Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2025/09/05 4:10 p.m.59 views

CVE-2025-32318

CVE-2025-32318: A heap buffer overflow in Skia can cause an out-of-bounds write, enabling remote elevation of privilege with no user interaction. CVSSv3.1: 8.8 (Network, Low evidence required, Privileges Low, Confidentiality/Integrity/Availability High). Android 16 security notes classify this en...

8.8CVSS7.1AI score0.00278EPSS
CVE
CVE
added 2011/10/03 3:0 p.m.58 views

CVE-2011-3975

CVE-2011-3975 involves an HTC update for Android 2.3.4 (build GRJ22) used with Sense on HTC EVO 3D, EVO 4G, ThunderBolt, and other devices. The HtcLoggers.apk component is exposed via android.permission.INTERNET and can be leveraged by user-assisted remote attackers to extract sensitive data, inc...

2.6CVSS6.8AI score0.01034EPSS
CVE
CVE
added 2013/05/29 10:0 a.m.58 views

CVE-2013-3666

CVE-2013-3666 affects LG’s Hidden Menu component on Android for the LG Optimus G E973. The vulnerability allows physically proximate attackers to execute shell commands by entering USB Debugging mode and using adb to establish a USB connection, dialing 3845#*973#, navigating to WLAN Test > Wi‑...

7.2CVSS7.9AI score0.00199EPSS
CVE
CVE
added 2018/05/02 3:0 p.m.58 views

CVE-2013-6272

The CVE-2013-6272 issue affects Google Android 4.1.1–4.4.2, involving the NotificationBroadcastReceiver in the com.android.phone process. The underlying flaw lets a crafted app bypass access restrictions to initiate calls, dial USSD/MMI codes, or hang up calls. Reported exploitation shows potenti...

7.8CVSS7.3AI score0.01473EPSS
CVE
CVE
added 2014/07/02 1:0 a.m.58 views

CVE-2014-3100

The CVE-2014-3100 issue is a stack-based buffer overflow in Android 4.3’s KeyStore service (encode_key in /system/bin/keystore) that allows arbitrary code execution and may leak sensitive key information or bypass cryptographic operation restrictions when handling an overly long key name. The vul...

5.1CVSS7.5AI score0.01757EPSS
Web
CVE
CVE
added 2016/07/11 1:0 a.m.58 views

CVE-2014-9780

The CVE-2014-9780 issue affects the Qualcomm mdp3_ctrl.c driver in Android before 2016-07-05 on Nexus 5, 5X, and 6P. It does not validate start and length values, enabling local privilege escalation via a crafted app. Root cause: improper input validation in the MDSS hardware block. Impact stated...

9.3CVSS7.5AI score0.00571EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.58 views

CVE-2014-9972

CVE-2014-9972 affects Qualcomm products used in Android devices that run CAF Android builds with the Linux kernel. The issue arises when assertions are disabled, which can lead to a NULL pointer dereference during an out-of-memory condition. The description in the provided documents attributes th...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.58 views

CVE-2015-3823

CVE-2015-3823 concerns libstagefright in Android versions before 5.1.1 LMY48T. A crafted media file can cause memory corruption in mediaserver, enabling remote code execution or a denial of service. The NVD description notes remote code execution and memory corruption via specially crafted files ...

10CVSS7.8AI score0.022EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.58 views

CVE-2015-3870

CVE-2015-3870 affects Android’s libstagefright prior to 5.1.1 LMY48T. In these builds, processing a specially crafted media file could allow a remote attacker to execute arbitrary code or cause a denial of service via memory corruption in the mediaserver. The vulnerability stems from libstagefrig...

10CVSS7.8AI score0.022EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.58 views

CVE-2015-3873

CVE-2015-3873 affects libstagefright in Android versions before 5.1.1 LMY48T. The issue is a memory corruption vulnerability in libstagefright triggered by processing a crafted media file, enabling remote code execution or a denial of service. The description references multiple internal bug IDs ...

10CVSS7.8AI score0.022EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.58 views

CVE-2015-6596

Technical details for CVE-2015-6596 are not publicly provided in the connected documents. The initial entry notes privileges via crafted apps in Android before 5.1.1, but no vendor/version-specific technical details, fixes, or exploitation information are included here. Monitor for updates.

