualcomm...

9.3CVSS7.5AI score0.00557EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.61 views

CVE-2015-1539

The CVE-2015-1539 issue is a remote-code-execution vulnerability in Android’s libstagefright, caused by integer underflows in ESDS::parseESDescriptor during MP4 atom processing. It affects Android releases prior to 5.1.1 LMY48I; the Android bulletins (e.g., Nexus/Android security bulletin) note t...

10CVSS7.6AI score0.85792EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.61 views

CVE-2015-3827

Android Stagefright: CVE-2015-3827 is a vulnerability in libstagefright’s MPEG4 covr handling. The MPEG4Extractor::parseChunk path does not validate the relationship between chunk sizes and skip sizes, causing an integer underflow that can lead to remote code execution or memory corruption via cr...

9.3CVSS7.8AI score0.81143EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.61 views

CVE-2015-3828

CVE-2015-3828 affects Android’s libstagefright MPEG4Extractor.cpp, where MPEG4Extractor::parse3GPPMetaData does not enforce a minimum size for UTF-16 strings containing a BOM. This can enable a remote attacker to execute arbitrary code or cause a denial of service (integer underflow and memory co...

10CVSS8AI score0.85378EPSS
CVE
CVE
added 2017/08/07 5:0 p.m.61 views

CVE-2015-3839

CVE-2015-3839 affects Android 5.1.1 and earlier. The vulnerability lies in the updateMessageStatus function, where a local user can trigger a NULL pointer dereference, causing a denial of service (process crash). The issue is documented across sources as a local-exploit scenario with no remote ac...

5.5CVSS5.2AI score0.00392EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.61 views

CVE-2016-0834

CVE-2016-0834 affects Android 6.x mediaserver with an unspecified media codec vulnerability that allows remote code execution or memory corruption via a crafted media file (internal bug 26220548). The NVD entry notes a CVSSv3 base score of 8.4 (HIGH) with local attack vector, no privileges, and n...

10CVSS8.1AI score0.01512EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.61 views

CVE-2016-2475

CVE-2016-2475 refers to an input validation vulnerability in the Broadcom Wi‑Fi driver that, on Android devices, could enable a local attacker to gain privileges for certain system calls via a crafted application. The issue affects Nexus devices (Nexus 5, 6, 6P, 7 (2013), 9, Nexus Player, Pixel C...

7.8CVSS8AI score0.00525EPSS
CVE
CVE
added 2016/09/11 9:0 p.m.61 views

CVE-2016-3861

CVE-2016-3861 involves LibUtils on Android (4.x up to 4.4.4; 5.x; 6.x up to 2016-09-01; 7.0 before 2016-09-01) where conversions between Unicode encodings of different widths are mishandled, allowing remote code execution or a heap-based buffer overflow via a crafted file. Exploitation is evidenc...

9.3CVSS7.8AI score0.11172EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.61 views

CVE-2016-8462

CVE-2016-8462 is an information-disclosure vulnerability in the Android bootloader that could allow a local attacker to access data outside the attacker’s permission level. Connected sources confirm affected devices include Pixel and Pixel XL, with patch guidance in the Android security bulletin ...

5.5CVSS5.2AI score0.00306EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.61 views

CVE-2017-0394

CVE-2017-0394 is a denial-of-service vulnerability in Android’s Telephony, allowing a remote attacker to cause a device hang or reboot. Affected are Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The initial records do not provide exploit details or a confirmed root-cause description ...

7.8CVSS7.2AI score0.0078EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.61 views

CVE-2017-0407

CVE-2017-0407 describes a remote code execution vulnerability in Android’s Mediaserver affecting the libhevc library. The issue can be triggered by processing a specially crafted media file, leading to memory corruption within the Mediaserver process. Affected products/versions are Android 6.0–7....

9.3CVSS7.6AI score0.01856EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.61 views

CVE-2017-0414

CVE-2017-0414 refers to an information-disclosure vulnerability in AOSP Messaging on Android (versions 6.0, 6.0.1, 7.0, 7.1.1). The issue allows a local malicious application to bypass OS protections that isolate app data, potentially accessing data the app should not access. The connected docume...

