Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/09/08 8:0 p.m.60 views

CVE-2017-0802

CVE-2017-0802 is described in connected sources as a local elevation-of-privilege vulnerability in the MediaTek kernel used by Android. The MTK component table lists CVE-2017-0802 with type EoP and impact in the Kernel, indicating a privilege escalation path, but the documents do not provide conc...

7.8CVSS8AI score0.00368EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.60 views

CVE-2017-0803

CVE-2017-0803 is an elevation-of-privilege vulnerability in the MediaTek accessory detector driver used by Android. The issue affects the Android kernel via the Accessory detector driver component, enabling local privilege escalation in affected devices. The NVD entry lists a base CVSS v2 of 6.8 ...

7.8CVSS8AI score0.00368EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.60 views

CVE-2017-0840

CVE-2017-0840 is an information-disclosure vulnerability in Android’s media framework (libstagefright). Affected products/versions include Android 5.0.2–8.0 (5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0). The issue is classified as Information Disclosure (Media framework) with High impact per...

7.5CVSS6.8AI score0.00636EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.60 views

CVE-2017-0855

CVE-2017-0855 affects Android’s Media Framework in MPEG4Extractor.cpp, where several paths return early without cleaning up internal buffers, leading to memory leaks. The impact is remote denial of service of a privileged process without extra privileges or user interaction. Affected Android vers...

7.8CVSS7.4AI score0.0173EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.60 views

CVE-2017-11052

CVE-2017-11052 affects Android components built on CAF Linux kernel, specifically when processing a crafted QCA_NL80211_VENDOR_SUBCMD_NDP vendor command in Android for MSM, Firefox OS for MSM, and QRD Android. The vulnerability is a buffer over-read in the cfg80211 vendor command handler, leading...

7.5CVSS7.1AI score0.00514EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.60 views

CVE-2017-13178

CVE-2017-13178 affects Android Media Framework (SoftAVCDec). In initDecoder, a use-after-free can cause an out-of-bounds write to mCodecCtx when buffer allocation fails, enabling remote code execution in a privileged process without user interaction. Affected Android versions: 6.0.1, 7.0, 7.1.1, ...

10CVSS9.3AI score0.02352EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.60 views

CVE-2017-13254

CVE-2017-13254 is a DoS vulnerability in the Android media framework (AACExtractor). Affected products/versions include Android 6.0–8.1 (Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1). The issue is documented under the Media Framework category in the March 2018 Pixel/Nexus bulletin with a high ...

7.8CVSS7.2AI score0.0043EPSS
CVE
CVE
added 2024/11/15 9:57 p.m.60 views

CVE-2017-13314

CVE-2017-13314 affects Android by with a missing permission check in NetworkManagementService.setAllowOnlyVpnForUids, enabling local escalation of privilege to access non-VPN networks when VPN-only access is intended. The issue is described as a security settings bypass in NetworkManagementServic...

7.8CVSS6.9AI score0.00074EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.60 views

CVE-2017-14881

CVE-2017-14881 describes a use-after-free in the IPA IOCTL handler (IPA_IOC_ADD_HDR_PROC_CTX) on Android for MSM/Firefox OS for MSM/QRD Android prior to 2017-10-13. The vulnerability is in the ipa driver (Qualcomm) and is categorized in the Android Pixel bulletin as an Elevation of Privilege issu...

9.8CVSS9AI score0.00605EPSS
CVE
CVE
added 2020/04/07 1:57 p.m.60 views

CVE-2017-18694

CVE-2017-18694 affects Samsung mobile devices with Exynos5 software up to 2016-10-25. Root cause: an incorrect format specifier in the logging path allows reading kernel addresses from logs, enabling information disclosure. Impact per sources: kernel addresses disclosed; no exploitation details p...

