8153 matches found
CVE-2023-40654
CVE-2023-40654 affects FW-PackageManager due to a missing permission check, enabling local privilege escalation with System execution privileges. Public references describe the issue across multiple feeds (NVD, Red Hat, PRION, CVE list, CNNVD, PT-Security) but do not provide a product version or ...
CVE-2023-42641
CVE-2023-42641 affects the component validationtools . The root cause, as described in the connected records, is a missing permission check that could lead to local information disclosure without any additional execution privileges. The issue is consistently reported across multiple sources (NVD,...
CVE-2023-42642
CVE-2023-42642 affects the validationtools component, where a missing permission check could allow local information disclosure without extra privileges. The vulnerability is documented across multiple feeds (NVD/RH/CVE lists) with a MEDIUM base score (AV:L, AC:L, PR:L, UI:N, C:H/I:N/A:N) and loc...
CVE-2023-52349
The CVE-2023-52349 issue affects the ril service and is caused by a missing bounds check that enables an out-of-bounds write. This can lead to local denial of service with System execution privileges required, as indicated by the NVD entry (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) and corroborated by...
CVE-2024-20086
CVE-2024-20086 concerns MediaTek vdec component where a missing bounds check can lead to an out-of-bounds write. This could enable local escalation of privilege with system execution privileges, and exploitation does not require user interaction. Public references indicate a patch ID: ALPS0893291...
CVE-2024-20111
CVE-2024-20111 affects the ccu component (as reported in multiple sources) and is caused by a missing bounds check leading to an out-of-bounds write. This can enable local privilege escalation with system execution privileges, and exploitation does not require user interaction. Public references ...
CVE-2024-20115
In the ccu component, there is a vulnerability caused by a missing bounds check that can lead to an out-of-bounds write. This allows local escalation of privilege to SYSTEM with no user interaction required. A patch is available (Patch ID: ALPS09036695; Issue ID: MSV-1713). No exploitation detail...
CVE-2024-20124
The vulnerability CVE-2024-20124 affects the vdec component, where an out-of-bounds read due to improper structure design could lead to local information disclosure. Exploitation requirements: SYSTEM privileges are needed, with no user interaction required. Patch ID ALPS09008925 (MSV-1568) is ref...
CVE-2025-31712
CVE-2025-31712 affects the cplog service due to a missing bounds check that enables an out-of-bounds write. This leads to local denial of service with no additional execution privileges required. The public documents do not provide exploitation details, affected versions, or remediation/patch inf...
CVE-2014-8507
The CVE-2014-8507 entry concerns a SQL injection vulnerability in the Android WAPPushManager module (WAP Push handling) prior to Android 5.0.0. Multiple SQL injection flaws exist in the queryLastApp method of WapPushManager.java, exploitable via crafted WAP Push messages where the attacker can se...
CVE-2014-8609
The CVE-2014-8609 vulnerability affects the Android Settings application (pre-5.0.0) where AddAccountSettings.java creates a PendingIntent incorrectly. This allows a third-party authenticator to trigger a broadcast using the SYSTEM UID, potentially injecting arbitrary component, action, or catego...
CVE-2014-9877
Technical details about CVE-2014-9877 are not publicly provided in the supplied documents. The Nexus/Qualcomm vulnerability description is present, but precise affected products, versions, root cause, or fixes are not detailed here. Monitor for updates.
CVE-2014-9883
CVE-2014-9883 describes an integer overflow in drivers/char/diag/diag_dci.c within the Qualcomm component used by Android on Nexus 5 and Nexus 7 (2013) devices, before the 2016-08-05 patch. The vulnerability could allow a crafted application to gain privileges or access sensitive information. Pub...
CVE-2014-9893
CVE-2014-9893 concerns the Qualcomm MSM MDSS driver on Android (Nexus 5) where the mdss_mdp_pp.c path does not correctly determine the size of Gamut LUT data. This leads to information disclosure via a crafted application. The issue affects Android devices prior to the 2016-08-05 patch level and ...
CVE-2014-9952
CVE-2014-9952 concerns the Android Secure File System in CAF builds using the Linux kernel, described as a capture‑replay vulnerability. Publicly provided details in the sources indicate the issue affects the Secure File System component and could impact confidentiality, integrity, and availabili...
CVE-2014-9976
Summary (MODE C): CVE-2014-9976 describes a buffer overflow in the 1x call processing path of Qualcomm components used in Android CAF builds that rely on the Linux kernel. The vulnerability is documented with a high/critical impact in CVSS metrics (network attack vector, low complexity, no privil...