5.5CVSS4.9AI score0.00558EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.61 views

CVE-2017-0449

CVE-2017-0449 describes an elevation-of-privilege in the Broadcom Wi‑Fi driver for Android devices using the 3.10 kernel (e.g., Nexus 6P/Nexus 6). A local, privileged process could be exploited by a malicious user/application to execute arbitrary code in the kernel context. The CNVD entry corrobo...

7.6CVSS6.7AI score0.00863EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.61 views

CVE-2017-0493

CVE-2017-0493 is an information-disclosure vulnerability in Android’s File-Based Encryption that could allow a local attacker to bypass lock-screen protections. Affected products/versions (from sources): Android 7.0 and 7.1.1. Root cause: information disclosure within File-Based Encryption (no fu...

5.5CVSS5.1AI score0.00315EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.61 views

CVE-2017-0616

CVE-2017-0616 describes an elevation of privilege in the MediaTek system management interrupt driver that could allow a local malicious Android app to execute arbitrary code in the kernel context. Affected product: Android. Impact is rated High, because exploitation requires first compromising a ...

7.6CVSS6.6AI score0.00544EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.61 views

CVE-2017-0640

CVE-2017-0640 corresponds to a remote DoS in Android’s Media framework/Mediaserver. A specially crafted media file can cause a device hang or reboot. Affected: Android 6.0–7.1.1. Root cause: DoS in media processing within Mediaserver. Exploitation status not detailed in the provided documents. Re...

7.1CVSS5.5AI score0.00662EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.61 views

CVE-2017-0664

CVE-2017-0664 affects Android’s Framework with an elevation of privilege vulnerability. Affected: Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 (Android ID A-36491278). Description in connected Nessus entry confirms the issue is an EoP in the Framework and notes there is no vendor-...

9.3CVSS7.4AI score0.00447EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.61 views

CVE-2017-0738

CVE-2017-0738 is an information-disclosure vulnerability in Android’s media framework audioserver affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected documents identify the issue as a flaw in audioserver that can lead to leakage of sensitive informatio...

5.5CVSS5.5AI score0.00484EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.61 views

CVE-2017-0740

CVE-2017-0740 is a remote code execution vulnerability in the Broadcom networking driver for Android, affecting the Android kernel. The connected sources describe the issue as a Broadcom Networking driver RCE in Android 7.1.2 and earlier, with Android Bug ID A-37168488 and reference B-RB#116402. ...

7.8CVSS7.7AI score0.00733EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.61 views

CVE-2017-0758

CVE-2017-0758 is a remote code execution vulnerability in Android’s media framework (libhevc) affecting Android 5.0.2–7.1.2. The media decoding library is the vulnerable surface; exploitation would require user interaction, with a valid crafted file likely enabling code execution in a privileged ...

9.3CVSS7.9AI score0.01323EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.61 views

CVE-2017-0769

CVE-2017-0769 is an Elevation of Privilege flaw in Android's media framework (libstagefright), affecting Android 7.0, 7.1.1, 7.1.2, and 8.0. The NVD entry lists it as a Local EoP with UI interaction required and high impact (C/H/I/A = High). Publicly disclosed details are limited to the affected ...

9.3CVSS7.9AI score0.00414EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.61 views

CVE-2017-0770

CVE-2017-0770 is an elevation of privilege in Android's media framework (libmediaplayerservice) affecting Android versions 4.4.4–8.0. The entry provides the vulnerable component and affected versions, plus CVSS scores (high severity). No exploit status is listed in the provided documents; the And...

9.3CVSS7.9AI score0.00414EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.61 views

CVE-2017-0814

CVE-2017-0814 is an information-disclosure vulnerability in the Android media framework. The Pixel/Nexus bulletin lists this CVE under the Media framework component with a mitigation path via security patches at the 2017-10-05 patch level, addressing devices updated to Android 7.0, 7.1.1, 7.1.2, ...

7.8CVSS6.8AI score0.01206EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.61 views

CVE-2017-11042

CVE-2017-11042 affects Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernel, where ImsService and IQtiImsExt AIDL APIs lack access control. Root cause: insufficient access restrictions on these ImsService interfaces. Exploitation would be local (CVSS2/3 reflect LOCAL,...

