Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/06/06 2:0 p.m.57 views

CVE-2014-9924

Technical details about CVE-2014-9924 are not provided in the supplied connected documents. Public information appears limited to a Signed to Unsigned Conversion Error in CAF Linux kernel. Monitor for updates.

9.3CVSS7.1AI score0.0046EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.57 views

CVE-2014-9936

CVE-2014-9936 describes a time-of-check time-of-use race condition in TrustZone used during authentication on Android devices that use CAF/Linux kernel. Connected sources indicate the issue affects Android releases prior to 7.0 in TrustZone authentication routines, implying a potential impact to ...

7.6CVSS6.8AI score0.00572EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.57 views

CVE-2014-9981

CVE-2014-9981 is reported as a Qualcomm component issue. The connected data indicate a buffer/overflow concern in the USB interface during boot for Qualcomm components used in Android CAF builds running the Linux kernel. The root cause is described as an insufficient overflow check in the USB int...

10CVSS8.9AI score0.00964EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.57 views

CVE-2015-3862

CVE-2015-3862 affects mediaserver in Android prior to 5.1.1 LMY48T, where processing of media data can crash the mediaserver, causing a denial of service. The primary description specifies an unspecified vector; the CVE entry is listed as a low-severity DoS in Mediaserver per Android bulletin det...

5CVSS6.6AI score0.00463EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.57 views

CVE-2015-3869

Affected software/impacted component: Android’s media processing stack, specifically libstagefright in versions prior to 5.1.1 LMY48T. Vulnerability: A crafted media file can trigger memory corruption in mediaserver, enabling remote code execution or a denial of service. Root cause as stated: mem...

10CVSS7.8AI score0.022EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.57 views

CVE-2015-6611

The CVE-2015-6611 entry describes a vulnerability in Android’s mediaserver prior to 5.1.1 LMY48X and 6.0 before 2015-11-01 that allows remote attackers to obtain sensitive information and thereby bypass an unspecified protection mechanism. The issue is categorized as an information-disclosure vul...

5CVSS6.6AI score0.01004EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.57 views

CVE-2015-6642

CVE-2015-6642 is an information-disclosure vulnerability in the Android kernel that could allow a local attacker to obtain sensitive data and bypass a protection mechanism. Affected platforms include Android kernels prior to 5.1.1 LMY49F and before 2016-01-01 on 6.0. The primary impact is leakage...

9.8CVSS8.9AI score0.00715EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.57 views

CVE-2015-9002

This CVE concerns Google Android TrustZone, where a DRM routine in the TrustZone DRM path can suffer an out-of-range pointer offset (integer overflow) vulnerability. Connected CNVD entry explicitly states an integer overflow in the TrustZone DRM routine exists on Android, and that an attacker cou...

9.3CVSS7.4AI score0.00578EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.57 views

CVE-2016-2493

CVE-2016-2493 describes an elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver used by Android on Nexus devices (N5, N6, N6P, 7 (2013), Nexus Player, Pixel C) prior to 2016-06-01. A local attacker could exploit a crafted application to gain privileged access (internal bug 26571522)....

9.3CVSS8AI score0.00412EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.57 views

CVE-2016-2494

CVE-2016-2494 involves an off-by-one error in sdcard/sdcard.c on Android, enabling a local attacker to gain privileges via a crafted app. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before 2016-06-01. Root cause: off-by-one in sdcard.c leading to Elevation of P...

9.3CVSS8AI score0.01946EPSS
Web
CVE
CVE
added 2016/09/11 9:0 p.m.57 views

CVE-2016-3889

CVE-2016-3889 describes a Factory Reset Protection (FRP) bypass in Android 6.x and 7.0 prior to September 1, 2016. Attackers with physical access could trigger the bypass during pre-setup by exploiting (1) an external tile from a system app, (2) the Help feature, or (3) the Settings app, associat...

7.2CVSS6.7AI score0.00244EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.57 views

CVE-2016-6744

CVE-2016-6744: Elevation of privilege in the Synaptics touchscreen driver for Android. A local malicious app could execute arbitrary kernel code via the Synaptics driver, with impact classified as High. Affected software is Android devices using the Synaptics touchscreen driver prior to the 2016-...

9.3CVSS7.5AI score0.00724EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.57 views

CVE-2016-6768

CVE-2016-6768: A remote code execution vulnerability in the Framesequence library could allow an attacker to run arbitrary code in an unprivileged process by reading a specially crafted file. Affected product/stack: Android, with Framesequence library present in versions 5.0.2, 5.1.1, 6.0, 6.0.1,...

