Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/07/11 1:0 a.m.56 views

CVE-2016-3775

The vulnerability CVE-2016-3775 concerns the Android kernel file system. A local, privilege-escalation flaw exists in the kernel file system on Nexus 5X, Nexus 6P, Nexus 6, Nexus Player, and Pixel C devices running affected Android versions prior to 2016-07-05, allowing a crafted application to g...

9.3CVSS7.3AI score0.00502EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.56 views

CVE-2016-3809

CVE-2016-3809 is an information-disclosure vulnerability in Android’s networking component. The iovy/iovy_pxn2 flows describe using CVE-2016-3809 to leak the kernel address of a sock structure, enabling subsequent steps to corrupt kernel data and escalate privileges. Affected devices include Andr...

5.5CVSS5.7AI score0.00352EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.56 views

CVE-2016-3915

The CVE-2016-3915 issue affects Android’s Camera service (camera_metadata.c) across multiple Android versions, enabling a local attacker to escalate privileges via a crafted app. Root cause: privilege escalation in the Camera service. Impact: attacker gains high-level privileges. Mitigation/Remed...

9.3CVSS8AI score0.0053EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.56 views

CVE-2016-5861

CVE-2016-5861 affects Qualcomm display/video driver in Android for MSM. The vulnerability arises when a userspace-controlled variable is used to compute offsets/sizes for copy operations, potentially causing a heap overflow. The connected documents classify this as an Elevation of Privilege (EoP)...

8.8CVSS8.3AI score0.00442EPSS
CVE
CVE
added 2016/12/13 7:0 p.m.56 views

CVE-2016-6706

CVE-2016-6706 is a local privilege-escalation vulnerability in Android’s Mediaserver, specifically within the libstagefright component. The issue allows a local malicious application to execute arbitrary code in the context of a privileged process due to a flaw in Mediaserver on Android 7.0 and e...

9.3CVSS7.7AI score0.00749EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.56 views

CVE-2016-6739

CVE-2016-6739 is an elevation-of-privilege vulnerability in the Qualcomm camera driver on Android, allowing a local malicious app to execute arbitrary code in the kernel context. The issue requires compromising a privileged process and is described as a local attack with high impact (kernel integ...

9.3CVSS7.5AI score0.00649EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.56 views

CVE-2016-6741

CVE-2016-6741 is an elevation-of-privilege in the Qualcomm camera driver on Android prior to 2016-11-05. A local malicious app could execute arbitrary code in the kernel context. Affected devices in the public tables include Nexus 5X, Nexus 6P, and related devices (Android One, Pixel family). The...

9.3CVSS7.5AI score0.00724EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.56 views

CVE-2016-6750

CVE-2016-6750 denotes an information-disclosure vulnerability in Qualcomm components used by Android—specifically the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver. The issue could allow a local malicious app to access data outside its permission levels, but only after co...

5.5CVSS5.1AI score0.00414EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.56 views

CVE-2016-6767

CVE-2016-6767 describes a denial-of-service vulnerability in Mediaserver on Android 4.4.4 that could be triggered by a specially crafted file to cause a device hang or reboot. The primary affected component is Mediaserver (Android). The public material confirms the impact as DoS and notes remote ...

7.1CVSS5.5AI score0.00529EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.56 views

CVE-2016-6772

CVE-2016-6772 is an Android Wi‑Fi elevation of privilege vulnerability. The issue could let a local malicious app execute code in the context of a privileged Wi‑Fi process. Affected products/versions per the entry: Android 5.0.2, 5.1.1, 6.0, 6.0.1, and 7.0. The root cause is exploitation of the W...

9.3CVSS7.1AI score0.02797EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.56 views

CVE-2016-8419

CVE-2016-8419 is a local elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver affecting Android. The issue could allow a local malicious application to execute arbitrary code in the kernel context by exploiting the Qualcomm Wi‑Fi driver. Affected components/files are tied to the Andr...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2016-8436

CVE-2016-8436 matches an elevation-of-privilege flaw in the Qualcomm video driver affecting Android kernels (Kernel-3.18). The vulnerability could let a local malicious app execute arbitrary code in the kernel context, potentially causing a permanent device compromise and requiring reflashing to ...

9.3CVSS7.4AI score0.00677EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.56 views

CVE-2017-0402

CVE-2017-0402 describes an information disclosure vulnerability in Audioserver (libeffects, path lvm/wrapper/Bundle/EffectBundle.cpp) that could allow a local malicious Android app to access data outside its permission levels. Affected products/versions include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6...

