Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2023/10/08 3:36 a.m.55 views

CVE-2023-40654

CVE-2023-40654 affects FW-PackageManager due to a missing permission check, enabling local privilege escalation with System execution privileges. Public references describe the issue across multiple feeds (NVD, Red Hat, PRION, CVE list, CNNVD, PT-Security) but do not provide a product version or ...

6.7CVSS6.7AI score0.00083EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.55 views

CVE-2023-42641

CVE-2023-42641 affects the component validationtools . The root cause, as described in the connected records, is a missing permission check that could lead to local information disclosure without any additional execution privileges. The issue is consistently reported across multiple sources (NVD,...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2023/11/01 9:8 a.m.55 views

CVE-2023-42642

CVE-2023-42642 affects the validationtools component, where a missing permission check could allow local information disclosure without extra privileges. The vulnerability is documented across multiple feeds (NVD/RH/CVE lists) with a MEDIUM base score (AV:L, AC:L, PR:L, UI:N, C:H/I:N/A:N) and loc...

5.5CVSS5.2AI score0.0008EPSS
CVE
CVE
added 2024/04/08 2:21 a.m.55 views

CVE-2023-52349

The CVE-2023-52349 issue affects the ril service and is caused by a missing bounds check that enables an out-of-bounds write. This can lead to local denial of service with System execution privileges required, as indicated by the NVD entry (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) and corroborated by...

5.6CVSS6.7AI score0.00083EPSS
CVE
CVE
added 2024/09/02 2:7 a.m.55 views

CVE-2024-20086

CVE-2024-20086 concerns MediaTek vdec component where a missing bounds check can lead to an out-of-bounds write. This could enable local escalation of privilege with system execution privileges, and exploitation does not require user interaction. Public references indicate a patch ID: ALPS0893291...

7.8CVSS7.2AI score0.00081EPSS
CVE
CVE
added 2024/11/04 1:48 a.m.55 views

CVE-2024-20111

CVE-2024-20111 affects the ccu component (as reported in multiple sources) and is caused by a missing bounds check leading to an out-of-bounds write. This can enable local privilege escalation with system execution privileges, and exploitation does not require user interaction. Public references ...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.55 views

CVE-2024-20115

In the ccu component, there is a vulnerability caused by a missing bounds check that can lead to an out-of-bounds write. This allows local escalation of privilege to SYSTEM with no user interaction required. A patch is available (Patch ID: ALPS09036695; Issue ID: MSV-1713). No exploitation detail...

6.7CVSS7.2AI score0.00079EPSS
CVE
CVE
added 2024/11/04 1:49 a.m.55 views

CVE-2024-20124

The vulnerability CVE-2024-20124 affects the vdec component, where an out-of-bounds read due to improper structure design could lead to local information disclosure. Exploitation requirements: SYSTEM privileges are needed, with no user interaction required. Patch ID ALPS09008925 (MSV-1568) is ref...

4.4CVSS6.2AI score0.00078EPSS
CVE
CVE
added 2025/06/03 5:50 a.m.55 views

CVE-2025-31712

CVE-2025-31712 affects the cplog service due to a missing bounds check that enables an out-of-bounds write. This leads to local denial of service with no additional execution privileges required. The public documents do not provide exploitation details, affected versions, or remediation/patch inf...

6.2CVSS7AI score0.00078EPSS
CVE
CVE
added 2014/12/15 5:27 p.m.54 views

CVE-2014-8507

The CVE-2014-8507 entry concerns a SQL injection vulnerability in the Android WAPPushManager module (WAP Push handling) prior to Android 5.0.0. Multiple SQL injection flaws exist in the queryLastApp method of WapPushManager.java, exploitable via crafted WAP Push messages where the attacker can se...

7.5CVSS8.5AI score0.0155EPSS
Web
CVE
CVE
added 2014/12/15 5:27 p.m.54 views

CVE-2014-8609

The CVE-2014-8609 vulnerability affects the Android Settings application (pre-5.0.0) where AddAccountSettings.java creates a PendingIntent incorrectly. This allows a third-party authenticator to trigger a broadcast using the SYSTEM UID, potentially injecting arbitrary component, action, or catego...

7.2CVSS6.4AI score0.00643EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.54 views

CVE-2014-9877

Technical details about CVE-2014-9877 are not publicly provided in the supplied documents. The Nexus/Qualcomm vulnerability description is present, but precise affected products, versions, root cause, or fixes are not detailed here. Monitor for updates.

