Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2018/09/18 6:0 p.m.55 views

CVE-2017-15828

CVE-2017-15828 affects CAF builds of Android (Android for MSM, Firefox OS for MSM, QRD Android) running on the Linux kernel. The vulnerability is an integer overflow during keystore access in LK, which may lead to a buffer overflow. Public references in the provided documents confirm the issue an...

7.8CVSS7.6AI score0.00183EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.55 views

CVE-2017-15831

CVE-2017-15831 describes a vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux, where the function wma_ndp_end_indication_event_handler() performs no input validation on an event_info value from firmware. This can cause an integer overflow and potentially ...

7.8CVSS7.3AI score0.00172EPSS
CVE
CVE
added 2018/03/16 10:0 p.m.55 views

CVE-2017-18054

CVE-2017-18054 describes a buffer overflow risk in Qualcomm WMA within Android CAF builds, caused by improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_handler() and the value received from firmware. The vulnerability affects Android for MSM, Firefox OS for MSM,...

7.8CVSS7.2AI score0.00173EPSS
CVE
CVE
added 2018/07/06 5:0 p.m.55 views

CVE-2017-18158

CVE-2017-18158 is a buffer overflow/array bounds issue in Android builds based on CAF with the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) that could occur while flashing images. Root cause: improper memory handling leading to overflows. Impact per documented data: local impac...

7.8CVSS7.5AI score0.00194EPSS
CVE
CVE
added 2020/04/08 1:8 p.m.55 views

CVE-2017-18644

Samsung CVE-2017-18644 affects mobile devices running L(5.1), M(6.x), and N(7.x). The issue is a heap-based buffer overflow in muic_set_reg_sel when reading MUIC register values (root cause). The Samsung ID is SVE-2017-10011. No fixes or mitigations are detailed in the provided documents; referen...

9.8CVSS9.7AI score0.0044EPSS
CVE
CVE
added 2020/04/07 3:51 p.m.55 views

CVE-2017-18651

The CVE-2017-18651 entry describes an issue on Samsung mobile devices running M(6.x) and N(7.x) software, where an Integer Overflow occurs in process_M_SetTokenTUIPasswd while handling a trusted application, leading to memory corruption. The affected components are Samsung mobile platforms with S...

7.5CVSS7.5AI score0.00415EPSS
CVE
CVE
added 2018/03/06 4:0 p.m.55 views

CVE-2017-6283

CVE-2017-6283 affects NVIDIA Security Engine where the RSA keyslot read/write lock permissions are cleared on chip reset, potentially enabling information disclosure. The issue is documented across NVIDIA advisories (Jetson TX1/TX2/TK1 and SHIELD TV) as part of a set of vulnerabilities in the Sec...

5.5CVSS6AI score0.00156EPSS
CVE
CVE
added 2018/03/06 4:0 p.m.55 views

CVE-2017-6296

NVIDIA CVE-2017-6296 affects the TrustZone DRM application in NVIDIA SHIELD TV. The issue is a TOCTOU vulnerability that may lead to denial of service or privilege escalation. Public details identify SHIELD TV SE 6.2 and earlier as affected; NVIDIA’s bulletin indicates updating to SE 6.3 to mitig...

7CVSS7.2AI score0.001EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.55 views

CVE-2017-8242

CVE-2017-8242 affects Android CAF releases that use the Linux kernel and involve the Secure Execution Environment (QTEE) driver. The issue is a race condition in the QTEE driver that can lead to an arbitrary memory write. The provided connected sources confirm the vulnerability description but do...

5.9CVSS5.7AI score0.00321EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.55 views

CVE-2017-9682

CVE-2017-9682 affects the Qualcomm KGSL GPU driver in Android CAF builds on Linux kernel. Description: a race condition between two KGSL driver functions can cause a Use After Free. Exploitation details are not provided in the connected documents. Mitigation: Android security bulletin patches (Au...