5.5CVSS5.2AI score0.00485EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.56 views

CVE-2017-0409

CVE-2017-0409 is a remote code execution vulnerability in Android’s libstagefright. The connected documents confirm the affected component (libstagefright) and that exploitation involves processing a specially crafted file to run code in the context of an unprivileged process, with Android versio...

7.8CVSS7.5AI score0.0121EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.56 views

CVE-2017-0423

CVE-2017-0423 is an elevation-of-privilege vulnerability in the Android Bluetooth stack. A proximate attacker could leverage a separate Bluetooth stack vulnerability to manage access to documents on Android devices. Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1...

5.3CVSS5.3AI score0.00329EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.56 views

CVE-2017-0476

CVE-2017-0476 : A remote code execution vulnerability in AOSP Messaging causing memory corruption during media/file processing via a specially crafted file. Affected: Android 6.0, 6.0.1, 7.0, 7.1.1 (Android ID A-33388925). Impact: remote code execution within an unprivileged context. Source notes...

7.8CVSS7.5AI score0.01049EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.56 views

CVE-2017-0494

Technical details (affected component/version or root cause) are not publicly provided in the connected documents for CVE-2017-0494; available descriptions note an information-disclosure issue in AOSP Messaging affecting Android 6.0–7.1.1. Monitor for updates.

5.5CVSS5.1AI score0.00556EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.56 views

CVE-2017-0532

CVE-2017-0532 describes an information-disclosure vulnerability in the MediaTek video codec driver that could allow a local malicious Android app to access data outside its permission levels. The issue is considered moderate because exploitation requires compromising a privileged process. The rec...

4.7CVSS4.3AI score0.0038EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.56 views

CVE-2017-0538

CVE-2017-0538 is a remote code execution vulnerability in libavc used by Android Mediaserver. A specially crafted media file can trigger memory corruption during processing, allowing code execution within Mediaserver. Affected Android versions: 6.0, 6.0.1, 7.0, 7.1.1. Root cause: memory corruptio...

9.3CVSS7.7AI score0.01575EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.56 views

CVE-2017-0551

CVE-2017-0551 is a remote denial-of-service vulnerability in Android’s Mediaserver Libavc implementation. It affects Android 6.0, 6.0.1, 7.0, and 7.1.1, where processing a specially crafted file could cause a device hang or reboot. Public details in the provided documents describe the issue and a...

7.1CVSS5.7AI score0.01163EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.56 views

CVE-2017-0615

CVE-2017-0615 is an elevation-of-privilege vulnerability in the MediaTek power driver on Android that could allow a local malicious application to execute arbitrary code in the kernel context after compromising a privileged process. The entry notes the issue is high severity and that patches are ...

7.6CVSS6.6AI score0.00587EPSS
CVE
CVE
added 2017/06/14 1:0 p.m.56 views

CVE-2017-0639

CVE-2017-0639 is an information-disclosure vulnerability within Android’s Bluetooth component. The issue could allow a local malicious application to access data outside its permissions, effectively bypassing OS data isolation. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7....

5.5CVSS4.8AI score0.00454EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.56 views

CVE-2017-0680

CVE-2017-0680 is described across the provided documents as a remote code execution vulnerability in the Android media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected sources reiterate the issue but do not provide concrete technical details in these documents about th...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.56 views

CVE-2017-0686

CVE-2017-0686 is a denial-of-service vulnerability reported in the Android media framework affecting Android versions 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 (Android ID A-34231231). Connected CNVD entry CNVD-2017-15983 mirrors a media framework DoS in Android, describing a vulnerability in the Android...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.56 views

CVE-2017-0731

The CVE-2017-0731 entry corresponds to an elevation of privilege in the Android media framework (mpeg4 encoder). According to CNVD-2017-23424, the issue exists in Android’s Media framework mpeg4 encoder and could allow an attacker to execute arbitrary code with elevated privileges. The initial de...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.56 views

CVE-2017-0774

CVE-2017-0774 is a denial-of-service vulnerability in Android’s media framework (libstagefright) affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0/6.0.1, 7.0, 7.1.1, and 7.1.2. The issue is described in public sources as a DoS in the media framework; no exploit vectors, root cause details, or a...

7.1CVSS5.9AI score0.00331EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.56 views

CVE-2017-0790

CVE-2017-0790 is a local elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver used by Android kernel. The issue is categorized as EoP and is located in the Broadcom Wi‑Fi driver component; the Android bulletin lists CVE-2017-0790 under Broadcom components with a Moderate Android bug ...