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.54 views

CVE-2014-9883

CVE-2014-9883 describes an integer overflow in drivers/char/diag/diag_dci.c within the Qualcomm component used by Android on Nexus 5 and Nexus 7 (2013) devices, before the 2016-08-05 patch. The vulnerability could allow a crafted application to gain privileges or access sensitive information. Pub...

7.8CVSS7.5AI score0.00454EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.54 views

CVE-2014-9893

CVE-2014-9893 concerns the Qualcomm MSM MDSS driver on Android (Nexus 5) where the mdss_mdp_pp.c path does not correctly determine the size of Gamut LUT data. This leads to information disclosure via a crafted application. The issue affects Android devices prior to the 2016-08-05 patch level and ...

5.5CVSS5.2AI score0.0046EPSS
CVE
CVE
added 2017/06/06 2:0 p.m.54 views

CVE-2014-9952

CVE-2014-9952 concerns the Android Secure File System in CAF builds using the Linux kernel, described as a capture‑replay vulnerability. Publicly provided details in the sources indicate the issue affects the Secure File System component and could impact confidentiality, integrity, and availabili...

9.3CVSS7.1AI score0.00443EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.54 views

CVE-2014-9976

Summary (MODE C): CVE-2014-9976 describes a buffer overflow in the 1x call processing path of Qualcomm components used in Android CAF builds that rely on the Linux kernel. The vulnerability is documented with a high/critical impact in CVSS metrics (network attack vector, low complexity, no privil...

10CVSS9AI score0.01056EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.54 views

CVE-2015-1529

The CVE-2015-1529 entry corresponds to an integer overflow in Android’s soundtrigger subsystem, specifically in soundtrigger/ISoundTriggerHwService.cpp. This vulnerability allows a denial of service through unspecified vectors by triggering an overflow in processing within the SoundTrigger hardwa...

7.5CVSS7.3AI score0.00858EPSS
CVE
CVE
added 2017/09/27 7:0 p.m.54 views

CVE-2015-1537

Technical details about CVE-2015-1537 are not provided in the connected documents. The available descriptions mention an integer overflow in Android’s IHDCP.cpp but no further public technical specifics or fixes are included here. Monitor for updates.

9.3CVSS7.8AI score0.01774EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.54 views

CVE-2015-3868

CVE-2015-3868 affects libstagefright in Android devices running versions before 5.1.1 LMY48T. A crafted media file could cause memory corruption in the mediaserver process, enabling remote code execution or a denial of service. The Android October 2015 security bulletin notes this family of RCE/m...

10CVSS7.8AI score0.02577EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.54 views

CVE-2015-6622

The CVE-2015-6622 issue affects the Android Native Frameworks Library in Android versions before 5.1.1 LMY48Z and 6.0 before 2015-12-01. It is described as an information-disclosure vulnerability that could allow attackers to obtain sensitive information and bypass certain protections, demonstrat...

5CVSS6.6AI score0.00474EPSS
CVE
CVE
added 2015/12/08 11:0 p.m.54 views

CVE-2015-6631

CVE-2015-6631 affects the Android libstagefright component. The vulnerability in libstagefright allows remote attackers on affected Android builds (pre-5.1.1 LMY48Z and pre-6.0) to obtain sensitive information and bypass an unspecified protection mechanism via unknown vectors, e.g., by obtaining ...

5CVSS6.8AI score0.00751EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.54 views

CVE-2015-6638

CVE-2015-6638 is an Elevation of Privilege vulnerability in the Imagination Technologies driver used by Android. A locally installed crafted application could gain kernel privileges on affected devices. AffectedPlatform: Android 5.x before 5.1.1 LMY49F and Android 6.0 before 2016-01-01. Root caus...

9.3CVSS7.6AI score0.00473EPSS
CVE
CVE
added 2016/01/06 7:0 p.m.54 views

CVE-2015-6645

CVE-2015-6645 affects Android’s SyncManager prior to 5.1.1 LMY49F and 6.0 prior to 2016-01-01. A crafted application can cause a denial of service by triggering a reboot loop on the device. The issue is documented in Android’s security bulletin as a Denial of Service vulnerability in SyncManager,...

7.1CVSS5.7AI score0.00336EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.54 views

CVE-2015-8072

CVE-2015-8072 describes a media server (mediaserver) remote code execution/memory corruption vulnerability in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01, exploitable via a crafted media file. The issue is cited across multiple sources (NVD/CNVD entries and related CVEs)...

