8153 matches found
CVE-2022-42779
CVE-2022-42779 affects the WLAN driver (notably in UNISOC-based chipsets) where a missing bounds check can cause local denial of service in WLAN services. The NVD entry cites a CVSS v3.1 base score of 5.5 (MEDIUM) with LOCAL attack vector, LOW attack complexity, LOW privileges required, no user i...
CVE-2022-47348
CVE-2022-47348 describes a missing permission check in engineermode services, enabling local denial of service. The vulnerability affects engineermode components (local privilege context) with local attack vector and low/none privilege requirements per CVSS vectors. Exploitation status is not det...
CVE-2022-47361
In CVE-2022-47361, the issue is a missing permission check in the firewall service, enabling local privilege escalation to system execution privileges. The vulnerability is described across multiple sources with a CVSS v3.1 base score of 7.8 (LOCAL attack vector, LOW exploit complexity, LOW privi...
CVE-2022-47368
CVE-2022-47368 affects the wlan driver and stems from a missing parameters check in the driver code, which could enable a local denial of service in wlan services. The impact is a local DoS; exploitation and vendor/version details are not provided in the supplied documents. No patch/version fix i...
CVE-2022-47453
CVE-2022-47453 affects the wcn service , with the root cause stated as a missing parameter check. The consequence described is a local denial of service in the wcn service. The connected documents confirm the issue but do not provide specific vendor/version details or a confirmed patch/fix. No ex...
CVE-2022-47455
CVE-2022-47455 relates to the UNISOC WLAN driver, where a missing parameter check in the WLAN subsystem can cause local denial of service to WLAN services. Affected software is described as the WLAN driver in UNISOC chipsets; the root cause is a lack of validation for input parameters. The CVE no...
CVE-2022-47458
CVE-2022-47458 affects the UNISOC chipsets WLAN module (wlan driver) with a vulnerability caused by missing parameter checks. This can lead to local denial of service in the WLAN service. The connected documents confirm the root cause is parameter validation issues and indicate local exploitation...
CVE-2023-20731
CVE-2023-20731 affects the MediaTek WLAN component. The root cause is a missing bounds check that enables an out-of-bounds read, leading to local information disclosure with System execution privileges required. User interaction is not needed. Patch ID ALPS07573495 (Issue ALPS07573495) is listed ...
CVE-2023-20736
CVE-2023-20736 affects the vcu component. The vulnerability is an out-of-bounds write caused by a race condition, enabling local escalation of privilege with System execution privileges required and no user interaction. A patch is referenced: ALPS07645149 (Issue ALPS07645189). Exploitation detail...
CVE-2023-20800
CVE-2023-20800 affects MediaTek imgsys. The vulnerability is a missing pointer check in the imgsys component that can cause a system crash and enable local escalation of privilege with system execution privileges required. Exploitation requires user interaction. A patch exists (Patch ID: ALPS0742...
CVE-2023-20826
CVE-2023-20826 describes a vulnerability in the CTA component where a missing permission check allows local information disclosure without additional execution privileges. Exploitation is not dependent on user interaction listed in the report, and the issue is classified with a LOCAL attack vecto...
CVE-2023-21312
CVE-2023-21312 affects Android's IntentResolver, enabling cross-user media read via a confused deputy and resulting in local information disclosure without extra privileges. Exploitation is described as non-interactive and local, with no user interaction required and no remote access. There are m...
CVE-2023-21336
CVE-2023-21336 concerns an information disclosure vulnerability in Android’s Input Method, where side-channel information can reveal whether an app is installed without query permissions. The issue is described as a local information disclosure with no extra execution privileges required, and exp...
CVE-2023-21355
CVE-2023-21355 affects the Android libaudioclient component. The issue is an out-of-bounds write caused by a use-after-free, leading to a possible local escalation of privilege. No extra execution privileges are required, and exploitation does not require user interaction. The description indicat...
CVE-2023-32827
CVE-2023-32827 concerns the camera middleware in MediaTek devices, where a missing input validation can cause an out-of-bounds write. The vulnerability enables local escalation of privilege with System-level execution privileges; exploitation is reported as not requiring user interaction. Public ...
CVE-2023-40649
CVE-2023-40649 concerns a missing permission check in the Messaging component, leading to local information disclosure without requiring additional execution privileges. The Red Hat/NVD entries reiterate the same issue: an information-disclosure risk arising from insufficient access control withi...
CVE-2023-42640
Technical details are not publicly provided in the supplied documents. Monitor for updates from vendors and CVEs to confirm affected products, root cause, and remediation.
