Lucene search

K
GoogleAndroid

7579 matches found

CVE
CVE
added 2024/11/04 2:15 a.m.41 views

CVE-2024-20108

In atci, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09082988; Issue ID: MSV-1774.

6.7CVSS7.2AI score0.0001EPSS
CVE
CVE
added 2024/12/02 4:15 a.m.41 views

CVE-2024-20130

In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.

6.7CVSS7.4AI score0.0001EPSS
CVE
CVE
added 2024/06/13 9:15 p.m.41 views

CVE-2024-32914

In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6AI score0.00042EPSS
CVE
CVE
added 2024/07/01 9:15 a.m.41 views

CVE-2024-39427

In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed

5.1CVSS6.8AI score0.00011EPSS
CVE
CVE
added 2024/10/25 11:15 a.m.41 views

CVE-2024-44101

there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS7AI score0.00212EPSS
CVE
CVE
added 2024/10/25 11:15 a.m.41 views

CVE-2024-47016

there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.00009EPSS
CVE
CVE
added 2024/10/25 11:15 a.m.41 views

CVE-2024-47026

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.3AI score0.00009EPSS
CVE
CVE
added 2025/01/03 4:15 a.m.41 views

CVE-2024-53838

In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.0001EPSS
CVE
CVE
added 2025/01/03 4:15 a.m.41 views

CVE-2024-53840

there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.2AI score0.00009EPSS
CVE
CVE
added 2025/06/03 6:15 a.m.41 views

CVE-2025-31711

In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

6.2CVSS6.8AI score0.00008EPSS
CVE
CVE
added 2011/01/31 8:0 p.m.40 views

CVE-2011-0680

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.

5CVSS6.7AI score0.00893EPSS
CVE
CVE
added 2020/01/23 3:15 p.m.40 views

CVE-2013-6792

Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability

9.8CVSS9AI score0.02773EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.40 views

CVE-2013-7457

Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.

10CVSS7.4AI score0.00058EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.40 views

CVE-2014-9787

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.

9.3CVSS7.6AI score0.00071EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.40 views

CVE-2014-9868

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal ...

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.40 views

CVE-2014-9878

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.

7.8CVSS7.6AI score0.00076EPSS
CVE
CVE
added 2017/06/06 2:29 p.m.40 views

CVE-2014-9923

In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.

9.3CVSS7.2AI score0.00035EPSS
CVE
CVE
added 2017/05/16 2:29 p.m.40 views

CVE-2014-9935

In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.

9.3CVSS7.6AI score0.00063EPSS
CVE
CVE
added 2017/06/06 2:29 p.m.40 views

CVE-2014-9943

In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.

9.3CVSS7.1AI score0.00034EPSS
CVE
CVE
added 2017/06/06 2:29 p.m.40 views

CVE-2014-9950

In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.

9.3CVSS7.2AI score0.00031EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.40 views

CVE-2015-0575

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.

10CVSS7.8AI score0.00082EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.40 views

CVE-2015-1536

Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages i...

8.5CVSS6.7AI score0.00217EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.40 views

CVE-2015-3835

Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.

9.3CVSS7.8AI score0.00703EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.40 views

CVE-2015-3868

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724.

10CVSS7.8AI score0.04362EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.40 views

CVE-2015-3877

Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696.

10CVSS7.8AI score0.01467EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.40 views

CVE-2015-6598

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.

10CVSS7.8AI score0.01402EPSS
CVE
CVE
added 2015/11/03 11:59 a.m.40 views

CVE-2015-6613

Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.

5.1CVSS6.9AI score0.00141EPSS
CVE
CVE
added 2015/11/03 11:59 a.m.40 views

CVE-2015-6614

Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug...

5.8CVSS6.8AI score0.0005EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.40 views

CVE-2015-6622

The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal...

5CVSS6.6AI score0.001EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.40 views

CVE-2015-6640

The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted applicat...

9.3CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.40 views

CVE-2015-6642

The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.

9.8CVSS8.9AI score0.00138EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.40 views

CVE-2015-8507

mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.

9.3CVSS7.5AI score0.01816EPSS
CVE
CVE
added 2018/04/04 6:29 p.m.40 views

CVE-2015-9010

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.

10CVSS8.8AI score0.00585EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.40 views

CVE-2015-9071

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.

10CVSS7.9AI score0.00152EPSS
CVE
CVE
added 2018/04/04 6:29 p.m.40 views

CVE-2016-10230

A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.

10CVSS9.3AI score0.07489EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.40 views

CVE-2016-10341

In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.

9.3CVSS7.5AI score0.00058EPSS
CVE
CVE
added 2020/04/07 1:15 p.m.40 views

CVE-2016-11045

An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).

7.8CVSS7.8AI score0.00061EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.40 views

CVE-2016-2419

media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demo...

10CVSS7.7AI score0.00201EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.40 views

CVE-2016-2421

Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410.

6.6CVSS6.2AI score0.00014EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2441

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602.

7.6CVSS7AI score0.00035EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2442

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.

7.6CVSS7AI score0.00058EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2448

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as dem...

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2451

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig...

9.3CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2463

Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media f...

8.4CVSS8.4AI score0.00615EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2469

The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27531992.

9.3CVSS7.6AI score0.00134EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2491

The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408.

9.3CVSS7.9AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2494

Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.

9.3CVSS8AI score0.01072EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.40 views

CVE-2016-3809

The networking component in Android before 2016-07-05 on Android One, Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 27532522.

5.5CVSS5.7AI score0.00072EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.40 views

CVE-2016-3933

mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2017/04/06 7:59 p.m.40 views

CVE-2016-5349

The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside Qualcomm Secure Execution Environment (QSEE) only write to legitimate memory ranges related to the QSEE secure application's HLOS client. When secure application...

5.5CVSS6.4AI score0.00125EPSS
Total number of security vulnerabilities7579