Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/03/07 1:31 a.m.57 views

CVE-2022-47475

CVE-2022-47475 : A missing permission check in the telephony service allows local information disclosure with no additional privileges. The issue is described across multiple sources as a lack of privilege verification within the telephony module (confidentiality impact: HIGH). No concrete exploi...

5.5CVSS5.2AI score0.00089EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.57 views

CVE-2022-48244

CVE-2022-48244 affects UNISOC chipsets’ audio service, with a missing permission check as the root cause. This could enable local escalation of privilege with no additional execution privileges, aligning with the CVSS 3.1 base metrics (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base score 7.8). Exploit...

7.8CVSS7.7AI score0.0009EPSS
CVE
CVE
added 2023/05/09 1:21 a.m.57 views

CVE-2022-48376

CVE-2022-48376 affects UNISOC chipsets’ dialer service module. The root cause is a missing permission check, which could allow a local attacker to trigger a denial of service without gaining additional execution privileges. The CVE is documented with a CVSS v3.1 base score of 5.5 (Local attack, L...

5.5CVSS5.4AI score0.00087EPSS
CVE
CVE
added 2023/03/07 12:0 a.m.57 views

CVE-2023-20650

The CVE-2023-20650 entry describes a vulnerability in MediaTek chips’ apu module: an out-of-bounds write from a missing bounds check, enabling local escalation of privilege to System level. No exploitation details are provided in the documents. CVSSv3.1/3.1 base score 6.7 (MEDIUM); attack vector ...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/04/06 12:0 a.m.57 views

CVE-2023-20682

CVE-2023-20682 affects the MediaTek wlan component, describing an out-of-bounds write caused by an integer overflow that could enable local privilege escalation with system execution privileges required. User interaction is not needed. A patch is noted: ALPS07441605 (Issue ALPS07441605). Connecte...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.57 views

CVE-2023-20735

CVE-2023-20735 concerns the vcu component in MediaTek chips, where a missing bounds check can cause an out-of-bounds write. The under-lying flaw is a lack of boundary verification in vcu, potentially enabling local escalation of privilege with System-level execution privileges required. Exploitat...

6.7CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2023/06/06 12:11 p.m.57 views

CVE-2023-20741

CVE-2023-20741 affects the ril module in MediaTek chips, with a missing bounds check causing an out-of-bounds read that can lead to local information disclosure and may enable system-level execution privileges. Exploitation is described as not requiring user interaction, and the patch ID ALPS0762...

4.4CVSS4.2AI score0.00093EPSS
CVE
CVE
added 2023/08/07 3:21 a.m.57 views

CVE-2023-20797

CVE-2023-20797 describes an out-of-bounds write in MediaTek camera middleware caused by a missing bounds check, leading to local escalation of privileges with System execution privileges required and no user interaction needed. The entry cites a patch/issue identifier ALPS07629582 as the mitigati...

6.7CVSS6.7AI score0.00108EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.57 views

CVE-2023-21324

CVE-2023-21324 is listed in Android 14 release notes under the Framework section as an elevation-of-privilege (EoP) vulnerability with moderate severity. The exact affected packages/versions are not detailed in the provided sources, but the Android bulletin states these issues are fixed in Androi...

7.8CVSS7.5AI score0.00093EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.57 views

CVE-2023-21335

CVE-2023-21335 affects Android, describing a side-channel in Settings that allows determining if an app is installed without query permissions. The vulnerability enables local information disclosure with no extra privileges and no user interaction required. Connected sources (RH security advisory...

5.5CVSS5.6AI score0.00101EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.57 views

CVE-2023-21379

CVE-2023-21379 (Android Bluetooth information disclosure) is described as a Bluetooth vulnerability with an out-of-bounds read caused by a missing bounds check, enabling local information disclosure. The issue affects Bluetooth handling on Android, requiring System privileges for exploitation, wi...

4.4CVSS4.4AI score0.00088EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.57 views

CVE-2023-32821

CVE-2023-32821 relates to MediaTek chips where a vulnerability in the video module allows an out-of-bounds write due to a permissions bypass. This could enable local escalation to SYSTEM privileges without user interaction. A patch is identified as ALPS08013430 (Issue ALPS08013433). Exploitation ...