CVE-2024-20048
CVE-2024-20048 (flashc) : An uncaught exception in the flashc module can lead to information disclosure with local execution privileges required. The impact is on confidentiality (high) and exploitation is local with no user interaction required. Affected component: flashc. remediation exists: pa...
CVE-2024-20079
The CVE-2024-20079 entry concerns the gnss service with an out-of-bounds write caused by improper input validation. The vulnerability could allow local escalation of privilege with system execution privileges, and exploitation does not require user interaction. A patch is referenced (ALPS08044040...
CVE-2025-20651
CVE-2025-20651 describes a potential out-of-bounds read caused by a missing bounds check in the affected component (described only as part of an unspecified implementation) that could lead to local information disclosure. Exploitation requires physical access to the device and user interaction; t...
CVE-2025-48633
CVE-2025-48633 concerns a logic error in Android Framework related to DevicePolicyManagerService.hasAccountsOnAnyUser, enabling a local attacker to add a Device Owner after provisioning and escalate privileges without user interaction. Connected sources (EUVD-2025-201737; Android Security Bulleti...
CVE-2011-2344
The CVE concerns Android Picasa in Android 3.0 and 2.x through 2.3.4, where authToken is transmitted over cleartext HTTP from ClientLogin. This allowed remote attackers to sniff tokens from connections to picasaweb.google.com, enabling privilege escalation to access private pictures and web album...
CVE-2014-9885
CVE-2014-9885 is a format-string vulnerability in the Qualcomm qpnp-adc-tm.c driver (drivers/thermal) used on Nexus 5 devices running Android versions before 2016-08-05. A crafted app can supply format specifiers in a name to escalate privileges. The issue is documented in multiple sources (e.g.,...
CVE-2014-9927
Technical details about CVE-2014-9927 are not publicly provided in the connected documents. The entries reiterate a buffer copy issue but do not specify affected product versions, root cause specifics, impact, or available fixes. Monitor for updates from vendors.
CVE-2014-9931
CVE-2014-9931 is a buffer overflow in CAF Linux kernel used by Android; triggered when an OEM customizes app region size due to a hard-coded value. Exploitation is local with user interaction; impact is high on confidentiality, integrity, and availability. No remediation details provided in the s...
CVE-2014-9961
CVE-2014-9961 is disclosed for Android builds from CAF that use the Linux kernel, describing a vulnerability in eMMC write protection that can be exploited to bypass power-on write protection. The issue is exploitable locally (attack vector: local) with user interaction potentially required, and ...
CVE-2015-3877
CVE-2015-3877 concerns Skia used in Android before 5.1.1 LMY48T. A vulnerability in libskia/media processing can allow a remote attacker to cause memory corruption, enabling remote code execution or a denial of service via a specially crafted media file. The issue is described as a remote-code-ex...
CVE-2015-7717
Technical details (affected products, root cause, CVSS, fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2015-8593
CVE-2015-8593 describes a buffer overflow in the 1x call processing of Qualcomm components used in Android CAF releases running the Linux kernel. The entry indicates a high-severity issue (CVSSv3: 9.8, CRITICAL) with network access, no user interaction, and no privileges required, potentially imp...
CVE-2016-0803
CVE-2016-0803 affects libstagefright in Android mediaserver (Mediaserver) by vulnerable memory allocation in the SoftMPEG4Encoder and SoftVPXEncoder components. A crafted media file can trigger remote code execution or memory corruption. Affected: Android 4.x before 4.4.4; 5.x before 5.1.1 LMY49G...
CVE-2016-11039
CVE-2016-11039 affects Samsung mobile devices running KK/4.4, L/5.0–5.1, and M/6.0 (AP + CP MDM9x35 or Qualcomm Onechip). The issue is a NULL pointer dereference in the IPC socket code, as described by multiple sources (e.g., Red Hat and NVD records). Impact is indicated as HIGH with potential av...
CVE-2016-11041
The CVE-2016-11041 issue affects Samsung mobile devices on KK (Android 4.4). Affected component: the lockscreen handling; root cause: attackers can bypass the lockscreen by sending an AT command over USB. This vulnerability is documented across multiple sources (Red Hat, NVD, CVE List) with consi...
CVE-2016-2419
CVE-2016-2419 affects mediaserver (Android 6.x) where media/libmedia/IDrm.cpp does not initialize a key-request data structure, enabling information disclosure from process memory and bypass of an unspecified protection mechanism via unspecified vectors, with the attack demonstrated by obtaining ...
CVE-2016-2435
CVE-2016-2435 affects the NVIDIA video driver in Android on Nexus 9 devices prior to 2016-05-01. The issue allows a local attacker to escalate privileges via a crafted application (elevation of privilege in the NVIDIA video driver). Root cause: vulnerability in the NVIDIA video driver components ...