9.3CVSS6.7AI score0.00618EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.58 views

CVE-2015-6621

CVE-2015-6621 affects Android SystemUI on 5.x prior to 5.1.1 LMY48Z and 6.0 prior to 2015-12-01. A crafted app can escalate privileges to Signature/SignatureOrSystem due to the SystemUI bug 23909438. The vulnerability is documented across NVD/CVE lists and is addressed by the December 2015 Androi...

9.3CVSS6.8AI score0.00591EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.58 views

CVE-2015-8074

CVE-2015-8074 affects Android mediaserver prior to 5.1.1 LMY48X. The vulnerability allows remote attackers to obtain sensitive information and bypass an unspecified protection mechanism via unknown vectors, tied to internal bugs 23540907 and 23515142. This entry is distinguished from CVE-2015-661...

5CVSS6.6AI score0.00945EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.58 views

CVE-2015-8995

CVE-2015-8995 describes an integer overflow vulnerability in TrustZone that could affect all Android releases from CAF using the Linux kernel. The connected NVD entry attributes this to the TrustZone component, noting potential impacts to confidentiality, integrity, and availability (CVSS base me...

9.3CVSS7.6AI score0.00606EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.58 views

CVE-2016-0806

The CVE-2016-0806 issue affects the Qualcomm Wi‑Fi driver in the Android kernel, enabling local privilege escalation via a crafted application. Affected platforms include Android 4.x up to 4.4.4, 5.x up to 5.1.1 LMY49G, and 6.x prior to 2016-02-01. The root cause is the Qualcomm Wi‑Fi driver’s ha...

8.4CVSS8AI score0.00207EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.58 views

CVE-2016-0816

The CVE-2016-0816 issue affects mediaserver on Android 6.x (before March 1, 2016). The vulnerability allows remote code execution or memory corruption via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c (internal bug 25928803). Affects the Mediaser...

10CVSS8.8AI score0.02822EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.58 views

CVE-2016-10391

CVE-2016-10391 affects Qualcomm Wconnect in Android CAF builds using the Linux kernel. The root cause is insufficient validation of HCI command length, enabling a remote attacker to trigger unauthorized operations. CVSSv3 is reported as 9.8 (CRITICAL). The issue is discussed in multiple sources; ...

10CVSS8AI score0.00836EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.58 views

CVE-2016-2468

CVE-2016-2468 affects the Qualcomm GPU driver in Android prior to 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7. A local attacker could gain privileges by exploiting a vulnerability in the GPU driver via a crafted application (internal bug 27475454). The issue is categorized as Elevation of Privilege w...

9.3CVSS7.6AI score0.00762EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.58 views

CVE-2016-2485

CVE-2016-2485 affects Android 4.x/5.x/6.x where libstagefright in mediaserver fails to validate OMX buffer sizes for GSM and G711 codecs, enabling privilege escalation via a crafted app (Signature or SignatureOrSystem). Affected Android versions include 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x...

9.3CVSS8.2AI score0.00419EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.58 views

CVE-2016-3758

CVE-2016-3758 affects Android’s DexClassLoader (libdex/OptInvocation.cpp). The issue is described as multiple buffer overflows that allow attackers to gain privileges via a crafted application providing a long filename. Affected are Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1...

9.3CVSS7.6AI score0.00444EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.58 views

CVE-2016-3852

The CVE-2016-3852 entry describes an information-disclosure vulnerability in the MediaTek Wi‑Fi driver on Android One devices prior to the 2016-08-05 patch. The issue arises in the MediaTek Wi‑Fi driver (Android/Open Android bug 29141147; MediaTek ALPS02751738) and could allow a crafted applicati...

5.5CVSS5.5AI score0.00344EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.58 views

CVE-2016-8447

CVE-2016-8447 describes an elevation-of-privilege vulnerability in MediaTek components (thermal and video drivers) that could allow a locally running malicious app to execute arbitrary code in the kernel context on Android. The issue requires compromising a privileged process to exploit, and is r...

7.6CVSS7AI score0.00548EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2016-8480

CVE-2016-8480 is an elevation-of-privilege issue in the Qualcomm Secure Execution Environment Communicator driver on Android. It could allow a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. Affected components/conditions: Andro...

7.6CVSS6.7AI score0.00818EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2017-0416

CVE-2017-0416 affects Android: an elevation of privilege in the Audioserver could allow a local malicious app to execute arbitrary code in the context of a privileged process. Affected software is Android, with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The description documents th...

