Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2016/04/18 12:0 a.m.55 views

CVE-2016-0837

CVE-2016-0837 affects Android’s mediaserver via libstagefright (MPEG4Extractor.cpp). The issue allows remote code execution or a denial of service through a crafted media file due to an out-of-bounds read and memory corruption. Affected are Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x befo...

10CVSS8.8AI score0.02018EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.55 views

CVE-2016-10336

Technical details about CVE-2016-10336 are not publicly available in the provided connected documents. The material confirms memory regions unprotected during boot on CAF Android/Linux, but remediation specifics are not included here. Monitor for updates.

5.5CVSS5.6AI score0.00485EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.55 views

CVE-2016-10339

CVE-2016-10339 affects CAF Android builds using the Linux kernel. The issue allows HLOS to overwrite secure memory or read the keystore contents. Details across sources indicate the vulnerability impacts Android devices in CAF releases and were addressed in the 2017 Android security patches (June...

7.1CVSS6.7AI score0.00502EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.55 views

CVE-2016-10341

Technical details about CVE-2016-10341 are not provided in the connected documents. The initial description notes elevated privileges for third-party TEEs on CAF Android/Linux kernel, but no vendor, component, version, impact, or remediation details are disclosed here. Monitor for updates.

9.3CVSS7.5AI score0.00578EPSS
CVE
CVE
added 2020/04/07 12:50 p.m.55 views

CVE-2016-11045

The CVE-2016-11045 entry relates to Samsung mobile devices running Lollipop (5.0/5.1) where the Gallery library is vulnerable to memory corruption triggered by a malformed image. Documented impact indicates potential data/process integrity concerns within the Gallery component. The issue is assoc...

7.8CVSS7.8AI score0.00295EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.55 views

CVE-2016-2417

CVE-2016-2417 affects mediaserver’s mediaserver component (frameworks/av/media/libmedia/IOMX.cpp) on Android 4.x–6.x where a parameter data structure is not initialized, enabling information disclosure from process memory and potentially bypassing a protection mechanism. This is demonstrated via ...

10CVSS7.7AI score0.0532EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.55 views

CVE-2016-2421

The CVE-2016-2421 entry documents a vulnerability in Android’s Setup Wizard that allows physically proximate attackers to bypass Factory Reset Protection and delete data. Affected: Android 5.1.x before 5.1.1 and 6.x before 2016-04-01. Root cause is an exploit in the Setup Wizard flow that enables...

6.6CVSS6.2AI score0.00168EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.55 views

CVE-2016-2425

CVE-2016-2425 describes an information-disclosure vulnerability in AOSP Mail’s ComposeActivity.java where Android versions 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), and 6.x (before 2016-04-01) allow file:///data attachments, enabling a local attacker to obtain sensitive info...

5.5CVSS5.6AI score0.00471EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.55 views

CVE-2016-2428

CVE-2016-2428 affects Android mediaserver: libAACdec/src/aacdec_drc.cpp in mediaserver allows a crafted media file to cause memory corruption via inadequate thread limiting, enabling remote code execution or a denial of service. Affected Android releases: 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1...

10CVSS8.7AI score0.0206EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.55 views

CVE-2016-2442

Technical details for CVE-2016-2442 are not publicly provided in the supplied documents; monitor for updates.

7.6CVSS7AI score0.00371EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.55 views

CVE-2016-2449

CVE-2016-2449 affects Android mediaserver: Camera3Device.cpp in mediaserver allows privilege escalation due to not validating template IDs, enabling a crafted app to gain Signature or SignatureOrSystem access. Affected: Android 4.x before 4.4.4; 5.0.x before 5.0.2; 5.1.x before 5.1.1; 6.x before ...

9.3CVSS7.5AI score0.00411EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.55 views

CVE-2016-3755

CVE-2016-3755 affects the Android Mediaserver component, specifically decoder/ih264d_parse_pslice.c, where Mediaserver on Android 6.x before 2016-07-01 does not properly select concealment frames. This can allow a remote attacker to cause a denial of service (device hang or reboot) via a crafted ...

