Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/02/08 3:0 p.m.59 views

CVE-2017-0441

CVE-2017-0441 is a Qualcomm Wi‑Fi driver elevation-of-privilege vulnerability affecting Android kernels (Kernel-3.10, Kernel-3.18). The connected documents describe a local attacker could run a malicious application to execute arbitrary code in the kernel context, after compromising a privileged ...

7.6CVSS6.6AI score0.00882EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.59 views

CVE-2017-0470

CVE-2017-0470 describes a remote code execution vulnerability in Android’s Mediaserver. A crafted media file could trigger memory corruption during media file/data processing, allowing code execution within the Mediaserver process. Affected Android versions include 6.0, 6.0.1, 7.0, and 7.1.1. The...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.59 views

CVE-2017-0482

CVE-2017-0482 is a denial-of-service vulnerability in Android’s Mediaserver. A specially crafted file could cause a device to hang or reboot. Affected products/versions per the provided sources include Android 6.0, 6.0.1, 7.0, and 7.1.1 (Android ID A-33090864). The DoS arises from issues within M...

7.1CVSS5.4AI score0.00616EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.59 views

CVE-2017-0506

CVE-2017-0506 describes an elevation of privilege in MediaTek components (M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver) that could allow a local malicious app to execute arbitrary code in the kernel context. The vulnerability is rated as Critical due to the r...

9.3CVSS7.3AI score0.00745EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.59 views

CVE-2017-0517

CVE-2017-0517 is an elevation-of-privilege flaw in the MediaTek hardware sensor driver on Android. A local, privileged process or application could cause the kernel to execute arbitrary code. Affected component: MediaTek hardware sensor driver (Android). Impact: kernel context compromise; high se...

7.6CVSS6.6AI score0.00725EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.59 views

CVE-2017-0688

CVE-2017-0688 is a denial-of-service vulnerability in the Android media framework. Affected product: Android. Affected versions (per initial doc): 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The connected documents corroborate a DoS risk in the media framework, with no explicit exploit details provided. The A...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.59 views

CVE-2017-0692

CVE-2017-0692 is a DoS vulnerability in the Android media framework affecting Android 4.4.4–7.1.2. The CNVD entry describes a remote attacker who can trigger a denial of service via a crafted input, specifically noting a denial via a null pointer backreference. The NVD entry for CVE-2017-0692 cor...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.59 views

CVE-2017-0704

CVE-2017-0704 affects Android System UI, with Elevation of Privilege in System UI on Android 7.1.1 and 7.1.2. The issue is documented as a System UI EoP vulnerability (CVE-2017-0704) and is listed in the 2017-07-01/07-05 Android security bulletins; patch levels address these issues. The vulnerabi...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.59 views

CVE-2017-0749

Technical details about CVE-2017-0749 are not publicly provided in the connected documents. The sources present only high-level descriptions (elevation of privilege in Android/Linux kernel). Monitor for updates from the vendors and security advisories.

7.8CVSS7.4AI score0.00902EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.59 views

CVE-2017-0757

CVE-2017-0757 is a remote code execution vulnerability in Android’s media framework (libavc) affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is categorized as RCE with high impact to confidentiality, integrity, and availability. The linked sources indicate the vulnerability exists ...

9.3CVSS7.9AI score0.01053EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.59 views

CVE-2017-0765

CVE-2017-0765 is a remote code execution vulnerability in Android’s media framework (libstagefright) affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0. The underlying issue is within the media framework’s handling of certain media files, as detailed by the NVD entry and multiple co...

9.3CVSS7.9AI score0.01053EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.59 views

CVE-2017-0766

CVE-2017-0766 is described as a remote code execution vulnerability in Android's media framework (libjhead), affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The CVSS3 vector suggests a Local attack vector with User Interaction required, though the CVE descriptio...

9.3CVSS8.2AI score0.01053EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.59 views

CVE-2017-0797

CVE-2017-0797 is a MediaTek accessory detector driver elevation-of-privilege vulnerability in Android kernels. The issue affects the MediaTek accessory detector driver within the Android kernel, enabling local privilege escalation to a privileged context (high impact per CVSS). The vulnerability ...

9.3CVSS8AI score0.00414EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.59 views

CVE-2017-0817

CVE-2017-0817 is an information-disclosure vulnerability in the Android media framework (libstagefright). Affected products/versions, per sources, include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID A-63522430). The NVD CVSS data indicate a network-exposed issu...