6.7CVSS6.7AI score0.00088EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.57 views

CVE-2023-42636

CVE-2023-42636 affects the validationtools component, where a missing permission check could allow local information disclosure without requiring additional privileges. Public documentation in connected sources ties this vulnerability to UNISOC chipsets context, but explicit exploitation details,...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/12/04 12:54 a.m.57 views

CVE-2023-42739

CVE-2023-42739 affects the engineermode service, where a missing permission check could allow an app to write permission usage records. This enables local escalation of privilege with no extra execution privileges required. Documented impact is HIGH (CVSS v3.1: AV=L, AC=L, PR=L, UI=N, S=U, C=H, I...

7.8CVSS7.8AI score0.00096EPSS
CVE
CVE
added 2023/09/27 1:52 p.m.57 views

CVE-2023-44123

The CVE-2023-44123 issue affects com.lge.bluetoothsetting and arises from using implicit PendingIntents with PendingIntent.FLAG_MUTABLE, enabling theft/over-write of arbitrary files with system privilege. An attacker’s app with access to notifications could intercept them, redirect to its activit...

7.8CVSS6.6AI score0.00125EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.57 views

CVE-2023-52346

CVE-2023-52346 affects the modem driver in UNISOC chipsets, where improper input validation can cause a system crash and may enable local information disclosure with system execution privileges required. The NVD entries describe the vulnerable component as the modem driver and note a potential lo...

4.4CVSS6.2AI score0.00086EPSS
CVE
CVE
added 2024/10/07 2:35 a.m.57 views

CVE-2024-20099

CVE-2024-20099: A power-module out-of-bounds write due to a missing bounds check enables local escalation to SYSTEM privileges with no user interaction. A patch is referenced (ALPS08997492; MSV-1625). Affected component is described as the power subsystem; exact product/version details are not sp...

6.7CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.57 views

CVE-2024-20117

The CVE-2024-20117 issue affects the vdec component, where an out-of-bounds read caused by improper structure design can lead to local information disclosure with SYSTEM privileges required and no user interaction. Public data confirms the vulnerability details across multiple feeds (NVD/Red Hat/...

4.4CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2025/02/03 3:24 a.m.57 views

CVE-2025-20643

CVE-2025-20643 impacts devices using MediaTek chipsets with a DA module vulnerability. A missing bounds check can cause an out-of-bounds read, potentially enabling local information disclosure when an attacker has physical access and already holds System privileges. Exploitation requires user int...

5.7CVSS5.8AI score0.00093EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.56 views

CVE-2014-9867

The CVE-2014-9867 issue affects Qualcomm camera components in Android (Nexus 5/7 2013) where msm_isp_axi_util.c fails to validate the number of streams, enabling privilege escalation via a crafted app. Root cause: missing validation in the camera driver path. Impact: local privilege escalation wi...

9.3CVSS7.5AI score0.00544EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.56 views

CVE-2014-9886

CVE-2014-9886 affects Android on Nexus 5 and Nexus 7 (2013) devices, specifically the Qualcomm component under arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c. The vulnerability is caused by improper validation of input parameters in USF, enabling a local attacker to gain privileges via a crafted appl...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.56 views

CVE-2014-9887

CVE-2014-9887 affects drivers/misc/qseecom.c in the Qualcomm component used on Android devices (Nexus 5 and Nexus 7 (2013)) prior to 2016-08-05. The flaw does not validate certain length values, enabling a local attacker with a crafted application to gain privileged access. Exploitation details o...

9.3CVSS7.5AI score0.0053EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.56 views

CVE-2014-9902

CVE-2014-9902 involves a buffer overflow in the Qualcomm Wi‑Fi driver’s file CORE/SYS/legacy/src/utils/src/dot11f.c on Nexus 7 (2013) devices. An attacker could trigger arbitrary code execution by sending a crafted Information Element in an 802.11 management frame, exploiting the vulnerability in...

10CVSS9AI score0.0252EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.56 views

CVE-2014-9930

CVE-2014-9930 concerns a Use-After-Free vulnerability in the WCDMA stack on CAF Android releases that use the Linux kernel. Affected component: WCDMA subsystem; root cause: use-after-free memory error as described in the CVE description. Potential impact as per CVSS v3 metrics is High for Confide...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.56 views

CVE-2015-1536

CVE-2015-1536 is an integer overflow in Bitmap_createFromParcel() in Android’s core/jni/android/graphics/Bitmap.cpp, affecting Android versions prior to 5.1.1 (LMY48I). The flaw arises from improper bitmap unmarshalling and can allow a crafted application to crash the system_server (denial of ser...