9.3CVSS7.2AI score0.00911EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2017-0442

CVE-2017-0442 describes an elevation-of-privilege in the Qualcomm Wi‑Fi driver on Android, allowing a local malicious app to execute arbitrary code in the kernel context. The vulnerability, affecting Android devices with Qualcomm Wi‑Fi components, is mitigated by requiring compromise of a privile...

7.6CVSS6.6AI score0.00863EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.58 views

CVE-2017-0450

CVE-2017-0450 describes an elevation-of-privilege vulnerability in Android’s Audioserver that could allow a local malicious application to execute arbitrary code within the context of a privileged process. Root cause is a privilege escalation in Audioserver; impact is local code execution in a pr...

9.3CVSS7AI score0.00884EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0473

CVE-2017-0473 detail (Android/Mediaserver) : A remote code execution vulnerability exists in Mediaserver where a attacker can exploit a memory corruption during media file and data processing by sending a specially crafted file. Affected products/versions: Android 6.0, 6.0.1, 7.0, 7.1.1. CVSSv3 b...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0479

CVE-2017-0479 describes an elevation of privilege vulnerability in the Android Audioserver. A local malicious app could execute arbitrary code in the context of a privileged process. Affected software: Android, with listed versions including 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The ro...

9.3CVSS7.2AI score0.00721EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0484

The CVE-2017-0484 entry concerns a denial-of-service in Mediaserver on Android. The issue allows a specially crafted file to cause a device hang or reboot. Affected products/versions are Android 6.0, 6.0.1, 7.0, and 7.1.1 (Android ID A-33298089). The vulnerability arises from how Mediaserver hand...

7.1CVSS5.4AI score0.00616EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0498

CVE-2017-0498 describes a denial-of-service condition in Android Setup Wizard that could let a local attacker force a Google account sign-in after a factory reset. Affected versions include Android 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The vulnerability is local in scope, with no exploitation detail...

5.5CVSS5.3AI score0.00163EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.58 views

CVE-2017-0504

CVE-2017-0504 is an elevation-of-privilege vulnerability in MediaTek components used by Android, including the M4U, sound, touchscreen, GPU, and Command Queue drivers. The flaw could let a local malicious app execute arbitrary code within the kernel, potentially leading to a permanent device comp...

9.3CVSS7.3AI score0.00863EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.58 views

CVE-2017-0591

CVE-2017-0591 is a remote code execution vulnerability in libavc used by Android Mediaserver. A specially crafted media file could trigger memory corruption during media file and data processing, allowing an attacker to run code in the Mediaserver context. Affected products/versions include Andro...

9.3CVSS7.6AI score0.01532EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.58 views

CVE-2017-0598

CVE-2017-0598 is an information-disclosure vulnerability in Android’s Framework APIs. The flaw could allow a local malicious application to bypass OS data isolation protections and access data from other apps. Affected products/versions, per authoritative sources, include Android 4.4.4 through 7....

5.5CVSS5.2AI score0.00419EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.58 views

CVE-2017-0602

CVE-2017-0602 describes an information-disclosure vulnerability in Bluetooth on Android that could let a local malicious app bypass OS protections that isolate app data. Affected versions span Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The vulnerability is categorized as Mode...

5.5CVSS5.1AI score0.00395EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.58 views

CVE-2017-0643

CVE-2017-0643 describes a remote denial-of-service vulnerability in Android’s Media framework (Mediaserver). The issue could be triggered by processing a specially crafted media file, leading to a device hang or reboot. Affected products/versions include Android 5.0.2, 5.1.1, 6.0/6.0.1, 7.0, and ...

7.1CVSS5.5AI score0.00662EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.58 views

CVE-2017-0685

CVE-2017-0685 is a DoS in the Android media framework affecting Android 6.0/6.0.1/7.0/7.1.1/7.1.2. The connected CNVD entry notes a DoS via the media framework with an infinite loop attack vector; no root-cause or patch details are provided in the supplied documents.

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.58 views

CVE-2017-0691

CVE-2017-0691 is a denial-of-service vulnerability in the Android media framework affecting Android 7.0, 7.1.1 and 7.1.2 (Android ID A-36724453). The NVD CVSS data lists a medium severity (CVSSv2: 4.3; AV:N/AC:M/Au:N/I:N/C:N/A:P) and a CVSSv3 score of 5.5 (LOCAL, UI required, high availability im...