7.5CVSS6.8AI score0.00777EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.59 views

CVE-2017-0822

CVE-2017-0822 is an Android camera elevation-of-privilege vulnerability affecting Android versions 6.0.1, 7.0, 7.1.1, 7.1.2 and 8.0. The connected documents confirm the vulnerability but do not provide concrete exploit details, affected component specifics beyond the camera subsystem, or remediat...

9.8CVSS8.4AI score0.00595EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.59 views

CVE-2017-0830

CVE-2017-0830 is an Elevation of Privilege vulnerability in the Android framework (device policy client) affecting Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The NVD entry lists a high-severity impact with LOCAL attack vector, requiring user interaction, and a base CVSSv3 score of 7.8. The a...

9.3CVSS7.4AI score0.00433EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.59 views

CVE-2017-0871

CVE-2017-0871 is an elevation of privilege vulnerability in the Android framework (framework base) affecting Android 8.0. The issue is described as a local elevation of privilege in the framework base; no public exploit details are provided in the consulted documents. The Android Security Bulleti...

7.8CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.59 views

CVE-2017-0877

CVE-2017-0877 describes a remote code execution vulnerability in the Android media framework (libavc) affecting Android 6.0. The issue is triggered via a specially crafted file, allowing an attacker to execute code in the context of a privileged process. The vulnerability is categorized as Media ...

9.3CVSS8.4AI score0.01437EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.59 views

CVE-2017-10999

CVE-2017-10999 concerns the Qualcomm IPA (IP Multimedia Architecture) driver in Android CAF builds on the Linux kernel. The issue arises when concurrent calls into RMNET_IOCTL_ADD_MUX_CHANNEL in the IPA WAN driver may lead to memory corruption due to missing synchronization locks. The vulnerabili...

7.8CVSS8AI score0.00368EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.59 views

CVE-2017-11013

CVE-2017-11013 is a Qualcomm WLAN/Android kernel vulnerability where countOffset in UnpackCore increments per loop without bounds checking pIe->arraybound. Documented as a Remote Code Execution in the Qualcomm WLAN driver affecting CAF Android kernel builds; exploitation could occur via crafte...

9.3CVSS7.2AI score0.00599EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.59 views

CVE-2017-11015

CVE-2017-11015 affects Android MSM, Firefox OS for MSM, and QRD Android builds (CAF Linux kernel). The issue is that SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128, while the frame parser allows challenge text up to 253 bytes, and the driver cannot handle >128 bytes. This mismatch can lead to a b...

9.3CVSS7.3AI score0.00502EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.59 views

CVE-2017-11022

CVE-2017-11022 affects Android-based MSM platforms (Android for MSM, Firefox OS for MSM, QRD Android) with CAF Linux kernel. The issue is that probe requests from a user’s device may reveal information elements that specify supported Wi‑Fi features, creating a potential privacy exposure if sniffe...

5.3CVSS5.5AI score0.0034EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.59 views

CVE-2017-11041

CVE-2017-11041 affects Qualcomm LibOmxVenc in Android CAF/Linux-kernel builds. The issue is listed as a remote-code-execution vulnerability (RCE) with Critical severity, arising from a buffer-management flaw that could allow exploitation via a specially crafted file. Android security bulletins fl...

9.3CVSS7.5AI score0.00526EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.59 views

CVE-2017-11060

CVE-2017-11060 is a buffer overread vulnerability affecting Android for MSM, Firefox OS for MSM, and QRD Android builds that use CAF Linux kernels. The issue occurs during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST ven...

7.5CVSS7.3AI score0.00514EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.59 views

CVE-2017-13149

CVE-2017-13149 is a confirmed information-disclosure vulnerability in the Android media framework affecting Google Pixel/Nexus devices. Affected components: Media framework; affected Android versions include 7.0, 7.1.1, 7.1.2, and 8.0. The issue is categorized as information disclosure with moder...

9.1CVSS8.2AI score0.00462EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.59 views

CVE-2017-13164

The CVE-2017-13164 entry is an information disclosure vulnerability in the Android kernel Binder driver. Affected component: Android kernel (Binder). Root cause and details are limited in the provided documents, but the NVD entry assigns a Confidentiality impact of PARTIAL (CVSSv2) and HIGH (CVSS...

7.5CVSS6.9AI score0.00431EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.59 views

CVE-2017-13218

The CVE-2017-13218 entry documents a side-channel information-disclosure vulnerability caused by access to CNTVCT_EL0 in various ARM-based devices (e.g., Small Cell SoC, Snapdragon lines). Affected components include listed CPUs/SoCs (FSM9055, IPQ4019, IPQ8064, MDM9xxx, SD series, etc.) and relat...