CVE-2015-1529
The CVE-2015-1529 entry corresponds to an integer overflow in Android’s soundtrigger subsystem, specifically in soundtrigger/ISoundTriggerHwService.cpp. This vulnerability allows a denial of service through unspecified vectors by triggering an overflow in processing within the SoundTrigger hardwa...
CVE-2015-1537
Technical details about CVE-2015-1537 are not provided in the connected documents. The available descriptions mention an integer overflow in Android’s IHDCP.cpp but no further public technical specifics or fixes are included here. Monitor for updates.
CVE-2015-3868
CVE-2015-3868 affects libstagefright in Android devices running versions before 5.1.1 LMY48T. A crafted media file could cause memory corruption in the mediaserver process, enabling remote code execution or a denial of service. The Android October 2015 security bulletin notes this family of RCE/m...
CVE-2015-6622
The CVE-2015-6622 issue affects the Android Native Frameworks Library in Android versions before 5.1.1 LMY48Z and 6.0 before 2015-12-01. It is described as an information-disclosure vulnerability that could allow attackers to obtain sensitive information and bypass certain protections, demonstrat...
CVE-2015-6631
CVE-2015-6631 affects the Android libstagefright component. The vulnerability in libstagefright allows remote attackers on affected Android builds (pre-5.1.1 LMY48Z and pre-6.0) to obtain sensitive information and bypass an unspecified protection mechanism via unknown vectors, e.g., by obtaining ...
CVE-2015-6638
CVE-2015-6638 is an Elevation of Privilege vulnerability in the Imagination Technologies driver used by Android. A locally installed crafted application could gain kernel privileges on affected devices. AffectedPlatform: Android 5.x before 5.1.1 LMY49F and Android 6.0 before 2016-01-01. Root caus...
CVE-2015-6645
CVE-2015-6645 affects Android’s SyncManager prior to 5.1.1 LMY49F and 6.0 prior to 2016-01-01. A crafted application can cause a denial of service by triggering a reboot loop on the device. The issue is documented in Android’s security bulletin as a Denial of Service vulnerability in SyncManager,...
CVE-2015-8072
CVE-2015-8072 describes a media server (mediaserver) remote code execution/memory corruption vulnerability in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01, exploitable via a crafted media file. The issue is cited across multiple sources (NVD/CNVD entries and related CVEs)...
CVE-2015-8998
CVE-2015-8998 describes an integer overflow in TrustZone that could potentially affect Android devices using the CAF Linux kernel. Connected sources reiterate TrustZone/CAF exposure and label it as an integer overflow inTrustZone components; no further technical specifics (affected versions, expl...
CVE-2015-9020
Technical details about CVE-2015-9020 are not publicly available in the provided documents. Monitor for updates as new information becomes available.
CVE-2015-9033
CVE-2015-9033 is an Android CAF/Linux kernel issue where a QTEE system call fails to validate a pointer. Reported as a local vulnerability with high impact (confidentiality, integrity, availability) and requiring user interaction. Public references describe the root cause as pointer validation fa...
CVE-2015-9051
CVE-2015-9051 affects Qualcomm components in Android CAF builds using the Linux kernel (LTE stack). Root cause: an assertion can be reached due to an improper bound on a length in a System Information message. Severity in the provided metrics is critical (CVSSv3 base 9.8). The connected documents...
CVE-2016-0804
CVE-2016-0804 affects Android mediaserver’s NuPlayer::GenericSource.cpp in Android 5.x up to 5.1.1 and 6.x up to 2016-02-01. The root cause is improper management of the mDrmManagerClient object, enabling a remote attacker to execute arbitrary code or cause memory corruption via a crafted media f...
CVE-2016-0808
CVE-2016-0808 is a local-denial-of-service vulnerability in the Android Minikin library. The issue arises from an integer overflow in getCoverageFormat12 (CmapCoverage.cpp) in Minikin, affecting Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01, potentially enabling a crafted TTF font to ...
CVE-2016-0815
CVE-2016-0815 affects the mediaserver component of Android, specifically the MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp within libstagefright. The vulnerability exists on Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01, where processing a crafted media...
CVE-2016-2439
CVE-2016-2439 is a Bluetooth vulnerability in Android where a buffer overflow in btif/src/btif_dm.c during pairing can allow a remote attacker to execute arbitrary code via a long PIN. Affected: Android 4.x up to 4.4.3, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-05-01. Impact: re...
CVE-2016-2448
CVE-2016-2448 affects Android mediaserver’s NuPlayerStreamListener.cpp (NuPlayer in mediaserver). The issue is improper validation of entry data structures, enabling a local attacker to escalate privileges to Signature or SignatureOrSystem via a crafted app. Affected are Android 4.x before 4.4.4,...