5.3CVSS5.2AI score0.0034EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.60 views

CVE-2017-8236

CVE-2017-8236 is a buffer overflow vulnerability in an IPA driver present in CAF Android builds using the Linux kernel. Affected component: IPA driver; Root cause: buffer overflow. Potential impact per CVSS3 metrics is HIGH for confidentiality, integrity, and availability, with LOCAL exploitabili...

9.3CVSS7.7AI score0.00393EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.60 views

CVE-2017-8266

CVE-2017-8266 describes a race condition in the Qualcomm video driver used in CAF Android/Linux kernel variants, potentially leading to a use-after-free. Affected component: video driver within Qualcomm/CAF/Linux kernel stack. Impact details in the CVE notes indicate a partial impact on confident...

7CVSS6.7AI score0.00322EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.60 views

CVE-2017-9702

CVE-2017-9702 describes a vulnerability in Android variants (MSM, CAF Linux kernels) where a user-space pointer is directly accessed in a camera driver. This is a local, low-attack-surface issue with a high impact on confidentiality, integrity, and availability (per CVSS3; base score 7.8) and is ...

7.8CVSS7.1AI score0.00138EPSS
CVE
CVE
added 2018/06/06 9:0 p.m.60 views

CVE-2018-5841

CVE-2018-5841 affects Qualcomm DCC (display/graphics driver) within Android CAF releases. The root cause is that dcc_curr_list is initialized to a default invalid value, which is intended to be programmed via a sysfs node; this could allow an elevation of privilege (EoP) when the value is imprope...

9.3CVSS5.2AI score0.00388EPSS
CVE
CVE
added 2024/11/19 7:8 p.m.60 views

CVE-2018-9348

CVE-2018-9348 : The Red Hat/NVD entries describe an integer overflow in SMF_ParseMetaEvent within eas_smf.c that can cause remote Denial of Service via resource exhaustion. Exploitation requires user interaction, and the public details emphasize DoS impact with no explicit remote code execution. ...

7.5CVSS6.7AI score0.00282EPSS
CVE
CVE
added 2024/12/04 11:13 p.m.60 views

CVE-2018-9399

CVE-2018-9399 affects the /proc/driver/wmt_dbg driver. The issue is multiple possible out-of-bounds writes in this driver, enabling local escalation of privilege with SYSTEM privileges and no user interaction required. Reported impact is local (attack vector: LOCAL) with the potential for total c...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2024/11/19 9:20 p.m.60 views

CVE-2018-9420

CVE-2018-9420 affects Android’s BnCameraService::onTransact in CameraService.cpp, enabling information disclosure via uninitialized data with local access and no user interaction. The issue is categorized as an Information Disclosure (ID) in the Android 2018-07-01/2018-07-05 patch-level bulletin,...

5.5CVSS6.2AI score0.00076EPSS
CVE
CVE
added 2024/11/19 9:28 p.m.60 views

CVE-2018-9433

CVE-2018-9433 affects Android’s Framework via the ArrayConcatVisitor in builtins-array.cc, where improper input validation can cause a type confusion vulnerability. The issue could allow remote code execution without extra privileges, with exploitation requiring user interaction per the primary d...

9.8CVSS7.5AI score0.00246EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.60 views

CVE-2018-9509

CVE-2018-9509 affects Android devices with Bluetooth stack exposure. The issue is an out-of-bounds read in smp_proc_master_id of smp_act.cc due to a missing bounds check, which could allow remote information disclosure without extra privileges and without user interaction. Affected products/versi...

6.5CVSS6.1AI score0.00729EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.60 views

CVE-2018-9589

CVE-2018-9589 affects the Android WiFi stack. In ieee802_11_rx_wnmsleep_req() within wnm_ap.c on Android 7.0–9 (including 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9), there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the WiFi driver with ...

5.5CVSS5AI score0.00179EPSS
CVE
CVE
added 2020/02/05 4:1 p.m.60 views

CVE-2019-11516

CVE-2019-11516 affects the Bluetooth stack in Cypress/Broadcom Wireless IoT. The issue arises from improper handling of Extended Inquiry Responses (EIRs): RFU bits are not discarded in eir_handleRx(), causing EIR length overflow beyond 240 bytes and a heap-based overflow in eir_getReceivedEIR() i...