4.7CVSS5.2AI score0.00277EPSS
CVE
CVE
added 2018/09/04 4:0 p.m.55 views

CVE-2018-11262

CVE-2018-11262 is a critical issue documented in Qualcomm bootloader components (Android bulletin entry) with an associated out-of-bounds write risk in GPT patching caused by the TotalPart count exceeding GPT Header MaxPtCnt. The connected records indicate this CVE affects Qualcomm bootloader in ...

7.8CVSS7AI score0.00202EPSS
CVE
CVE
added 2018/09/18 6:0 p.m.55 views

CVE-2018-11301

CVE-2018-11301 describes an integer overflow caused by a missing buffer-length check while processing debug log events from firmware in Android CAF builds using the Linux kernel, affecting Qualcomm WLAN Host components across Android releases such as Android for MSM, Firefox OS for MSM, and QRD A...

7.8CVSS7.5AI score0.00187EPSS
CVE
CVE
added 2020/04/08 5:14 p.m.55 views

CVE-2018-21075

CVE-2018-21075 affects Samsung mobile devices running Android N (7.x) and O (8.x). The issue arises in the Call+ application which can load classes from an unintended path, enabling code execution. This vulnerability is documented in multiple sources (NVD entry, Red Hat advisory, CNVD, CVE listin...

9.8CVSS9.4AI score0.00652EPSS
CVE
CVE
added 2018/11/06 5:0 p.m.55 views

CVE-2018-9361

CVE-2018-9361 describes an out-of-bounds read in process_l2cap_cmd of l2c_main.cc, leading to remote information disclosure without extra privileges and no user interaction. Multiple sources align on Android impact across versions 6.0–8.1. The vulnerability affects Bluetooth L2CAP handling; the u...

7.8CVSS6.9AI score0.01709EPSS
CVE
CVE
added 2024/11/19 7:16 p.m.55 views

CVE-2018-9368

Concretely affects MediaTek mtksocoaudio (debugfs) in the Android stack. The vulnerability is caused by a missing bounds check combined with weakened SELinux policies in the mtksocoaudio debugfs, enabling an arbitrary kernel memory write. Impact: local privilege escalation to a system/privileged ...

7.8CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2024/11/19 7:22 p.m.55 views

CVE-2018-9371

CVE-2018-9371 affects the Mediatek Preloader/bootloader. It describes out-of-bounds reads/writes via an exposed interface that permits arbitrary peripheral memory mapping due to insufficient blacklisting/whitelisting. Under the described conditions, this can enable local elevation of privilege wi...

7.8CVSS6.4AI score0.00093EPSS
CVE
CVE
added 2025/01/28 4:52 p.m.55 views

CVE-2018-9373

CVE-2018-9373 is a vulnerability in the Mediatek WLAN TDLS path (TdlsexRxFrameHandle) of the MTK WLAN driver. The issue is an out-of-bounds write caused by a missing bounds check, enabling remote escalation of privilege with no additional privileges and no user interaction. Documents consistently...

8.8CVSS9.3AI score0.00195EPSS
CVE
CVE
added 2018/10/02 7:0 p.m.55 views

CVE-2018-9501

CVE-2018-9501 describes a vulnerability in the Android SetupWizard that allows a Factory Reset Protection bypass via a permissions bypass, enabling local escalation of privilege with no additional execution privileges and no user interaction required. Affected Android versions include 7.0, 7.1.1,...

7.8CVSS7.6AI score0.00224EPSS
CVE
CVE
added 2018/11/14 6:0 p.m.55 views

CVE-2018-9545

CVE-2018-9545 affects Android 9, with a local escalation of privilege due to an out-of-bounds write in BTA_HdRegisterApp (bta_hd_api.cc) caused by a missing bounds check. The issue enables a local attacker to potentially escalate privileges without user interaction. The vulnerability is documente...

7.8CVSS8.1AI score0.00166EPSS
CVE
CVE
added 2018/12/06 2:0 p.m.55 views

CVE-2018-9547

CVE-2018-9547 impacts Android 8.1 and 9, specifically the GraphicBuffer.cpp unflatten path. Description: a bad file descriptor close due to insufficient input validation could allow local escalation of privilege in the system server, with no user interaction required. The issue affects the Androi...