8.5CVSS6.7AI score0.00668EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.56 views

CVE-2015-3835

The CVE-2015-3835 entry describes a buffer overflow in libstagefright’s OMXNodeInstance::emptyBuffer (omx/OMXNodeInstance.cpp) affecting Android prior to 5.1.1 LMY48I. The underlying issue is a memory corruption vulnerability in mediaserver-related code that could allow remote code execution via ...

9.3CVSS7.8AI score0.01771EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.56 views

CVE-2015-3844

The CVE-2015-3844 entry concerns Android’s ActivityManagerService.getProcessRecordLocked() before 5.1.1 (LMY48I). The issue arises when the method does not verify that an application’s process name matches its package name, which can lead ActivityManager to load the wrong process for certain task...

6.8CVSS6.5AI score0.0055EPSS
CVE
CVE
added 2015/10/01 12:0 a.m.56 views

CVE-2015-3858

CVE-2015-3858 affects Android before 5.1.1 LMY48M. The issue is in the checkDestination function of internal/telephony/SMSDispatcher.java, which relies on an obsolete permission name for an authorization check, enabling a crafted app to bypass the user-confirmation requirement for SMS short-code ...

9.3CVSS6.5AI score0.00691EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.56 views

CVE-2015-3871

CVE-2015-3871 affects libstagefright in Android prior to 5.1.1 LMY48T. A crafted media file could trigger memory corruption in mediaserver/libstagefright, enabling remote code execution or a denial of service. The Android Security Bulletin notes that builds LMY48T or later address these issues, a...

10CVSS7.8AI score0.01858EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.56 views

CVE-2015-6612

CVE-2015-6612 affects libmedia in Android prior to 5.1.1 LMY48X and 6.0 prior to 2015-11-01. The issue is an elevation of privilege via a crafted app that can execute code in mediaserver’s context (via libmedia). Affected Android builds include Nexus devices patched with Build LMY48X or later and...

9.3CVSS6.7AI score0.02574EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.56 views

CVE-2015-6628

CVE-2015-6628 affects Android’s Media Framework. Versions before 5.1.1 LMY48Z and 6.0 before 2015-12-01 expose a vulnerability in mediaserver that could disclose sensitive information and bypass a protection mechanism, via unknown vectors demonstrated by obtaining Signature or SignatureOrSystem a...

5CVSS6.6AI score0.00458EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.56 views

CVE-2015-8505

Summary (concrete details from provided sources): Android mediaserver in versions prior to 5.1.1 LMY48Z is vulnerable to a memory corruption issue that can be triggered by a crafted media file, enabling remote code execution or a denial of service. The entry is part of CVE-2015-8505 and is linked...

9.3CVSS7.5AI score0.01991EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.56 views

CVE-2015-8507

The CVE-2015-8507 entry concerns a memory corruption vulnerability in Android’s mediaserver. Connected sources describe affected software as Android mediaserver running on Android 6.0 (and older) where a crafted media file can be used by a remote attacker to execute arbitrary code or cause a deni...

9.3CVSS7.5AI score0.02011EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.56 views

CVE-2015-8999

CVE-2015-8999: The vulnerability is described as a TrustZone buffer overflow that can occur in Android CAF builds when loading an ELF file. Connected sources corroborate a TrustZone buffer overflow in Android’s TrustZone component with potential for arbitrary code execution or denial of service, ...

9.3CVSS7.5AI score0.00625EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.56 views

CVE-2015-9009

CVE-2015-9009 is an Elevation of Privilege vulnerability in Qualcomm closed‑source components exposed via Android kernel. The public data indicates the issue affects Qualcomm/Android architectures and is classified as Critical (CVSS v3 9.8). The CVE is listed under Qualcomm closed‑source componen...

10CVSS8.8AI score0.01154EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.56 views

CVE-2015-9065

CVE-2015-9065 concerns Qualcomm products with CAF Android releases using the Linux kernel, where a UE may respond to a UEInformationRequest before Access Stratum security is established. The provided sources describe the issue but do not specify exact affected models, versions, or a vendor patch/...

10CVSS8.7AI score0.00976EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.56 views

CVE-2016-0848

CVE-2016-0848 is a race-condition vulnerability in Android’s Download Manager that affects Android 4.x (before 4.4.4), 5.x (before 5.0.2 or 5.1.1), and 6.x (before 2016-04-01). A crafted app can exploit a symlink target change to bypass private-storage file-access restrictions, enabling unauthori...

8.4CVSS7.5AI score0.00159EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.56 views

CVE-2016-10274

CVE-2016-10274 is an elevation-of-privilege vulnerability in the MediaTek touchscreen driver that could allow a local malicious Android app to execute arbitrary code in the kernel context. The issue is classified as Critical due to the risk of local permanent device compromise, potentially requir...