8.1CVSS8.2AI score0.00855EPSS
CVE
CVE
added 2020/03/24 6:51 p.m.60 views

CVE-2019-20580

This CVE concerns Samsung mobile devices running P(9.0). The Motion photo player is able to bypass the Secure Folder feature to view images, constituting an information disclosure vulnerability. Affected software/hardware: Samsung mobile devices with P(9.0). Vulnerable component: Motion photo pla...

5.3CVSS5.3AI score0.00358EPSS
CVE
CVE
added 2019/08/20 7:54 p.m.60 views

CVE-2019-2136

CVE-2019-2136 affects Android: the issue is in Status::readFromParcel of Status.cpp where an out-of-bounds read due to inadequate input validation can lead to local information disclosure without requires user interaction. Impact is confined to Android versions 7.0 through 9 as listed in the desc...

5.5CVSS5AI score0.00175EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.60 views

CVE-2019-9321

CVE-2019-9321 affects the Android 10 stack via the libavc library, where a missing variable initialization in libavc could allow information disclosure. The vulnerability reportedly requires user interaction to be exploited and would impact confidentiality (partial). The connected Red Hat entry a...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.60 views

CVE-2019-9383

CVE-2019-9383 affects Android 10: NFC server component suffers an out-of-bounds read due to a missing bounds check, enabling local information disclosure. The issue requires user interaction to exploit. Documented impact is information disclosure with no additional privileges granted; no explicit...

5CVSS5.3AI score0.00143EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.60 views

CVE-2019-9417

CVE-2019-9417 is a Bluetooth vulnerability in Android 10 where an out-of-bounds read can disclose information locally without user interaction due to a missing bounds check. Exploitation requires local access; impact is information disclosure with no execution privileges gained. Public references...

5.5CVSS5.6AI score0.00139EPSS
CVE
CVE
added 2020/05/14 8:8 p.m.60 views

CVE-2020-0102

In CVE-2020-0102, the issue is an out-of-bounds write in GattServer::SendResponse due to an incorrect bounds check. Affects Android 8.0–10; exploitation could enable local elevation of privilege with user execution privileges required and no user interaction needed. The risk is described as a loc...

7.8CVSS7.7AI score0.0015EPSS
CVE
CVE
added 2020/09/18 3:25 p.m.60 views

CVE-2020-0313

In CVE-2020-0313, the issue is in Android’s NotificationManagerService where an unsafe PendingIntent can bypass permissions, enabling local information disclosure with low requirements (local access, no user interaction). The vulnerability affects Android 11 and is characterized by a LOCAL attack...

5.5CVSS5.8AI score0.00159EPSS
CVE
CVE
added 2020/06/04 5:3 p.m.60 views

CVE-2020-13837

CVE-2020-13837 concerns Samsung mobile devices running Q(10.0). The issue is that the Lockscreen does not block access to Music Share via the Quick Panel, allowing potential exposure of Music Share controls or data when the device is locked. The Samsung Internal ID is SVE-2020-17145 (June 2020). ...

3.6CVSS4.3AI score0.00145EPSS
CVE
CVE
added 2021/06/21 4:1 p.m.60 views

CVE-2021-0526

CVE-2021-0526 concerns the Android memory management driver (MediaTek) with an out-of-bounds write caused by uninitialized data. The issue enables local escalation of privilege without extra execution privileges, and does not require user interaction. Multiple sources (NVD, Red Hat, CVE records, ...

7.8CVSS7.7AI score0.00118EPSS
CVE
CVE
added 2021/04/09 5:34 p.m.60 views

CVE-2021-25357

CVE-2021-25357 describes a pendingIntent hijacking vulnerability in Samsung’s Create Movie component, allowing unprivileged apps to access contact information. Affected releases cover Android 8.x (O) and 9.0 (P) with SMR APR-2021 Release 1, Android 10 (Q) version 3.4.81.1, and Android 11 (R) vers...