10CVSS7.6AI score0.0222EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.54 views

CVE-2015-8998

CVE-2015-8998 describes an integer overflow in TrustZone that could potentially affect Android devices using the CAF Linux kernel. Connected sources reiterate TrustZone/CAF exposure and label it as an integer overflow inTrustZone components; no further technical specifics (affected versions, expl...

9.3CVSS7.6AI score0.00606EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.54 views

CVE-2015-9020

Technical details about CVE-2015-9020 are not publicly available in the provided documents. Monitor for updates as new information becomes available.

9.3CVSS7.5AI score0.00585EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.54 views

CVE-2015-9033

CVE-2015-9033 is an Android CAF/Linux kernel issue where a QTEE system call fails to validate a pointer. Reported as a local vulnerability with high impact (confidentiality, integrity, availability) and requiring user interaction. Public references describe the root cause as pointer validation fa...

9.3CVSS7.4AI score0.00585EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.54 views

CVE-2015-9051

CVE-2015-9051 affects Qualcomm components in Android CAF builds using the Linux kernel (LTE stack). Root cause: an assertion can be reached due to an improper bound on a length in a System Information message. Severity in the provided metrics is critical (CVSSv3 base 9.8). The connected documents...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.54 views

CVE-2016-0804

CVE-2016-0804 affects Android mediaserver’s NuPlayer::GenericSource.cpp in Android 5.x up to 5.1.1 and 6.x up to 2016-02-01. The root cause is improper management of the mDrmManagerClient object, enabling a remote attacker to execute arbitrary code or cause memory corruption via a crafted media f...

10CVSS9.4AI score0.02018EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.54 views

CVE-2016-0808

CVE-2016-0808 is a local-denial-of-service vulnerability in the Android Minikin library. The issue arises from an integer overflow in getCoverageFormat12 (CmapCoverage.cpp) in Minikin, affecting Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01, potentially enabling a crafted TTF font to ...

6.2CVSS6.5AI score0.0018EPSS
CVE
CVE
added 2016/03/12 9:0 p.m.54 views

CVE-2016-0815

CVE-2016-0815 affects the mediaserver component of Android, specifically the MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp within libstagefright. The vulnerability exists on Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01, where processing a crafted media...

10CVSS8.8AI score0.02822EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.54 views

CVE-2016-2439

CVE-2016-2439 is a Bluetooth vulnerability in Android where a buffer overflow in btif/src/btif_dm.c during pairing can allow a remote attacker to execute arbitrary code via a long PIN. Affected: Android 4.x up to 4.4.3, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-05-01. Impact: re...

8.8CVSS8.2AI score0.00516EPSS
CVE
CVE
added 2016/05/09 10:0 a.m.54 views

CVE-2016-2448

CVE-2016-2448 affects Android mediaserver’s NuPlayerStreamListener.cpp (NuPlayer in mediaserver). The issue is improper validation of entry data structures, enabling a local attacker to escalate privileges to Signature or SignatureOrSystem via a crafted app. Affected are Android 4.x before 4.4.4,...

9.3CVSS7.5AI score0.00411EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.54 views

CVE-2016-2491

Summary (CVE-2016-2491) : The NVIDIA camera kernel driver on Android (Nexus 9) before 2016-06-01 has a memory allocation miscalculation that can under-allocate memory, leading to a buffer overflow and local privilege escalation when a crafted app is run. The issue is documented in CVE-2016-2491 w...

9.3CVSS7.9AI score0.00419EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.54 views

CVE-2016-2505

CVE-2016-2505 affects Mediaserver’s libstagefright (mp eg2ts) in Android 6.x, where mpeg2ts/ATSParser.cpp does not validate a certain section length. This can allow a remote attacker to execute arbitrary code or cause memory corruption via a crafted media file, yielding remote code execution or m...

9.3CVSS7.8AI score0.01136EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.54 views

CVE-2016-3751

CVE-2016-3751 is a libpng vulnerability (plibpng before 1.6.20) described as allowing attackers to gain privileges via a crafted application (Signature or SignatureOrSystem access). The connected documents show this CVE referenced in Photon OS security advisories PHSA-2023-3.0-0602, PHSA-2023-5.0...

7.8CVSS8.3AI score0.00461EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.54 views

CVE-2016-3810

The CVE-2016-3810 issue affects the MediaTek Wi‑Fi driver on Android One devices. The vulnerability is an information‑disclosure flaw in the MediaTek Wi‑Fi driver exposed when processing a crafted application, linked to Android bug 28175522 and MediaTek ALPS02694389. Impact: a local attacker coul...