7.8CVSS7.6AI score0.00168EPSS
CVE
CVE
added 2019/02/28 5:0 p.m.55 views

CVE-2019-2001

CVE-2019-2001 affects the Android kernel iomem implementation. The issue is that the permissions on /proc/iomem were world-readable, enabling local information disclosure without any execution privileges or user interaction. The vulnerability is a local information disclosure (ID) with impact on ...

5.5CVSS5.1AI score0.0018EPSS
CVE
CVE
added 2020/03/24 6:1 p.m.55 views

CVE-2019-20546

Samsung mobile devices running Android N (7.x), O (8.x), and P (9.0) with Broadcom Wi‑Fi chipsets are affected by a denial‑of‑service risk via a shared interface with Broadcom Bluetooth. The issue, tracked as SVE‑2019‑15350, is documented across CVE‑2019‑20546 and related feeds. No exploitation d...

6.5CVSS6.5AI score0.0023EPSS
CVE
CVE
added 2020/03/24 6:43 p.m.55 views

CVE-2019-20575

The CVE-2019-20575 entry concerns Samsung mobile devices running P(9.0). The vulnerability lies in the WPA3 handshake, allowing a downgrade or dictionary attack. Affected component: WPA3 handshake implementation on Samsung devices (SVE-2019-14204 reference). The available connected records corrob...

5.4CVSS5.6AI score0.00121EPSS
CVE
CVE
added 2020/03/24 7:23 p.m.55 views

CVE-2019-20610

The CVE-2019-20610 entry describes a double-fetch vulnerability in Trustlet on Samsung mobile devices running N(7.X) and O(8.X) with Exynos 7570/7870/7880/7885/8890/8895/9810 chipsets, enabling arbitrary TEE code execution. Affected component: Trustlet in the TEE. Root cause: double-fetch window ...

9.3CVSS8.2AI score0.00581EPSS
CVE
CVE
added 2020/04/17 1:46 p.m.55 views

CVE-2019-20783

CVE-2019-20783 affects LG mobile devices running Android 7.0–8.1 (North America CDMA). The issue is in the LTE protocol implementation, which allows a bypass of Authentication and Key Agreement (AKA). The available records (NVD, Red Hat advisory, CVE listings) describe the vulnerability and its L...

9.1CVSS9AI score0.00425EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.55 views

CVE-2019-2085

Summary: CVE-2019-2085 is an out-of-bounds write in libxaac on Android 10 due to a missing bounds check, enabling remote code execution with user interaction required. The issue is tied to the Android 10 libxaac/Android-10 stack, with a high impact and network attack vector per CVE details. Affec...

8.8CVSS9AI score0.00714EPSS
CVE
CVE
added 2019/07/08 5:39 p.m.55 views

CVE-2019-2116

CVE-2019-2116 affects Android: a possible out-of-bounds read in save_attr_seq of sdp_discovery.cc could lead to remote information disclosure without user interaction. Documented impact is information disclosure (confidentiality) with no execution privileges required. Affected Android versions in...

7.5CVSS6.9AI score0.00818EPSS
CVE
CVE
added 2019/11/13 5:43 p.m.55 views

CVE-2019-2198

CVE-2019-2198 is a SQL injection vulnerability in Android’s Download Provider that can lead to local information disclosure without user interaction. Affected: Android 8.0–10 (Download Provider query selection parameter). Root cause: SQL injection in the Download Provider. Impact: local informati...

5.5CVSS5.5AI score0.00403EPSS
CVE
CVE
added 2019/11/13 5:42 p.m.55 views

CVE-2019-2208

CVE-2019-2208 affects Android components (Android 8.1 and 9) with a flaw in V8 JIT code during PromiseBuiltinsAssembler::NewPromiseCapability, causing an out-of-bounds read. This can lead to remote information disclosure without user interaction or privileges. The connected records confirm the is...

7.8CVSS7.1AI score0.01004EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.55 views

CVE-2019-9315

CVE-2019-9315 affects the Android 10 Media Framework component libhevc, where a missing variable initialization creates a condition for information disclosure. The issue could permit remote disclosure without additional execution privileges; exploitation requires user interaction. The CVSS data i...