5.6CVSS5.3AI score0.00107EPSS
CVE
CVE
added 2022/08/11 3:11 p.m.60 views

CVE-2022-20260

CVE-2022-20260 affects the Android Phone app on Android 13. The issue is a resource-exhaustion induced crash loop that can cause local persistent DoS with user privileges and no user interaction needed. The vulnerability is tied to the Phone app’s handling leading to a crash under resource pressu...

5.5CVSS5.9AI score0.00098EPSS
CVE
CVE
added 2022/08/11 3:17 p.m.60 views

CVE-2022-20283

CVE-2022-20283 is a Bluetooth vulnerability in Android 13 where an integer overflow can cause an out-of-bounds write in the Bluetooth stack, enabling remote code execution with no privileges and no user interaction. The issue is evidenced by Android security notes and multiple CVE aggregations, w...

8.8CVSS8.8AI score0.0024EPSS
CVE
CVE
added 2022/08/11 3:18 p.m.60 views

CVE-2022-20287

CVE-2022-20287 affects Android 13, specifically the AppSearchManagerService. The issue lets a local attacker determine whether an app is installed without query permissions via a side-channel information disclosure, causing local information disclosure with no extra execution privileges needed. E...

5.5CVSS5.4AI score0.00095EPSS
CVE
CVE
added 2022/08/11 3:21 p.m.60 views

CVE-2022-20299

CVE-2022-20299 affects the Android 13 ContentService. The vulnerability stems from a missing permission check that allows checking if a given account exists on the device, leading to local information disclosure. Exploitation would require local access with user privileges but does not require us...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.60 views

CVE-2022-21778

The CVE-2022-21778 issue affects MediaTek’s vpu, where an incorrect bounds check can trigger information disclosure and potentially local privilege escalation. The vulnerability requires local access (attack vector: LOCAL), with no user interaction, and a high privileges requirement for exploitat...

6.7CVSS6.3AI score0.00132EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.60 views

CVE-2022-26448

CVE-2022-26448 affects the apusys component and is caused by a missing bounds check resulting in an out-of-bounds write. The vulnerability can lead to local privilege escalation with System privileges, and does not require user interaction to exploit. Patch ALPS07063849 (Issue ALPS07063849) is id...

6.7CVSS6.7AI score0.00101EPSS
CVE
CVE
added 2022/09/06 5:19 p.m.60 views

CVE-2022-26456

The vulnerability CVE-2022-26456 affects the vow component (MediaTek vow module) where symbolic link following can lead to local information disclosure with System execution privileges required. Exploitation does not require user interaction. The public entries consistently cite the Patch ID ALPS...

4.4CVSS4.3AI score0.00118EPSS
CVE
CVE
added 2022/07/11 1:31 p.m.60 views

CVE-2022-30751

CVE-2022-30751 affects SemWifiApClient before the Samsung SMR Jul-2022 Release 1. The issue is an improper access control in the sendDHCPACKBroadcast function that can let an attacker access the Wi-Fi AP client MAC address of devices connected via the WIFI_AP_STA_DHCPACK_EVENT action. Public sour...

3.3CVSS4AI score0.00094EPSS
CVE
CVE
added 2022/07/11 1:32 p.m.60 views

CVE-2022-30754

Summary: CVE-2022-30754 describes an implicit intent hijacking vulnerability in Samsung AppLinker. The issue allows an attacker to launch certain activities with the privileges of AppLinker due to insufficient restrictions on implicit intents. Affected component: Samsung AppLinker (on Samsung mob...