7.8CVSS7.1AI score0.00127EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.61 views

CVE-2017-11061

CVE-2017-11061 describes a buffer over-read in the Qualcomm WLAN stack used by Android for MSM, Firefox OS for MSM, and QRD Android, across CAF Linux kernel-based Android releases. The issue occurs while processing the cfg80211 vendor sub-command QCA_NL80211_VENDOR_SUBCMD_ROAM, potentially allowi...

7.5CVSS7.1AI score0.00514EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.61 views

CVE-2017-13180

CVE-2017-13180 affects the Android Media Framework (SoftAVCDec) where a bad header can cause a loop, enabling a use-after-free that leads to an out-of-bounds write. This can result in local privilege elevation with code execution in a privileged process, without user interaction. The vulnerabilit...

7.8CVSS7.7AI score0.00195EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.61 views

CVE-2017-13196

CVE-2017-13196 affects Android’s Media Framework, caused by a dead loop in ihevcd_decode.c when processing incomplete frames. This can lead to memory leaks and a remote denial of service of a critical system process, without user interaction. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7...

7.8CVSS7.4AI score0.02173EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.61 views

CVE-2017-13197

CVE-2017-13197 affects Android’s Media Framework (family of code using ihevcd_parse_slice.c). The vulnerability arises because slave threads are not joined when an error occurs, leading to a remote denial of service of a critical system process without extra privileges or user interaction. Affect...

7.8CVSS7.3AI score0.02173EPSS
CVE
CVE
added 2018/07/06 7:0 p.m.61 views

CVE-2017-15851

CVE-2017-15851 affects Qualcomm Camerav2 in Android for MSM (Linux kernel CAF-based) due to a lack of copy_from_user and an information leak in msm_ois_subdev_do_ioctl, causing a camera crash across Android releases. The issue is documented in the Pixel/Nexus bulletin under Camerav2 (CVE-2017-158...

7.8CVSS7AI score0.00168EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.61 views

CVE-2017-6247

CVE-2017-6247 affects the NVIDIA Tegra kernel audio driver (Audio DSP). A vulnerability in the driver allows an attacker to copy an invalid user parameter without proper input size checking, potentially leading to denial of service or privilege escalation to the kernel. Impact is described as loc...

9.3CVSS7.5AI score0.00714EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.61 views

CVE-2017-8235

CVE-2017-8235 is listed in Qualcomm component notes as an Elevation of Privilege affecting the Camera driver. The description from the initial document states that in CAF Android releases, a memory structure in a camera driver is not properly protected. The connected Android bulletin entries conf...

5.5CVSS5.8AI score0.00281EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.61 views

CVE-2017-8240

CVE-2017-8240 is described as an off-by-one kernel driver over-read in CAF Android releases using the Linux kernel. Connected Nessus advisories for Unity Linux 20.1050e/20.1060e/20.1070e reference UTSA advisories (UTSA-2026-001627, UTSA-2026-003309, UTSA-2026-002623) noting a security update addr...

9.3CVSS7.3AI score0.00468EPSS
CVE
CVE
added 2017/05/12 8:0 p.m.61 views

CVE-2017-8246

CVE-2017-8246 concerns the Android CAF ALSA PCM Playback Kernel Module. In msm_pcm_playback_close(), prtd is assigned from substream->runtime->private_data and later freed, but not sanitized to NULL; this creates a dangling pointer. Other code paths (e.g., msm_pcm_volume_ctl_put()) check fo...

7.8CVSS7.2AI score0.00172EPSS
CVE
CVE
added 2020/04/08 5:18 p.m.61 views

CVE-2018-21072

CVE-2018-21072 affects Samsung mobile devices running M(6.0), N(7.x) and O(8.0) on Exynos chipsets. A kernel driver flaw enables out-of-bounds read/write and may allow arbitrary code execution (Samsung ID SVE-2018-11358). The connected documents confirm the vulnerability class and impact but do n...

10CVSS9.6AI score0.00831EPSS
CVE
CVE
added 2024/11/19 6:11 p.m.61 views

CVE-2018-9338

CVE-2018-9338 is an Android Framework vulnerability described in multiple sources as an out-of-bounds write in ResStringPool::setTo (ResourceTypes.cpp) caused by a missing bounds check. The issue can lead to local escalation of privilege with no user interaction required. Affected component is wi...

7.8CVSS6.9AI score0.00116EPSS
Total number of security vulnerabilities8153