6.5CVSS6.5AI score0.00732EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.55 views

CVE-2019-9336

CVE-2019-9336 affects the Android 10 Media framework component libavc. The vulnerability is an information-disclosure flaw caused by uninitialized data, enabling remote information disclosure with no execution privileges needed. Exploitation requires user interaction. The issue is documented in t...

6.5CVSS6.1AI score0.00769EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.55 views

CVE-2019-9402

CVE-2019-9402 affects Android 10 Bluetooth: a missing bounds check in the Bluetooth stack can cause remote denial of service with no privileges and no user interaction. The vulnerability is triggered via network access, resulting in a DoS affecting availability (high in CVSS3). Exploitation detai...

7.5CVSS7.6AI score0.00797EPSS
CVE
CVE
added 2019/09/27 6:5 p.m.55 views

CVE-2019-9424

CVE-2019-9424 affects Android 10: a vulnerability in the Screen Lock where the setting to hide the unlock pattern can be ignored under certain conditions, causing information disclosure. The vulnerability is listed in Android 10 security release notes and has NVD scores of 4.3 (CVSS2) and 7.5 (CV...

7.5CVSS7.4AI score0.00405EPSS
CVE
CVE
added 2020/01/06 5:25 p.m.55 views

CVE-2019-9472

CVE-2019-9472 describes a timing side-channel in DCRYPTO_equals (compare.c) in the Android kernel/Titan-M component, enabling local information disclosure without extra privileges and without user interaction. Public details across sources confirm the root cause as improper crypto usage, with dis...

5.5CVSS5.5AI score0.00139EPSS
CVE
CVE
added 2020/03/15 9:17 p.m.55 views

CVE-2019-9474

CVE-2019-9474 : Affects Android 10 devices’ Bluetooth stack. The issue is an out-of-bounds read caused by a missing bounds check in Bluetooth, enabling remote information disclosure without user interaction. Exploitation details are not provided in the connected documents beyond the high-level de...

7.5CVSS7.3AI score0.00804EPSS
CVE
CVE
added 2020/02/13 2:20 p.m.55 views

CVE-2020-0015

CVE-2020-0015 affects the Android framework via CertInstaller.java (onCreate), where an attacker could overlay the Certificate Installation dialog to escalate privileges locally without extra execution privileges. Impact is described as local EoP with partial confidentiality/integrity/availabilit...

7.8CVSS7.7AI score0.00162EPSS
CVE
CVE
added 2020/05/14 8:12 p.m.55 views

CVE-2020-0090

CVE-2020-0090 is a vulnerability in the MediaTek Email component on Android devices. It is described as an improper authorization in the receiver component. According to the connected Android bulletin entry, this issue is categorized under the MediaTek components with CVE-2020-0090 and is listed ...

5.5CVSS5.4AI score0.00134EPSS
CVE
CVE
added 2020/05/14 8:8 p.m.55 views

CVE-2020-0105

CVE-2020-0105 affects Android 9 and 10. It stems from a missing permission check in onKeyguardVisibilityChanged within key_store_service.cpp, enabling local privilege escalation to use keyguard-bound keys when the screen is locked, without extra execution privileges. CVSS data (NVD) shows LOCAL a...

7.8CVSS7.5AI score0.00138EPSS
CVE
CVE
added 2020/06/10 5:12 p.m.55 views

CVE-2020-0113

CVE-2020-0113 is a Media framework information-disclosure vulnerability in Android 9–10. In Camera3OutputUtils.cpp, sendCaptureResult can trigger an out-of-bounds read due to a use-after-free, leading to local information disclosure without extra user interaction. Android bulletin 2020-06-01 clas...

5.5CVSS5.4AI score0.00361EPSS
CVE
CVE
added 2020/06/10 5:11 p.m.55 views

CVE-2020-0115

CVE-2020-0115 is a local elevation-of-privilege vulnerability in Android’s PackageManagerService (verifyIntentFiltersIfNeeded) that could let a malicious app become the default handler for arbitrary domains, bypassing intended privileges with no user interaction. Affected: Android 8.0–8.1, 9, and...