8.5CVSS7.5AI score0.00134EPSS
CVE
CVE
added 2022/12/05 12:0 a.m.60 views

CVE-2022-32622

CVE-2022-32622 involves a memory corruption in gz caused by a missing bounds check, leading to local escalation of privilege with System execution privileges required and no user interaction. The vulnerability is associated with gz and is supported by multiple connected records, which also refere...

6.7CVSS6.8AI score0.00131EPSS
CVE
CVE
added 2023/01/03 12:0 a.m.60 views

CVE-2022-32651

In mtk-aie, there is a use-after-free caused by a logic error that can lead to local escalation of privilege with System execution privileges required. Exploitation does not require user interaction. Patch ID ALPS07225857 (Issue ID ALPS07225857) is noted as the fix in the CVE record. Multiple con...

6.7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2022/07/11 1:34 p.m.60 views

CVE-2022-33693

The vulnerability CVE-2022-33693 affects Samsung Mobile CID Manager prior to the SMR July 2022 release, allowing a local attacker to access ICCID information via logs. The issue is described as an information disclosure originating from CID Manager logging behavior, with the impact limited to con...

2.3CVSS3.7AI score0.00099EPSS
CVE
CVE
added 2022/07/11 1:36 p.m.60 views

CVE-2022-33704

CVE-2022-33704 concerns an improper validation in KnoxSDK’s ucmRetParcelable prior to Samsung’s SMR Jul-2022 Release 1. The root cause is input validation failure in that function, which could allow an attacker to launch certain activities. Documents indicate remediation via Samsung’s Security Ma...

8.5CVSS7.5AI score0.00106EPSS
CVE
CVE
added 2022/09/09 2:39 p.m.60 views

CVE-2022-36860

The CVE-2022-36860 entry concerns a heap-based overflow in the LoadEnvironment function of the libSDKRecognitionText.spensdk.samsung.so library. Affected component: libSDKRecognitionText.spensdk.samsung.so; vulnerability type: heap-based overflow in LoadEnvironment; root cause: memory access faul...

7.8CVSS7.5AI score0.00101EPSS
CVE
CVE
added 2022/12/06 12:0 a.m.60 views

CVE-2022-39099

CVE-2022-39099: A missing permission check in the power management service enables setup of the service with no additional execution privileges required. CVSSv3.1 base metrics (LOCAL access, LOW privileges) indicate high impact on confidentiality, integrity, and availability. Connected sources co...

7.8CVSS7.5AI score0.00107EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.60 views

CVE-2022-39107

CVE-2022-39107 affects the Soundrecorder service (UNISOC-based devices per CNNVD/Red Hat lists) and is caused by a missing permission check, enabling local privilege escalation with low privileges and no user interaction. The NVD/PRION/CNNVD entries describe elevation of privilege without requiri...

7.8CVSS7.6AI score0.00107EPSS
CVE
CVE
added 2022/10/14 12:0 a.m.60 views

CVE-2022-39117

CVE-2022-39117 involves a missing permission check in the messaging service, enabling local information disclosure without additional execution privileges. Multiple connected sources (NVD/NVD-derived records, Red Hat, PRION, CNNVD, and others) describe the issue as a local confidentiality exposur...

8.1CVSS5.2AI score0.00133EPSS
CVE
CVE
added 2022/12/08 12:0 a.m.60 views

CVE-2022-39899

CVE-2022-39899 is an improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1. The issue can allow a local attacker to send input events via S Pen gestures due to insufficient authentication around the WindowManagerService. Affected software is Samsung...

5.7CVSS4.7AI score0.00097EPSS
CVE
CVE
added 2023/11/29 9:29 p.m.60 views

CVE-2022-42536

Chromecast security bulletin (ANDROID CHROMECAST-2023-07-01) documents CVE-2022-42536 as a remote code execution affecting Chromecast devices. The issue is categorized under AMLogic Secure Monitor with high severity (CVSSv3.1: 9.8, network vector, no user interaction). The bulletin confirms a fun...

9.8CVSS9.7AI score0.00474EPSS
Total number of security vulnerabilities8153