CVE-2016-2491
Summary (CVE-2016-2491) : The NVIDIA camera kernel driver on Android (Nexus 9) before 2016-06-01 has a memory allocation miscalculation that can under-allocate memory, leading to a buffer overflow and local privilege escalation when a crafted app is run. The issue is documented in CVE-2016-2491 w...
CVE-2016-2505
CVE-2016-2505 affects Mediaserver’s libstagefright (mp eg2ts) in Android 6.x, where mpeg2ts/ATSParser.cpp does not validate a certain section length. This can allow a remote attacker to execute arbitrary code or cause memory corruption via a crafted media file, yielding remote code execution or m...
CVE-2016-3751
CVE-2016-3751 is a libpng vulnerability (plibpng before 1.6.20) described as allowing attackers to gain privileges via a crafted application (Signature or SignatureOrSystem access). The connected documents show this CVE referenced in Photon OS security advisories PHSA-2023-3.0-0602, PHSA-2023-5.0...
CVE-2016-3810
The CVE-2016-3810 issue affects the MediaTek Wi‑Fi driver on Android One devices. The vulnerability is an information‑disclosure flaw in the MediaTek Wi‑Fi driver exposed when processing a crafted application, linked to Android bug 28175522 and MediaTek ALPS02694389. Impact: a local attacker coul...
CVE-2016-3819
CVE-2016-3819 involves an integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c within libstagefright/Mediaserver on Android. A crafted media file can trigger memory corruption, enabling remote code execution or a denial of service. Affected Android lineages include 4.x before 4.4.4, 5.0.x ...
CVE-2016-3832
CVE-2016-3832 targets Android’s framework APIs. The vulnerability arises because Android 4.x–6.x runtime framework code does not consistently verify that package data originates from the Package Manager, potentially bypassing a protection mechanism via a crafted application. Affected versions inc...
CVE-2016-3918
CVE-2016-3918 affects AOSP Mail’s email/provider/AttachmentProvider.java. The issue arises in Android versions 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, 6.x up to 2016-10-01, and 7.0 up to 2016-10-01, where certain values are not validated as integers, enabling a local attacker to re...
CVE-2016-3938
CVE-2016-3938 affects the Qualcomm video driver (drivers/video/msm/mdss/mdss_mdp_overlay.c) on several Android devices (Nexus 5X, Nexus 6, Nexus 6P, and Android One) with Android versions older than 2016-10-05. The vulnerability allows a locally installed application to escalate privileges due to...
CVE-2016-5349
Technical details for CVE-2016-5349 are not provided in the connected documents. Public disclosures contain general descriptions only; no concrete product/vendor/version/root-cause or fix information is available here. Monitor for updates from official advisories.
CVE-2016-6692
CVE-2016-6692 affects the Qualcomm MDSS driver in Android, specifically the mdss_mdp_pp.c component. The defect allows a denial of service (invalid pointer access) and possibly unspecified other impact via unknown vectors, tied to Qualcomm internal bug CR 1004933. The vulnerability is described f...
CVE-2016-8420
The CVE-2016-8420 entry describes an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android kernels (Kernel-3.10 and Kernel-3.18). A local malicious application could execute arbitrary code in kernel context after compromising a privileged process. The description lists And...
CVE-2016-8433
CVE-2016-8433 is an elevation-of-privilege flaw in the MediaTek driver that could allow a local malicious app to execute code in the kernel context on Android. The vulnerability is rated Critical with potential for permanent device compromise, possibly requiring OS reflashing. The cited documents...
CVE-2016-8485
CVE-2016-8485 is an information-disclosure vulnerability affecting Android kernel components that include Qualcomm closed-source elements. The issue, as described in the provided documents, could allow a remote-access scenario to indirectly reveal data via the kernel’s handling, resulting in a hi...
CVE-2017-0383
Technical details about CVE-2017-0383 are not publicly available in the provided connected documents. No vendor, version, impact, or remediation details are present here. Monitor for updates from official sources.
CVE-2017-0400
CVE-2017-0400 is an information-disclosure vulnerability affecting Android’s Audioserver (lvm/wrapper/Bundle/EffectBundle.cpp in libeffects). The issue could allow a local malicious application to access data outside its permission levels. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6....
CVE-2017-0483
CVE-2017-0483 describes a denial-of-service vulnerability in Android’s Mediaserver. A crafted file could cause a device hang or reboot. Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected documents provide the vulnerability description and affected v...
CVE-2017-0485
CVE-2017-0485 is a denial-of-service in Android’s Mediaserver. A specially crafted file can cause a device hang or reboot. Affected products/versions are Android 6.0, 6.0.1, 7.0, and 7.1.1. The issue arises from how Mediaserver processes media/file data, per public CVE summaries and the 2017-03 A...