7.8CVSS7.7AI score0.00164EPSS
CVE
CVE
added 2020/06/04 5:8 p.m.55 views

CVE-2020-13830

Technical details are not publicly available in the provided documents. Monitor for updates from official sources.

7.5CVSS7.5AI score0.00431EPSS
CVE
CVE
added 2020/06/04 5:4 p.m.55 views

CVE-2020-13835

The CVE-2020-13835 issue affects Samsung mobile devices running O(8.x) with TEEGRIS, specifically involving the Gatekeeper Trustlet. The vulnerability stems from a brute-force weakness in the Trustlet that allows credential guessing, enabling a user credential brute-force attack. The issue is tie...

9.8CVSS9.3AI score0.00404EPSS
CVE
CVE
added 2020/06/04 5:3 p.m.55 views

CVE-2020-13836

CVE-2020-13836 affects Samsung mobile devices running O(8.x), P(9.0), and Q(10.0). A path traversal vulnerability exists in the HWRResProvider that can lead to data exposure. This is documented across multiple sources (including NVD, Red Hat, CNVD, CVE lists) with the Samsung ID SVE-2020-16954. T...

7.5CVSS7.6AI score0.00492EPSS
CVE
CVE
added 2020/10/06 6:36 p.m.55 views

CVE-2020-26601

Technical details about CVE-2020-26601 are not publicly provided in the connected documents. Monitor for updates from Samsung and security advisories.

7.5CVSS7.4AI score0.00366EPSS
CVE
CVE
added 2021/02/02 11:0 p.m.55 views

CVE-2021-0365

CVE-2021-0365 affects Android (Android-10 and Android-11) with a memory corruption issue in the display driver caused by a use-after-free. The vulnerability allows local escalation to System privileges without user interaction, as reported in multiple sources (NVD/Red Hat entry for CVE-2021-0365;...

6.7CVSS6.8AI score0.00152EPSS
CVE
CVE
added 2021/08/18 2:44 p.m.55 views

CVE-2021-0420

CVE-2021-0420 concerns a missing bounds check in the in-memory management driver, enabling local denial of service without user interaction. Impact is described as a system crash leading to local DoS; exploitation details are not provided in the documents. Mitigation references a patch: ALPS05403...

5.5CVSS5.4AI score0.00109EPSS
CVE
CVE
added 2021/03/10 4:14 p.m.55 views

CVE-2021-0451

In CVE-2021-0451, the Titan M chip firmware contains an issue where uninitialized data can disclose stack memory, enabling local information disclosure with System execution privileges. The impact is described as requiring no user interaction. Affected software areas include the Titan M component...

4.4CVSS4.3AI score0.00124EPSS
CVE
CVE
added 2021/08/18 2:44 p.m.55 views

CVE-2021-0627

CVE-2021-0627 affects OMA DRM. The vulnerability is described as memory corruption due to an integer overflow, enabling local escalation of privilege with System execution privileges required and no user interaction. Patch ID: ALPS05722434 (Issue ALPS05722434) is referenced. Connected sources rei...

6.7CVSS6.8AI score0.00116EPSS
CVE
CVE
added 2021/04/09 5:35 p.m.55 views

CVE-2021-25359

The CVE-2021-25359 entry describes an improper SELinux policy in Samsung’s SMR APR-2021 Release 1 prior builds that permits local attackers to access AP information via untrusted apps. Public records from multiple sources (e.g., Red Hat advisory, CNVD) align on a local-attack scenario stemming fr...

4CVSS3.9AI score0.00106EPSS
CVE
CVE
added 2021/06/11 2:33 p.m.55 views

CVE-2021-25410

The CVE-2021-25410 issue concerns Samsung CallBGProvider. Several connected sources confirm an Improper Access Control in CallBGProvider (pre-SMR JUN-2021 Release 1), enabling a local attacker to access arbitrary files with escalated privileges. Affected component: CallBGProvider; vulnerability t...

7.1CVSS6.8AI score0.00169EPSS
Total number of security vulnerabilities8153