4.7CVSS5.5AI score0.00235EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.59 views

CVE-2017-13250

CVE-2017-13250 affects Android and targets the media decoding path in ih264d_utils.c, specifically ih264d_fmt_conv_420sp_to_420p. The root cause is an out-of-bounds write caused by a multiplication error, enabling remote code execution with user interaction required on affected builds. Affected v...

9.3CVSS7.9AI score0.01113EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.59 views

CVE-2017-13251

CVE-2017-13251 affects Android's Media framework, with the issue located in impeg2d_dec_pic_data_thread() inside impeg2d_dec_hdr.c. The root cause is a missing bounds check that enables an out-of-bounds write. The documented impact is local elevation of privilege when running multi-threaded, with...

9.3CVSS7.7AI score0.00593EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.59 views

CVE-2017-13282

CVE-2017-13282 affects Android where in the function avrc_ctrl_pars_vendor_rsp (file avrc_pars_ct.cc) a missing bounds check can cause a stack buffer overflow. The flaw could allow remote code execution with no privileges or user interaction required, affecting Android versions 7.0, 7.1.1, 7.1.2,...

10CVSS9AI score0.01725EPSS
CVE
CVE
added 2024/11/15 9:36 p.m.59 views

CVE-2017-13310

The CVE-2017-13310 issue is described as a read/write serialization bug in ViewPager.java.createFromParcel, causing a permissions bypass and enabling local escalation of privilege (an app could start an activity with system privileges without extra execution privileges). The vulnerability affects...

7.8CVSS6.8AI score0.00074EPSS
CVE
CVE
added 2025/01/28 4:50 p.m.59 views

CVE-2017-13317

CVE-2017-13317 involves a possible out-of-bounds read in HeifDecoderImpl::getScanline (HeifDecoderImpl.cpp) due to improper input validation. The issue could lead to remote information disclosure with no additional execution privileges required; exploitation requires user interaction. Connected s...

5.7CVSS6.3AI score0.00131EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.59 views

CVE-2017-14907

CVE-2017-14907 describes a cryptographic weakness in Android for MSM, Firefox OS for MSM, and QRD Android builds aligned with CAF Linux kernel, caused by a flaw in deriving the disk encryption key that reduces cryptographic strength. Publicly documented as a critical encryption bug affecting Qual...

10CVSS8.7AI score0.00473EPSS
CVE
CVE
added 2017/06/29 3:0 p.m.59 views

CVE-2017-3748

CVE-2017-3748 concerns Lenovo VIBE phones with improper access controls in the nac_server component. The issue, described as enabling privilege escalation to root when used in conjunction with CVE-2017-3749 and CVE-2017-3750, affects Android devices running affected Lenovo software. The connected...

7.8CVSS6.3AI score0.00165EPSS
CVE
CVE
added 2020/04/08 2:43 p.m.59 views

CVE-2018-21087

CVE-2018-21087 affects Samsung mobile devices running L(5.x), M(6.x), and N(7.x) software. The vulnerability is a heap-based overflow in the vnswap path reached via the store function, leading to privilege escalation. Affected component/function: vnswap heap allocation/overflow within the store o...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2024/11/27 10:5 p.m.59 views

CVE-2018-9351

The CVE-2018-9351 issue affects the ih264e_fmt_conv_420p_to_420sp function in ih264e_fmt_conv.c, where a missing bounds check allows an out-of-bounds read. This can lead to a remote denial of service with no extra privileges required, and user interaction is needed to exploit. Connected records (...

6.5CVSS8.8AI score0.00262EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.59 views

CVE-2018-9356

CVE-2018-9356 affects Android, with a vulnerability in bnep_data_ind of bnep_main.c that allows remote code execution via a double free. The issue is exploitable over the network without user interaction and could grant full compromise of the device, as indicated by CVSS metrics (high/critical im...

10CVSS8.8AI score0.03246EPSS
CVE
CVE
added 2024/11/19 7:13 p.m.59 views

CVE-2018-9366

CVE-2018-9366 affects Google/Android devices with the MediaTek IMSA component. In IMSA_Recv_Thread and VT_IMCB_Thread (IMSAClient.cpp and VideoTelephony.c), an out-of-bounds write due to an integer overflow is described, leading to local escalation of privilege with no user interaction required. ...

7.8CVSS6.9AI score0.0009EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.59 views

CVE-2018-9367

CVE-2018-9367 describes a potential out-of-bounds write in the MediaTek Cameratool CCAP component (function FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS within Meta_CCAP_Para.cpp). The underlying issue is improper input validation, which could enable local escalation of privilege with no additional exe...