7.8CVSS7.7AI score0.00808EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.57 views

CVE-2016-6773

CVE-2016-6773 describes an information-disclosure vulnerability in the ih264d decoder of Mediaserver on Android (versions 6.0, 6.0.1, 7.0). A local malicious app could access data outside its permission levels due to Mediaserver’s handling in the ih264d component. The issue is categorized as Mode...

5.5CVSS5AI score0.00455EPSS
CVE
CVE
added 2017/01/13 4:0 p.m.57 views

CVE-2017-0398

CVE-2017-0398 is an information-disclosure vulnerability in Android’s Audioserver. According to the sources, it could allow a local malicious application to access data outside of its permission levels. Affected products/versions are Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, with Andro...

5.5CVSS5.3AI score0.0048EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.57 views

CVE-2017-0426

Summary: CVE-2017-0426 is a local information-disclosure vulnerability in the Android Filesystem affecting Android 7.0 and 7.1.1. The issue could allow a local malicious app to access data outside its permission levels. Root cause is described as an information-disclosure weakness in the Filesyst...

5.5CVSS4.9AI score0.00627EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0469

CVE-2017-0469 (Mediaserver, Android) : A remote code execution vulnerability arises from memory corruption during media file/data processing in Mediaserver. A crafted file can trigger the issue, potentially allowing code execution within the Mediaserver process. Affected product/versions: Android...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0495

CVE-2017-0495 is an information-disclosure vulnerability in Android Mediaserver that could allow a local malicious app to access data beyond its permission levels. Affected: Android 6.0–7.1.1. Impact: partial confidentiality breach; no exploitation details or patches are provided in the documents.

5.5CVSS4.9AI score0.00421EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.57 views

CVE-2017-0505

CVE-2017-0505 is an elevation-of-privilege issue in MediaTek components (M4U, sound, touchscreen, GPU, and Command Queue drivers) for Android. A local attacker could execute arbitrary code in the kernel context. The 2017-03 Android bulletin lists CVE-2017-0505 with Android ID A-31822282 and notes...

9.3CVSS7.3AI score0.01427EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.57 views

CVE-2017-0558

CVE-2017-0558 is an information-disclosure vulnerability in the Android Mediaserver. A local malicious application could access data outside its permission levels on affected Android versions (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1). The CVSS scores in the initial description indicate a conf...

5.5CVSS5.2AI score0.00597EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.57 views

CVE-2017-0566

CVE-2017-0566 describes an elevation of privilege in the MediaTek camera driver for Android, enabling a local malicious application to execute arbitrary code in the kernel context. The issue affects the MediaTek camera driver within Android’s stack and is categorized as High due to requiring comp...

7.6CVSS6.9AI score0.00783EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.57 views

CVE-2017-0645

CVE-2017-0645 describes an elevation-of-privilege vulnerability in Android’s Bluetooth stack. A local malicious application could access data outside its permission levels. Affected products/versions: Android 6.0.1, 7.0, 7.1.1, 7.1.2. Root cause: Bluetooth exposure allowing unauthorized data acce...

5.5CVSS5.2AI score0.0044EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.57 views

CVE-2017-0649

CVE-2017-0649 is a MediaTek sound driver Elevation of Privilege vulnerability in Android. A local malicious app could exploit a flaw in the kernel context via the sound driver to execute arbitrary code. The issue is classified as Moderate due to the need to compromise a privileged process and vul...

7.6CVSS6.9AI score0.00665EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.57 views

CVE-2017-0727

CVE-2017-0727 is a documented elevation-of-privilege vulnerability in the Android media framework, specifically the libgui component. Public CNVD details describe the issue as affecting Android versions 7.0, 7.1.1, and 7.1.2 , enabling a remote attacker to execute arbitrary code with elevated pri...

7.8CVSS7.4AI score0.00283EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.57 views

CVE-2017-0775

CVE-2017-0775 is a DoS in Android’s media framework libstagefright. Affects Android versions 4.4.4–8.0 (including 8.0). The NVD CVSSv3 base score is 5.5 (Medium) with Local attack vector, Low attack complexity, requiring user interaction, and High availability impact. CVSSv2 base score is 7.1 (Hi...

7.1CVSS5.9AI score0.00331EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.57 views

CVE-2017-0810

CVE-2017-0810 describes a remote code execution vulnerability in Android’s media framework (libmpeg2). Affected products/versions include Android 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0. The root cause is a flaw in the libmpeg2 component within the Android Media framework that could allow arbitrar...