7.8CVSS7AI score0.00679EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.55 views

CVE-2016-3762

CVE-2016-3762 affects Android before patch levels: 5.0.2 for 5.0.x, 5.1.1 for 5.1.x, and 6.x before 2016-07-01. The issue is elevation of privileges in the sockets subsystem when a crafted application uses (1) AF_MSM_IPC or (2) another socket class unrecognized by SELinux, due to internal bug 286...

9.3CVSS7.5AI score0.00389EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.55 views

CVE-2016-3764

CVE-2016-3764 affects Android Mediaserver: media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver is vulnerable. A crafted application can cause information disclosure by obtaining sensitive pointer information. Affected Android versions include 4.x before 4.4.4, 5.0.x before 5.0....

5CVSS4.6AI score0.00322EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.55 views

CVE-2016-5854

CVE-2016-5854 involves a kernel information disclosure in Qualcomm SPCom driver components across Android for MSM, Firefox OS for MSM, and QRD Android. The underlying issue is that kernel heap memory can be exposed to userspace, enabling local information disclosure. Public documents list the aff...

4.7CVSS5.2AI score0.00457EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.55 views

CVE-2016-5863

Technical details about CVE-2016-5863 are not provided in the supplied documents. Public references exist (NVD, Ubuntu, SUSE, Tenable, ENISA) but no vendor/product/version/patch info is included here. Monitor for updates.

9.3CVSS7.3AI score0.0055EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.55 views

CVE-2016-5867

CVE-2016-5867 affects the Qualcomm sound driver in Android MSM (kernel sound subsystem). The root cause is that some variables originate from userspace and can be chosen to trigger a stack overflow, potentially enabling local impact. The initial description notes a stack overflow risk; CVSS3/2 me...

7.6CVSS6.9AI score0.00587EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.55 views

CVE-2016-6734

CVE-2016-6734 concerns the NVIDIA GPU driver on Android. The issue is an elevation of privilege that could allow a local malicious app to execute arbitrary code in the kernel context. Affected environment is Android platforms prior to the 2016-11-05 security patch level. The underlying impact is ...

9.3CVSS7.4AI score0.00686EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.55 views

CVE-2016-8414

CVE-2016-8414 is an information-disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator affecting Android. It permits a local attacker with a compromised privileged process to access data outside its permissions. Affected components are the Android kernel (Kernel-3.10 a...

4.7CVSS4.4AI score0.00672EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.55 views

CVE-2016-8421

CVE-2016-8421 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver on Android. A local malicious app could execute arbitrary code in the kernel context by exploiting this driver vulnerability. Affected components/versions noted in provided docs include the Qualcomm Wi‑Fi driver...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.55 views

CVE-2016-8422

CVE-2016-8422 is an elevation-of-privilege issue in the Qualcomm bootloader that could let a local malicious Android app execute code in the kernel context, potentially leading to permanent device compromise. The vulnerability is described as critical and is tied to the bootloader/Qualcomm stack;...

9.3CVSS7.4AI score0.00601EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.55 views

CVE-2016-8470

CVE-2016-8470 matches an information-disclosure issue in the MediaTek driver on Android. The vulnerability could allow a locally executed malicious app to access data outside its permission levels, due to a flaw in the MediaTek component and requires compromising a privileged process. The entry n...

4.7CVSS4.4AI score0.00317EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.55 views

CVE-2016-8476

CVE-2016-8476 is an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android, allowing a local malicious application to execute code in the kernel once a privileged process is compromised. The issue affects Android kernel versions 3.10 and 3.18; Android ID A-32879283. The NVD...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.55 views

CVE-2016-8488

CVE-2016-8488 is an elevation-of-privilege vulnerability in Qualcomm closed-source components within Android, affecting the Android kernel. The issue is described as an elevation of privilege in Qualcomm components used by Android devices; the CVSSv3 metrics indicate a CRITICAL impact with networ...

10CVSS8.4AI score0.01116EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.55 views

CVE-2017-0382

CVE-2017-0382 corresponds to a remote code execution vulnerability in the Framesequence library used by Android. A specially crafted file could allow an attacker to execute arbitrary code in the context of an unprivileged process. Technical details in connected documents show affected product sco...

7.8CVSS8.1AI score0.00946EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.55 views

CVE-2017-0395

Technical details about CVE-2017-0395 are not provided in the supplied documents; no specifics on affected components, root cause, or fixes are present. Monitor for updates from authoritative sources.