8.8CVSS8.6AI score0.00279EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.56 views

CVE-2017-0836

CVE-2017-0836 is a remote code execution vulnerability in the Android media framework (libhevc). Affected product: Android. Affected versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. The issue resides in the Media Framework and could allow an attacker to run arbitrary code, typically by...

9.3CVSS7.7AI score0.01284EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.56 views

CVE-2017-0860

CVE-2017-0860 is an elevation-of-privilege vulnerability in Android’s inputdispatcher subsystem (Android System). Affected versions include 5.0.2, 5.1.1, 6.0/6.0.1, 7.0, 7.1.1, and 7.1.2. The root cause is described as an inputdispatcher-related elevation of privilege, allowing an attacker to gai...

5.3CVSS5.8AI score0.00129EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.56 views

CVE-2017-0880

CVE-2017-0880 is a DoS vulnerability in the Android media framework (libskia) affecting Android 7.0, 7.1.1, and 7.1.2. The issue is documented in multiple sources (NVD/NVD-family and CVE listings) with the Android 2017-12-01/2017-12-05 patch levels addressing these vulnerabilities. The connected ...

7.1CVSS6.3AI score0.00428EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.56 views

CVE-2017-11032

The CVE-2017-11032 issue affects Android builds using CAF Linux kernels (Android MSM/CAF variants). It describes a double-free in the service_locator_send_msg() path when kmalloc fails to allocate memory for resp/req pointers, potentially enabling local privilege elevation. Affected components ar...

7.8CVSS7AI score0.00138EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.56 views

CVE-2017-13152

CVE-2017-13152 is an information disclosure vulnerability in Android’s media framework (libmedia drm) affecting Android 5.1.1 through 8.0.0. The public descriptions identify the affected component and versions, with the Pixel/Nexus security bulletin listing this CVE under the Media framework as a...

7.5CVSS7AI score0.00412EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.56 views

CVE-2017-13162

CVE-2017-13162 is an elevation-of-privilege vulnerability in the Android kernel binder (Binder IPC). The issue is a local exploit affecting the Android kernel components that implement Binder, allowing a non-privileged (local) attacker to escalate privileges with a high impact on confidentiality,...

9.3CVSS7.4AI score0.00486EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.56 views

CVE-2017-13245

CVE-2017-13245 is an Elevation of Privilege vulnerability in the Android Upstream kernel audio driver (kernel component). The Android Pixel/Nexus bulletin and CVE records identify the issue as a local EoP in the Audio driver within the Android kernel, with patched AOSP versions referenced (patch ...

7.8CVSS6.8AI score0.00154EPSS
CVE
CVE
added 2018/02/12 7:0 p.m.56 views

CVE-2017-13247

CVE-2017-13247 affects the Pixel 2 bootloader (Android). The issue is a missing permission check in the bootloader that bypasses the carrier bootloader lock, enabling local elevation of privileges with user-privilege requirements. Exploitation is described as local with no user interaction requir...

7.8CVSS7.3AI score0.00156EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.56 views

CVE-2017-13276

CVE-2017-13276 concerns a stack buffer overflow in the Android tpdec_asc.cpp module, specifically in the function CProgramConfig_ReadHeightExt, caused by a missing bounds check. This vulnerability could enable remote code execution with the attacker having no special privileges beyond a user on t...

7.8CVSS8.1AI score0.00693EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.56 views

CVE-2017-13303

CVE-2017-13303 is a memory information-disclosure vulnerability in the Broadcom bcmdhd driver used by Android kernel. Affected component: Broadcom bcmdhd driver; root cause: information disclosure vulnerability in that driver. Impact per sources: partial confidentiality breach with no integrity/a...

5.3CVSS4.9AI score0.00347EPSS
CVE
CVE
added 2018/04/03 5:0 p.m.56 views

CVE-2017-15822

CVE-2017-15822 affects Qualcomm-based Android devices (MSM) including Firefox OS for MSM and QRD Android builds within CAF releases prior to the 2018-04-05 security patch level. Description: a buffer overflow may occur while processing an 802.11 management frame in the Linux kernel components use...

8.8CVSS8AI score0.00379EPSS
CVE
CVE
added 2020/04/07 3:53 p.m.56 views

CVE-2017-18650

The CVE-2017-18650 entry affects Samsung mobile devices running N(7.x) software. The issue is triggered when reading a malformed wpa_supplicant.conf, causing the WifiStateMachine to throw an IllegalArgumentException and the device to reboot. Samsung’s internal tracking references SVE-2017-9828 (O...