CVE-2016-2441
Technical details for CVE-2016-2441 are not publicly provided in the connected documents. The initial description only notes privilege escalation via the Qualcomm buspm driver on Nexus devices. Monitor for updates.
CVE-2016-2463
CVE-2016-2463 affects Android Mediaserver’s libstagefright h264dec, where multiple integer overflows in the media parsing path can trigger memory corruption. The issue permits remote code execution or denial of service when processing crafted video files. Vulnerable Android versions include 4.x u...
CVE-2016-3815
CVE-2016-3815 concerns the NVIDIA camera driver in Android (notably on Nexus 9). The connected NVIDIA bulletin entry specifies a kernel camera driver issue described as a stack read of a user-controlled length, which can disclose sensitive information to a crafted app. The associated details plac...
CVE-2016-6492
CVE-2016-6492: In MediaTek's Linux driver, MT6573FDVT_SetRegHW (camera_fdvt.c) allows local privilege escalation via MT6573FDVTIOC_T_SET_FDCONF_CMD ioctl. The issue stems from input handling: code copies user data into a local buffer with copy_from_user, testing pREGIO->u4Count length without ...
CVE-2016-6701
CVE-2016-6701 refers to a remote code execution vulnerability in libskia used by Android 7.0 that can be triggered by processing specially crafted media/data files, causing memory corruption within the Gallery context. The issue is described as high severity with a CVSS v3 base score of 7.8 (LOCA...
CVE-2016-6712
The CVE-2016-6712 entry describes a remote denial-of-service flaw in libvpx used by Mediaserver on Android. A specially crafted file can cause a device to hang or reboot. Affected Android platforms include 4.x (pre-4.4.4), 5.0.x (pre-5.0.2), 5.1.x (pre-5.1.1), and 6.x (pre-2016-11-01). The availa...
CVE-2016-6784
CVE-2016-6784 is an elevation of privilege vulnerability in the MediaTek driver affecting Android. The MediaTek driver could allow a local malicious application to execute arbitrary code in the kernel context. The issue is classified as High because exploitation requires compromising a privileged...
CVE-2016-8481
CVE-2016-8481 describes an elevation of privilege vulnerability in the Qualcomm sound driver on Android. A local malicious application could potentially execute arbitrary code in the kernel context if it first compromises a privileged process. The issue affects Android devices with affected kerne...
CVE-2016-8487
CVE-2016-8487 describes an elevation of privilege vulnerability in Qualcomm closed source components used by the Android kernel. Affected software: Android kernel on devices with Qualcomm components. Root cause: privilege escalation within Qualcomm’s closed-source code. Impact: as per CVSS, allow...
CVE-2017-0340
CVE-2017-0340 is an elevation of privilege in the NVIDIA Libnvparser component for Android, caused by a memcpy into a fixed-size buffer with user-controlled size that can lead to memory corruption and possible remote code execution. The entry is rated HIGH (CVSSv3 7.8, CVSSv2 9.3) and has no expl...
CVE-2017-0385
CVE-2017-0385 is an elevation-of-privilege vulnerability in Android’s Audioserver that could allow a local attacker to execute arbitrary code in the context of a privileged process. The issue affects Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected documents confirm...
CVE-2017-0405
CVE-2017-0405 is a remote code execution vulnerability in Android’s SurfaceFlinger. The issue allows an attacker to trigger memory corruption by processing a specially crafted media file, within the SurfaceFlinger context. Affected products/versions stated in the documents are Android 7.0 and 7.1...
CVE-2017-0419
The CVE-2017-0419 entry concerns Android Audioserver. A local elevation-of-privilege flaw could allow a malicious local app to execute arbitrary code within the context of a privileged process. Affected products include Android versions 4.4.4 through 7.1.1. The issue’s root cause is described as ...
CVE-2017-0437
CVE-2017-0437 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android. The issue could allow a local malicious app to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver, with the Android kernel versions cited as Kernel-3.10 and Kernel-3...
CVE-2017-0441
CVE-2017-0441 is a Qualcomm Wi‑Fi driver elevation-of-privilege vulnerability affecting Android kernels (Kernel-3.10, Kernel-3.18). The connected documents describe a local attacker could run a malicious application to execute arbitrary code in the kernel context, after compromising a privileged ...
CVE-2017-0470
CVE-2017-0470 describes a remote code execution vulnerability in Android’s Mediaserver. A crafted media file could trigger memory corruption during media file/data processing, allowing code execution within the Mediaserver process. Affected Android versions include 6.0, 6.0.1, 7.0, and 7.1.1. The...