5.5CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.55 views

CVE-2017-0481

CVE-2017-0481 is an elevation-of-privilege vulnerability in Android’s NFC component. The description specifies it could allow a proximate attacker to execute arbitrary code in a privileged process, with affected Android versions including 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The conne...

9.3CVSS7.2AI score0.00807EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.55 views

CVE-2017-0489

CVE-2017-0489 is an elevation-of-privilege vulnerability in Android’s Location Manager that could allow a local malicious app to bypass OS protections for location data. Affected products/versions are Android 4.4.4 through 7.1.1 (including 5.x, 6.x, 7.0, 7.1.1). The issue is described as Moderate...

5.5CVSS5.5AI score0.00392EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.55 views

CVE-2017-0496

Technical details about CVE-2017-0496 are not publicly provided in the supplied connected documents. The sources reiterate a denial-of-service impact for Android Setup Wizard but do not specify affected versions, vectors, or fixes. Monitor for updates from official advisories.

5.5CVSS5.2AI score0.00392EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.55 views

CVE-2017-0544

CVE-2017-0544 is an Android CameraBase elevation of privilege vulnerability enabling a local malicious app to execute arbitrary code in a privileged process. Affected products/versions: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. The vulnerability is described in the Android bulletin as ...

9.3CVSS7.8AI score0.00855EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.55 views

CVE-2017-0559

CVE-2017-0559 is an information-disclosure vulnerability in Android's libskia that could let a local malicious app access data outside its permission levels. Affected versions include Android 4.4.4 through 7.1.1. The provided documents do not specify the root cause details or a remediation/patch....

5.5CVSS5.2AI score0.00541EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.55 views

CVE-2017-0587

CVE-2017-0587 describes a remote code execution vulnerability in the Android Mediaserver component, specifically in libmpeg2 used during media file and data processing. The underlying issue is memory corruption triggered by processing specially crafted media files, allowing an attacker to execute...

9.3CVSS7.6AI score0.01532EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.55 views

CVE-2017-0590

CVE-2017-0590 describes a remote code execution in the Mediaserver component of Android via a crafted media file that triggers memory corruption in the libhevc path. Affected products/versions include Android releases 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The vulnerability stems from a...

9.3CVSS7.6AI score0.01532EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.55 views

CVE-2017-0596

CVE-2017-0596 is an Android Mediaserver (libstagefright) elevation-of-privilege vulnerability. The issue could allow a local malicious app to execute code with the privileges of Mediaserver. Affected products/versions listed in sources include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1...

9.3CVSS7.2AI score0.00814EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.55 views

CVE-2017-0619

The CVE-2017-0619 entry describes an elevation-of-privilege vulnerability in the Qualcomm pin controller driver on Android kernels (Kernel-3.10). A local malicious app could execute arbitrary code in the kernel context. The CVSS indicates LOCAL access with HIGH impact on confidentiality, integrit...

7.6CVSS6.6AI score0.00575EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.55 views

CVE-2017-0793

CVE-2017-0793 is an information-disclosure vulnerability in Android’s Imgtk memory subsystem within the Android kernel. Affected: Android (Imgtk/memory subsystem). Impact: potential unauthorized access to data (confidentiality impact HIGH per CVSS). Exploitation details are not provided in the co...

7.1CVSS5.8AI score0.00401EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.55 views

CVE-2017-0816

CVE-2017-0816 is an information-disclosure vulnerability in Android’s media framework (libeffects). Affected products: Android releases listed in the CVE entry (4.4.4–8.0). The root cause is described as a vulnerability within the media framework that can disclose sensitive information. Public re...

5.5CVSS5AI score0.0047EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.55 views

CVE-2017-0823

CVE-2017-0823 is an information-disclosure vulnerability in Android’s radio interface layer (rild). Affected: Android (versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2). Root cause: information disclosure in rild (no technical details provided). Impact: potential partial disclosure of ...

7.5CVSS6.8AI score0.00591EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.55 views

CVE-2017-0829

CVE-2017-0829 is an elevation-of-privilege issue in the Motorola bootloader affecting Android kernel components. The linked records consistently describe this as a bootloader vulnerability that can elevate privileges on affected devices. The NVD entry summarizes it as controlling privilege escala...