5.5CVSS5.5AI score0.01019EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.58 views

CVE-2017-0694

CVE-2017-0694 is a denial-of-service vulnerability in the Android media framework. Affected products: Android devices running versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The vulnerability is classified as DoS (no details on exploit vectors provided in the initial documents). The ...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.58 views

CVE-2017-0703

The CVE-2017-0703 entry describes an Elevation of Privilege vulnerability in Android System UI affecting Android 4.4.4 through 7.1.2. Root cause: a flaw in System UI that could allow a local attacker to escalate privileges. Impact as documented: HIGH for confidentiality, integrity, and availabili...

9.3CVSS7.4AI score0.00399EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.58 views

CVE-2017-0715

CVE-2017-0715 is a remote code execution vulnerability in Android’s media framework (libavc). Affected products/versions per the provided documents include Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is described as RCE within the media framework libavc and is listed under the Android Se...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.58 views

CVE-2017-0729

CVE-2017-0729 is an Elevation of Privilege in Android’s media framework mediadrmserver. The vulnerability affects Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2, enabling a remote attacker to execute arbitrary code with elevated privileges within a privileged context via mediadr...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.58 views

CVE-2017-0734

CVE-2017-0734 is a DoS in the Android media framework libavc affecting Android 6.0–7.1.x. The vulnerability is described as a denial of service vulnerability in the media framework, but the provided documents do not specify root cause details, affected subcomponents beyond libavc, exploit vectors...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.58 views

CVE-2017-0767

CVE-2017-0767 is an Elevation of Privilege vulnerability in Android’s media framework (libeffects) affecting Android versions 4.4.4 through 7.1.2. The issue is described as an EoP in the media stack, enabling a local attacker to execute code with elevated privileges within a privileged process. T...

9.3CVSS7.9AI score0.00414EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.58 views

CVE-2017-0779

CVE-2017-0779 is an information-disclosure vulnerability in Android’s media framework (audioflinger) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0–6.0.1, 7.0, 7.1.1, 7.1.2 (Android ID A-38340117). Public details come from NVD: CVSS2 vector AV:N/AC:M/Au:N/C:P/I:N/A:N (base 4.3) and CVSS3 vec...

5.5CVSS5.8AI score0.00366EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.58 views

CVE-2017-0799

CVE-2017-0799 is a MediaTek-related elevation-of-privilege vulnerability affecting the MediaTek lastbus within the Android kernel. The issue is described as an EoP in the lastbus component, enabling a local attacker to potentially gain higher privileges. The vulnerability is associated with Media...

9.3CVSS8AI score0.00416EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.58 views

CVE-2017-0845

CVE-2017-0845 is a denial-of-service vulnerability in the Android framework’s syncstorageengine. The issue affects Android devices running versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The vulnerability is categorized as DoS with network attack vector and authorship requires no user i...

7.5CVSS7.1AI score0.00426EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.58 views

CVE-2017-0846

CVE-2017-0846 is an information-disclosure vulnerability in the Android framework component clipboardservice. Affected Android versions include 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The Pixel/Nexus bulletin indicates a security patch level of 2018-01-05 (AOSP updates) addresses this issu...

7.5CVSS6.8AI score0.00412EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.58 views

CVE-2017-0858

CVE-2017-0858 is a DoS vulnerability in the Android media framework affecting Pixel/Nexus devices. The Pixel security bulletin groups the issue under Media framework with NSI classification and lists affected AOSP versions 7.0, 7.1.1, 7.1.2, and 8.0. The vulnerability is described as part of a br...

7.8CVSS7.2AI score0.00563EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.58 views

CVE-2017-0872

CVE-2017-0872 is a remote code execution in Android's media framework (libskia). Affected products/versions per the Android bulletin and NVD: Android 7.0, 7.1.1, 7.1.2, 8.0. The root cause is a vulnerability in the media framework codecs (libskia, libmpeg2, libhevc, libavc) that could allow a cra...

9.3CVSS8.4AI score0.01437EPSS
CVE
CVE
added 2017/06/30 4:0 p.m.58 views

CVE-2017-10709

CVE-2017-10709 affects Elephone P9000 devices running Android 6.0. The lockscreen can be bypassed to defeat the wrong-PIN lockout by pressing backspace after each PIN guess, using physical proximity as the attack vector. Documented impact indicates confidentiality, integrity, and availability may...

7.2CVSS6.5AI score0.00335EPSS
Total number of security vulnerabilities8153