9.3CVSS7.7AI score0.01624EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.57 views

CVE-2017-0824

CVE-2017-0824 is a Privilege Elevation vulnerability in the Broadcom WiFi driver affecting Android kernel space. The issue enables elevation of privileges via the Broadcom WiFi component on affected Android devices. The vulnerability is categorized as EoP with a moderate impact in the Android eco...

9.8CVSS8AI score0.00498EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.57 views

CVE-2017-0827

CVE-2017-0827 is an Elevation of Privilege vulnerability in the MediaTek SoC driver within the Android kernel. Affects Android devices with MediaTek SoC driver stack; root cause is a flaw in the SoC driver that could allow a local attacker to execute arbitrary code within a privileged process con...

9.3CVSS7.4AI score0.00416EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.57 views

CVE-2017-0848

CVE-2017-0848 is an information-disclosure vulnerability in the Android media framework, specifically within the libeffects component. The Pixel/Nexus security bulletin (and related records) attributes this issue to the Media framework with an impact category of Information Disclosure and lists a...

5.3CVSS5.4AI score0.00356EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.57 views

CVE-2017-11000

CVE-2017-11000 affects Qualcomm components: specifically the Camera driver within Android CAF builds using the Linux kernel ISP Camera driver function. The root cause is an incorrect bounds check that may lead to an out-of-bounds write, described as an Elevation of Privilege (EoP) issue in the Qu...

7.8CVSS7.6AI score0.00368EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.57 views

CVE-2017-11014

CVE-2017-11014 describes a buffer overflow in the Android/CAF/Linux kernel stack when parsing a Measurement Request IE in a Roam Neighbor Action Report. Affected products include Android for MSM, Firefox OS for MSM, and QRD Android with CAF Linux kernel releases. The CVSS data indicates high impa...

9.3CVSS7.5AI score0.00601EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.57 views

CVE-2017-11028

CVE-2017-11028 affects the Android MSM ISP Camera driver; the vulnerability allows leakage of contents from an arbitrary kernel address to userspace via msm_isp_get_stream_common_data(). Connected sources confirm this is an information-disclosure issue in the Camera subsystem within Android/Linux...

7.5CVSS7AI score0.00608EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.57 views

CVE-2017-11073

CVE-2017-11073 is a Qualcomm Networking subsystem vulnerability affecting Android on MSM/CAF/Linux kernel builds. The qcacld pktlog allows a local attacker to map memory to user space via /proc/ath_pktlog/cld, enabling potentially exposure or modification of memory. Public details specify LOCAL a...

7.8CVSS7AI score0.00138EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.57 views

CVE-2017-13190

CVE-2017-13190 is a vulnerability in the Android media framework (libhevc) related to ps_codec_obj memory allocation failures. The affected software is Android (Media framework/libhevc) on versions 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The documented impact is denial of service (availability impact = ...

7.8CVSS7.1AI score0.00463EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.57 views

CVE-2017-13281

CVE-2017-13281 affects Android 8.0–8.1, where avrc_pars_browsing_cmd in avrc_pars_tg.cc can overflow a stack buffer due to an improper bounds check, enabling remote code execution without user interaction. Affected product: Android OS; vulnerable component: avrc_pars_browsing_cmd (in avrc_pars_tg...

10CVSS9AI score0.01793EPSS
CVE
CVE
added 2024/12/05 10:5 p.m.57 views

CVE-2017-13308

The CVE-2017-13308 entry describes a buffer overflow in an sscanf call within the Mediatek MTK TS Abts code path (tscpu_write_GPIO_out and mtkts_Abts_write in mtk_ts_Abts.c) caused by improper input validation. This could enable local privilege escalation with System execution privileges; exploit...

6.7CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2024/11/15 9:46 p.m.57 views

CVE-2017-13311

The provided connected documents confirm CVE-2017-13311 affects the Android Framework, specifically the read() function in ProcessStats.java, causing a read/write serialization issue that enables a permissions bypass. This can lead to local escalation of privilege, allowing an app to start an act...

7.8CVSS6.8AI score0.00073EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.57 views

CVE-2017-14917

CVE-2017-14917 affects Android ecosystems (Android for MSM, Firefox OS for MSM, QRD Android) with CAF Linux kernel variants. The issue stems from improper validation of buffer sizes in the message passing interface, enabling potential exploitation via crafted inputs. The CVSS data indicates a cri...

10CVSS7.8AI score0.00726EPSS
CVE
CVE
added 2020/04/07 3:54 p.m.57 views

CVE-2017-18649

The CVE-2017-18649 issue affects Samsung mobile devices running N(7.x) software. The bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, enabling an attacker to boot with root privileges (SamFAIL). The Samsung ID is SVE-2017-10465. No additional technical det...