9.8CVSS8AI score0.00498EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.55 views

CVE-2017-0833

CVE-2017-0833 is a remote code execution vulnerability in Android’s media framework (libavc) affecting Android devices running versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0 (Android ID: A-62896384). The initial descriptions consistently identify the issue as a media framework RCE, with no publi...

9.3CVSS7.7AI score0.01311EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.55 views

CVE-2017-11002

CVE-2017-11002 is a Qualcomm Wi‑Fi driver information exposure/DoS type issue described as: in all Qualcomm products with Android CAF builds using the Linux kernel, when processing a vendor sub-command, a buffer over-read can occur. The connected sources confirm this CVE ID is classified as an In...

5.5CVSS6.1AI score0.00368EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.55 views

CVE-2017-11059

CVE-2017-11059 describes a potential buffer overflow in Android for MSM, Firefox OS for MSM, QRD Android, and CAF Linux-kernel releases, caused by setting the HMAC key from different threads during SHA operations. The vulnerability is tied to how the HMAC key is handled under multi-threaded SHA p...

7.8CVSS7.2AI score0.00163EPSS
CVE
CVE
added 2017/11/16 10:0 p.m.55 views

CVE-2017-11092

CVE-2017-11092 is an Android/AAF (KGSL) vulnerability in the Qualcomm graphics driver: the kgsl_ioctl_gpu_command path can trigger a Use After Free condition in the KGSL kernel driver on Android for MSM, Firefox OS for MSM, and QRD Android builds with CAF Linux kernels. The description notes a Us...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.55 views

CVE-2017-13184

CVE-2017-13184 affects Android 8.0–8.1 SurfaceFlinger. In enableVSyncInjections, a use-after-free on mVSyncInjector can enable local elevation of privilege with code execution in a privileged process; no user interaction required. Exploitation details are not provided in the connected documents. ...

7.8CVSS7.6AI score0.0022EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.55 views

CVE-2017-13267

CVE-2017-13267 affects Android's avrc_pars_vendor_cmd in avrc_pars_tg.cc, with a stack corruption risk due to a missing bounds check. The vulnerability enables remote escalation of privilege with no user interaction, as described in the NVD entry (CVE-2017-13267) and reflected in the Android Secu...

10CVSS8.7AI score0.0165EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.55 views

CVE-2017-13293

CVE-2017-13293 affects Android kernel NFC driver. In the nfc_hci_cmd_received() function of core.c, there is a missing bounds check that can cause an out-of-bounds write, enabling local elevation of privilege in the kernel without extra execution privileges or user interaction. The connected Andr...

7.8CVSS7.6AI score0.00178EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.55 views

CVE-2017-14896

The CVE affects Android devices using Qualcomm GUD mobicore driver (Android for MSM/CAF builds) where a memory allocation occurs without validating length, causing an undersized buffer and potential kernel memory overwrite. Root cause: missing length-field validation in the mobicore driver. Impac...

7.8CVSS7.1AI score0.00155EPSS
CVE
CVE
added 2017/12/05 7:0 p.m.55 views

CVE-2017-14897

The CVE-2017-14897 entry corresponds to a local privilege-elevation flaw in the RPMB/CAF kernel path used by Android on MSM/CAF builds. The described issue is that, while handling QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed from kernel space, enabling local explo...

7.8CVSS7.2AI score0.00158EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.55 views

CVE-2017-14905

CVE-2017-14905 affects Android on MSM (and related CAF/Linux-kernel-based builds) via a buffer over-read when handling a specially crafted cfg80211 vendor command in the wireless networking stack. The CNVD/CVE records describe this as information disclosure due to a buffer over-read, impacting Qu...

5.3CVSS5AI score0.0034EPSS
CVE
CVE
added 2018/03/30 3:0 p.m.55 views

CVE-2017-14906

CVE-2017-14906 affects Android on Qualcomm Snapdragon IoT devices (including Snapdragon Mobile MDM9206/MDM9607/MSM8909W, SD 210/212/205, SD 410/12) where PKCS7 padding is not supported by the crypto storage APIs. According to NVD, the issue is rated CVSS v3.0/9.8 (CRITICAL) with network attack ve...

10CVSS8.4AI score0.01116EPSS
Total number of security vulnerabilities8153