7.8CVSS6.9AI score0.0009EPSS
CVE
CVE
added 2024/11/19 7:20 p.m.59 views

CVE-2018-9370

CVE-2018-9370 affects the MediaTek bootloader in the Android platform, describing a vulnerability in download.c where a special mode allows data to be downloaded into memory with missing bounds checks, leading to possible memory corruption and local escalation of privilege. The exploitation requi...

7.8CVSS6.9AI score0.0009EPSS
CVE
CVE
added 2024/12/02 8:59 p.m.59 views

CVE-2018-9376

CVE-2018-9376 affects the Mediatek ECCCI Port RPC kernel code (drivers/misc/mediatek/eccci/port_rpc.c). The root cause is an incorrect bounds check that can lead to an out-of-bounds write. This may allow local escalation of privilege with System execution privileges, and exploitation does not req...

7.8CVSS6.5AI score0.00083EPSS
CVE
CVE
added 2024/12/02 7:56 p.m.59 views

CVE-2018-9381

CVE-2018-9381 affects the gatt_sr.c component, specifically the gatts_process_read_by_type_req path, where uninitialized data can cause information disclosure. The issue enables remote information disclosure without additional execution privileges and requires no user interaction. Publicly disclo...

7.5CVSS6.5AI score0.00243EPSS
CVE
CVE
added 2024/12/04 5:19 p.m.59 views

CVE-2018-9394

The CVE-2018-9394 entry concerns the MediaTek MTK P2P driver: mtk_p2p_wext_set_key in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c. The vulnerability is an out-of-bounds (OOB) write caused by improper input validation, enabling local privilege escalation with System execution pr...

7.8CVSS6.8AI score0.00084EPSS
CVE
CVE
added 2025/01/17 11:16 p.m.59 views

CVE-2018-9406

CVE-2018-9406 concerns a vulnerability in NlpService where a missing permission check could allow access to location information, enabling local privilege escalation without additional execution privileges. The exploit requires only local access and does not require user interaction. Affected com...

5.5CVSS8.6AI score0.00093EPSS
CVE
CVE
added 2024/12/02 9:30 p.m.59 views

CVE-2018-9426

CVE-2018-9426 summary (concrete details from connected docs) Root cause: In RSAKeyPairGenerator.getNumberOfIterations (RSAKeyPairGenerator.java), an incorrect implementation can produce weak RSA key pairs. Impact: Crypto vulnerability with no additional execution privileges; no user interaction r...

7.5CVSS6.8AI score0.00243EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.59 views

CVE-2018-9502

CVE-2018-9502 affects Android devices via the Bluetooth stack. The entry describes an out-of-bounds read in the Bluetooth component, triggered in the function/area rfc_process_mx_message of rfc_ts_frames.cc , caused by a missing bounds check. This leads to possible remote information disclosure i...

6.5CVSS6.1AI score0.01208EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.59 views

CVE-2018-9550

CVE-2018-9550 : In CAacDecoder_Init of aacdecoder.cpp, Android 9 contains an out-of-bounds write leading to remote code execution. Exploitation requires user interaction. This is a Media Framework RCE issue reported in the Android 2018-12 bulletin; patches at the 2018-12-01/2018-12-05 levels addr...

9.3CVSS7.9AI score0.01246EPSS
CVE
CVE
added 2019/04/19 7:38 p.m.59 views

CVE-2019-2034

CVE-2019-2034 : In rw_i93_sm_read_ndef of rw_i93.cc, an integer overflow can trigger an out‑of‑bounds write, enabling local elevation of privilege in the NFC process. Affected Android versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9. Exploitation requires user interaction. Documents indicate a local code...

7.8CVSS7.7AI score0.00485EPSS
CVE
CVE
added 2019/05/08 4:24 p.m.59 views

CVE-2019-2045

CVE-2019-2045 is an Android RCE vulnerability in the JSCallTyper of typer.cc caused by an out-of-bounds write due to an incorrect bounds check. It affects Android 7.0 (7.0) through 9 (7.1.2, 8.1, 9) per the records. The issue could allow a remote attacker to execute code with the privileges of a ...

10CVSS9.3AI score0.01362EPSS
CVE
CVE
added 2020/03/24 7:13 p.m.59 views

CVE-2019-20602

CVE-2019-20602 affects Samsung mobile devices running N(7.x), O(8.0), and P(9.0) on Qualcomm chipsets. The issue is a NULL pointer dereference in the Authnr Trustlet, identified by Samsung as SVE-2019-13949 (May 2019). Connected sources confirm the affected components and root cause but do not pr...

7.5CVSS7.6AI score0.00514EPSS
Total number of security vulnerabilities8153