9.3CVSS7.2AI score0.00596EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.56 views

CVE-2016-10342

CVE-2016-10342 is a buffer overflow in an Android CAF Linux kernel syscall handler. Attack requires local access and user interaction, with potential for high impact (admin privileges) per CVSS data. Affected: Android CAF builds using the Linux kernel; exploit details are not provided in the link...

9.3CVSS7.7AI score0.00625EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.56 views

CVE-2016-10388

Technical details about CVE-2016-10388 are not publicly provided in the connected documents. Monitor for updates.

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2020/04/07 1:30 p.m.56 views

CVE-2016-11033

CVE-2016-11033 affects Samsung mobile devices running M(6.0). Affected component is tlc_server, with a heap-based buffer overflow as the root cause. Samsung IDs: SVE-2016-7220 and SVE-2016-7225. Impact and exploitability are described in the linked metrics (CVSS v2/base 7.5 HIGH; CVSS v3.1/base 9...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2020/04/07 12:54 p.m.56 views

CVE-2016-11042

CVE-2016-11042 affects Samsung mobile devices running L (5.0/5.1) and M (6.0), describing a SIM lock bypass. The connected documents reiterate only that a SIM lock bypass exists (SVE-2016-5381) but do not provide technical details about the affected component, root cause, exploitability, or concr...

7.5CVSS7.6AI score0.00408EPSS
CVE
CVE
added 2020/04/07 12:51 p.m.56 views

CVE-2016-11044

The vulnerability CVE-2016-11044 affects Samsung mobile devices running Lollipop (5.0/5.1) and Marshmallow (6.0) with fingerprint support. It enables bypass of the application signature check during installation, as documented under Samsung’s SVE-2016-5923. Evidence across sources (NVD, Red Hat, ...

7.8CVSS7.6AI score0.00093EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.56 views

CVE-2016-2432

CVE-2016-2432 concerns the Qualcomm TrustZone component in Android prior to the 2016-05-01 patch level, affecting Nexus 6 and Android One devices. The root cause is elevation of privilege via a crafted application, enabling a local attacker to gain higher privileges within TrustZone. The CVE is d...

9.3CVSS7.5AI score0.0039EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.56 views

CVE-2016-2451

CVE-2016-2451 affects Android Mediaserver (libstagefright) and its VPX handling in SoftVPX.cpp. The vulnerability arises from not validating VPX output buffer sizes, enabling local privilege escalation to Signature or SignatureOrSystem via a crafted application. Affected Android versions: 4.x bef...

9.3CVSS7.6AI score0.00419EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.56 views

CVE-2016-2459

CVE-2016-2459 affects mediaserver in Android 4.x up to 4.4.3, 5.0.x up to 5.0.1/2, 5.1.x up to 5.1.0/1, and 6.x prior to 2016-05-01. The root cause is that certain data structures are not initialized, enabling an attacker to disclose sensitive information via a crafted application. The vulnerabil...

5.5CVSS5.5AI score0.00414EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.56 views

CVE-2016-2473

CVE-2016-2473 describes a privilege-escalation vulnerability in the Qualcomm Wi‑Fi driver used by the Android stack on the Nexus 7 (2013) . The issue exists in Android builds prior to the 2016-06-01 patch level and can be triggered by a crafted application , enabling an attacker to gain elevated ...

9.8CVSS9.1AI score0.00653EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.56 views

CVE-2016-3741

CVE-2016-3741 affects the H.264 decoder in mediaserver on Android 6.x (prior to 2016-07-01). The issue arises because certain slice data is not initialized, enabling remote attackers to execute arbitrary code or cause a memory corruption leading to a denial of service. The vulnerability impact is...

9.8CVSS8.8AI score0.01412EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.56 views

CVE-2016-3742

The CVE-2016-3742 entry affects Android 6.x Mediaserver (decoder/ih264d_process_intra_mb.c). A flaw in intra mode handling in Mediaserver could allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) via a specially crafted media file. The issue is docum...

9.8CVSS8.8AI score0.01075EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.56 views

CVE-2016-3763

The CVE-2016-3763 entry concerns Android and its PAC (Proxy Auto-Config) feature. The vulnerable component is net/PacProxySelector.java used by PAC, where URL information is not restricted to scheme/host/port as required. This allows a remote attacker controlling a PAC script server to discover c...

5CVSS5.5AI score0.00512EPSS
Total number of security vulnerabilities8153