7.2CVSS7AI score0.00281EPSS
CVE
CVE
added 2020/04/07 2:4 p.m.57 views

CVE-2017-18690

CVE-2017-18690 involves a buffer overflow in the sensor hub of certain Samsung mobile devices. Affected platforms include KK (4.4), L (5.0/5.1), M (6.0), and N (7.0) with Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets. The available public description notes a sensor-hub buffer overflo...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2017/12/06 6:0 p.m.57 views

CVE-2017-6276

CVE-2017-6276 affects NVIDIA mediaserver/OpenMax component (LIBNVMMLITE_VIDEO.SO). The issue is a use-after-free caused by referencing memory after it has been freed, leading to potential denial of service and possible elevation of privileges. NVIDIA’s NVIDIA SHIELD Tablet bulletin lists CVE-2017...

7.8CVSS7.8AI score0.00189EPSS
CVE
CVE
added 2018/03/06 4:0 p.m.57 views

CVE-2017-6295

Affected software/hardware: NVIDIA TrustZone Software (Keymaster) in NVIDIA SHIELD TV SE 6.2 and earlier. Vulnerability: reads data past the end or before the beginning of the intended buffer, potentially leading to denial of service or information disclosure. Impact/Severity: rated high (CVE-201...

8.4CVSS7.9AI score0.00138EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.57 views

CVE-2017-7369

CVE-2017-7369 affects Android CAF builds using the Linux kernel. The vulnerability stems from an array index in an ALSA routine not properly validating input, which can potentially lead to kernel stack corruption. Public details in the provided documents describe the root cause and impact but do ...

9.3CVSS7.2AI score0.00458EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.57 views

CVE-2017-7370

CVE-2017-7370 is listed in connected sources as a Qualcomm video driver vulnerability (Video driver) causing an elevation of privilege (EoP) with Moderate severity. The detail consistently attributes the flaw to a race condition in the video driver within Android CAF/Linux kernel deployments. No ...

7.6CVSS6.8AI score0.00342EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.57 views

CVE-2017-8251

CVE-2017-8251 affects Qualcomm camera driver components in Android CAF builds on Linux kernels. The bug arises when msm_isp_check_stream_cfg_cmd and msm_isp_stats_update_cgc_override fail to validate stream_cfg_cmd->num_streams, allowing an overflow of stream_cfg_cmd->stream_handle. The CVE...

7.8CVSS8AI score0.00385EPSS
CVE
CVE
added 2018/12/20 3:0 p.m.57 views

CVE-2017-9704

CVE-2017-9704 concerns CAF Android kernels (Android for MSM, Firefox OS for MSM, QRD Android) where there is no synchronization between msm_vb2 buffer operations, enabling a use-after-free condition. Root cause: missing synchronization in buffer handling within the kernel component msm_vb2. Affec...

7.8CVSS7.5AI score0.00152EPSS
CVE
CVE
added 2020/04/08 2:48 p.m.57 views

CVE-2018-21082

Affected product: Samsung mobile devices running N(7.x) with Dex Station. Issue: Dex Station enables App Pinning bypass and lock-screen bypass via the To unpin screen lock option. Root cause: bypass of app pinning/lock screen through the “Use screen lock type to unpin” flow. Impact: allows bypass...

8.4CVSS8.3AI score0.00136EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.57 views

CVE-2018-5842

CVE-2018-5842 describes a WLAN privilege/Arbitrary address write in Qualcomm WLAN on Android devices (CAF Android for MSM, Firefox OS for MSM, QRD Android) due to the WLAN firmware sending incorrect data to the WLAN driver. The root cause is a data handling flaw in the interaction between comprom...

7.8CVSS7.2AI score0.00168EPSS
CVE
CVE
added 2024/11/19 9:8 p.m.57 views

CVE-2018-9412

CVE-2018-9412 concerns a DoS in the Android Media framework due to a resource exhaustion condition in ID3.cpp’s removeUnsynchronization, caused by improper input validation. Exploitation requires user interaction; the vulnerability is local in scope with availability impact high and no confidenti...

5.5CVSS6.6AI score0.00081EPSS
CVE
CVE
added 2024/11/19 9:11 p.m.57 views

CVE-2018-9419

CVE-2018-9419 describes an information-disclosure flaw: an out-of-bounds read in the BLE path (l2cble_process_sig_cmd in l2c_ble.cc) that can leak remote data without extra privileges or user interaction. Public documents consistently state the impact as information disclosure with no exploitatio...

7.5CVSS6.3AI score0.00277EPSS
Total number of security vulnerabilities8153