5.5CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.54 views

CVE-2016-3819

CVE-2016-3819 involves an integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c within libstagefright/Mediaserver on Android. A crafted media file can trigger memory corruption, enabling remote code execution or a denial of service. Affected Android lineages include 4.x before 4.4.4, 5.0.x ...

9.8CVSS8.9AI score0.01749EPSS
CVE
CVE
added 2016/08/05 8:0 p.m.54 views

CVE-2016-3832

CVE-2016-3832 targets Android’s framework APIs. The vulnerability arises because Android 4.x–6.x runtime framework code does not consistently verify that package data originates from the Package Manager, potentially bypassing a protection mechanism via a crafted application. Affected versions inc...

8.3CVSS7.3AI score0.00414EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.54 views

CVE-2016-3918

CVE-2016-3918 affects AOSP Mail’s email/provider/AttachmentProvider.java. The issue arises in Android versions 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, 6.x up to 2016-10-01, and 7.0 up to 2016-10-01, where certain values are not validated as integers, enabling a local attacker to re...

5.5CVSS6.1AI score0.00464EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.54 views

CVE-2016-3938

CVE-2016-3938 affects the Qualcomm video driver (drivers/video/msm/mdss/mdss_mdp_overlay.c) on several Android devices (Nexus 5X, Nexus 6, Nexus 6P, and Android One) with Android versions older than 2016-10-05. The vulnerability allows a locally installed application to escalate privileges due to...

9.3CVSS8AI score0.00539EPSS
CVE
CVE
added 2017/04/06 7:0 p.m.54 views

CVE-2016-5349

Technical details for CVE-2016-5349 are not provided in the connected documents. Public disclosures contain general descriptions only; no concrete product/vendor/version/root-cause or fix information is available here. Monitor for updates from official advisories.

5.5CVSS6.4AI score0.01005EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.54 views

CVE-2016-6692

CVE-2016-6692 affects the Qualcomm MDSS driver in Android, specifically the mdss_mdp_pp.c component. The defect allows a denial of service (invalid pointer access) and possibly unspecified other impact via unknown vectors, tied to Qualcomm internal bug CR 1004933. The vulnerability is described f...

9.8CVSS9.5AI score0.00949EPSS
CVE
CVE
added 2017/02/08 3:0 p.m.54 views

CVE-2016-8420

The CVE-2016-8420 entry describes an elevation-of-privilege vulnerability in the Qualcomm Wi‑Fi driver for Android kernels (Kernel-3.10 and Kernel-3.18). A local malicious application could execute arbitrary code in kernel context after compromising a privileged process. The description lists And...

7.6CVSS6.6AI score0.00845EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2016-8433

CVE-2016-8433 is an elevation-of-privilege flaw in the MediaTek driver that could allow a local malicious app to execute code in the kernel context on Android. The vulnerability is rated Critical with potential for permanent device compromise, possibly requiring OS reflashing. The cited documents...

9.3CVSS7.4AI score0.00601EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.54 views

CVE-2016-8485

CVE-2016-8485 is an information-disclosure vulnerability affecting Android kernel components that include Qualcomm closed-source elements. The issue, as described in the provided documents, could allow a remote-access scenario to indirectly reveal data via the kernel’s handling, resulting in a hi...

7.5CVSS6.8AI score0.00745EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2017-0383

Technical details about CVE-2017-0383 are not publicly available in the provided connected documents. No vendor, version, impact, or remediation details are present here. Monitor for updates from official sources.

9.3CVSS7.7AI score0.00695EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.54 views

CVE-2017-0400

CVE-2017-0400 is an information-disclosure vulnerability affecting Android’s Audioserver (lvm/wrapper/Bundle/EffectBundle.cpp in libeffects). The issue could allow a local malicious application to access data outside its permission levels. Affected Android versions include 4.4.4, 5.0.2, 5.1.1, 6....

5.5CVSS5.2AI score0.00458EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0483

CVE-2017-0483 describes a denial-of-service vulnerability in Android’s Mediaserver. A crafted file could cause a device hang or reboot. Affected products/versions include Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected documents provide the vulnerability description and affected v...

7.1CVSS5.4AI score0.00616EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0485

CVE-2017-0485 is a denial-of-service in Android’s Mediaserver. A specially crafted file can cause a device hang or reboot. Affected products/versions are Android 6.0, 6.0.1, 7.0, and 7.1.1. The issue arises from how Mediaserver processes media/file data, per public CVE summaries and the 2017-03 A...

7.1CVSS5.4AI score0.00616EPSS
Total number of security vulnerabilities8153