7.5CVSS7.6AI score0.00415EPSS
CVE
CVE
added 2020/04/07 2:48 p.m.56 views

CVE-2017-18667

CVE-2017-18667 affects Samsung mobile devices running KK (4.4), L (5.0/5.1), M (6.0), and N (7.x). The issue allows attackers to prevent users from learning that SMS storage space has been exhausted (Samsung ID SVE-2017-8702). The connected sources do not provide concrete exploitation vectors, im...

5CVSS4.8AI score0.00295EPSS
CVE
CVE
added 2020/04/07 2:1 p.m.56 views

CVE-2017-18692

CVE-2017-18692 affects Samsung mobile devices running M (6.0) and N (7.0) on certain chipsets (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, Exynos8895). The vulnerability is a race condition in the sec_ts touchscreen sysfs interface that can lead to a buffer overflow. Affected component: se...

8.1CVSS8.1AI score0.00307EPSS
CVE
CVE
added 2018/03/12 1:0 p.m.56 views

CVE-2017-6281

CVE-2017-6281 affects NVIDIA libnvomx and is described as a possible out-of-bounds write caused by improper input validation, leading to local elevation of privilege. The NVIDIA SHIELD TV advisory lists Libnvomx as the vulnerable component and rates the issue as EoP (High). Affected product: SHIE...

7.8CVSS7.8AI score0.00158EPSS
CVE
CVE
added 2017/05/12 8:0 p.m.56 views

CVE-2017-8245

CVE-2017-8245 affects Android releases from CAF using the Linux kernel. The issue occurs while processing a voice SVC request with a payload size that overflows its declared size, causing an out-of-bounds memory copy. The initial documents provide no vendor/version specifics beyond CAF Android an...

7.8CVSS7.4AI score0.00179EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.56 views

CVE-2017-8261

CVE-2017-8261 is a Qualcomm component issue affecting the Camera driver in CAF Android builds using the Linux kernel. The root cause is a potential kernel overwrite in a camera driver ioctl, enabling Elevation of Privilege rather than remote code execution. The vulnerability is classified as EoP ...

7.8CVSS6.4AI score0.00356EPSS
CVE
CVE
added 2017/08/11 3:0 p.m.56 views

CVE-2017-8269

CVE-2017-8269 affects the Qualcomm IPA driver (IPA WAN) with a userspace-controlled non-null-terminated parameter in the IPA WAN ioctl, exposing kernel memory on CAF/Linux-based Android builds. Root cause: improper handling of a userspace parameter in the IPA WAN ioctl. Impact: kernel memory expo...

5.5CVSS5.9AI score0.00444EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.56 views

CVE-2017-9678

CVE-2017-9678 affects Qualcomm’s video driver in Android CAF builds on Linux kernel. The issue is memory corruption due to lack of bounds checking in memcpy(), enabling local exploitation with user interaction. CVSS v3.0 base score 7.8 (HIGH) with LOCAL exploit and HIGH impact on confidentiality,...

9.3CVSS7.4AI score0.00465EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.56 views

CVE-2017-9691

CVE-2017-9691 is a Qualcomm MobiCore (Trustonic) driver issue via a race condition in the debug message output path on Android devices (MSM, Firefox OS for MSM, QRD Android). The vulnerability allows access to already freed memory, exposing potential confidentiality impact. The connected document...

4.7CVSS5.2AI score0.00131EPSS
CVE
CVE
added 2019/02/11 3:0 p.m.56 views

CVE-2018-13893

CVE-2018-13893 affects Android platforms built on CAF Linux kernels, with the root cause described as out-of-bounds access when copying masks to userspace due to using an old value of the msg mask table count. The CVSS3 vector (LOCAL, LOW CIA/IIA, HIGH impact) indicates local access is required a...

7.8CVSS7.4AI score0.00151EPSS
CVE
CVE
added 2020/04/08 5:41 p.m.56 views

CVE-2018-21050

CVE-2018-21050 concerns Samsung mobile devices running N(7.x) and O(8.X) on Exynos chipsets, where a Buffer overflow in the esecomm Trustlet can lead to arbitrary code execution. The vulnerability is identified by Samsung as SVE-2018-12852 (October 2018). The connected records confirm the affecte...

10CVSS9.8AI score0.00869EPSS
CVE
CVE
added 2020/04/08 5:43 p.m.56 views

CVE-2018-21052

The CVE-2018-21052 entry concerns Samsung mobile devices running N(7.x) and O(8.X) with Exynos chipsets. The root cause is incorrect usage of shared memory in the vaultkeeper Trustlet, which can lead to arbitrary code execution. Affected component: vaultkeeper Trustlet; impact is arbitrary code e...

10CVSS9.6AI score0.00831EPSS
Total number of security vulnerabilities8153