Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0488

The CVE-2017-0488 issue is a denial-of-service vulnerability in Android's Mediaserver. A specially crafted media file could cause a device hang or reboot. Affected Android versions are 6.0, 6.0.1, 7.0, and 7.1.1 (Android ID A-34097213). The vulnerability is documented in public advisories and is ...

7.1CVSS5.4AI score0.00759EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0490

Summary (CVE-2017-0490) : Android Wi‑Fi elevation of privilege vulnerability allowing a local malicious app to delete user data in affected Android versions (6.0, 6.0.1, 7.0, 7.1.1). The connected documents corroborate the core issue but do not provide public technical exploit details or patch in...

5.5CVSS5.4AI score0.00448EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0491

CVE-2017-0491 is an elevation of privilege vulnerability in Android’s Package Manager. The issue could allow a local malicious application to prevent users from uninstalling apps or removing app permissions. Affected versions are Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The descri...

5.5CVSS5.4AI score0.00374EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0500

CVE-2017-0500 is an elevation of privilege vulnerability in MediaTek components used in Android, affecting multiple kernel drivers (M4U, sound, touchscreen, GPU, Command Queue). The issue could let a local malicious app execute arbitrary code in the kernel context. Exploitation is local and requi...

9.3CVSS7.3AI score0.00745EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.54 views

CVE-2017-0503

Technical details sufficient to assess affected components, root cause, or fixes are not publicly provided in the supplied documents. Please monitor for updates from official vulnerability feeds for CVE-2017-0503.

9.3CVSS7.3AI score0.00806EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.54 views

CVE-2017-0562

CVE-2017-0562 is an elevation of privilege vulnerability in the MediaTek touchscreen driver affecting Android. The issue could allow a local malicious app to execute arbitrary code in the kernel context, potentially leading to permanent device compromise that may require a reflashed OS. Connected...

9.3CVSS7.7AI score0.00847EPSS
CVE
CVE
added 2017/05/12 3:0 p.m.54 views

CVE-2017-0588

CVE-2017-0588 describes a remote code execution vulnerability in Android’s Mediaserver, specifically in libstagefright’s id3/ID3.cpp. An attacker could exploit this by providing a specially crafted media file, triggering memory corruption during media/file processing. The issue affects Android ve...

9.3CVSS7.6AI score0.01532EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.54 views

CVE-2017-0676

CVE-2017-0676 is a remote code execution vulnerability in the Android media framework (Android). Affected versions include 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The connected documents corroborate this issue as a media framework RCE affecting Android, but do not provide concrete detail...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.54 views

CVE-2017-0681

CVE-2017-0681 is a remote code execution in the Android media framework affecting Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2.** The CVSS3 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates a local attack with no privileges required but user interaction needed, and the...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.54 views

CVE-2017-0682

CVE-2017-0682 : A remote code execution vulnerability in the Android media framework affecting Android 7.0, 7.1.1, and 7.1.2. Connected sources describe an RCE in the media framework (no root cause details provided) and note patches were released via the July 2017 Android security bulletin. Explo...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.54 views

CVE-2017-0697

CVE-2017-0697 is a DoS vulnerability in the Android media framework. The connected documents confirm impact on Android devices with versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The Android media framework is the affected component; the issue arises within that framework, leadi...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.54 views

CVE-2017-0709

CVE-2017-0709 affects the HTC sensor hub driver in the Android kernel. It is an information-disclosure vulnerability with local access, requiring user interaction (CVSS v3: 3.3 Low). The HTC sensor hub vulnerability is addressed in the 2017-07 Android security bulletin; apply the July 2017 patch ...

4.3CVSS4.4AI score0.00303EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.54 views

CVE-2017-0712

CVE-2017-0712 is an elevation of privilege in the Android framework wi-fi service. Affects Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The vulnerability is linked to the Framework wi-fi service and could allow a local attacker to gain elevated privileges. The issue is addressed ...

7.8CVSS7.4AI score0.00356EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.54 views

CVE-2017-0713

CVE-2017-0713 is a remote code execution vulnerability in the Android libraries sfntly. Affected products/versions from the initial entry: Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Connected CNVD-2017-23414 confirms the issue as an Android sfntly remote code execution vulnerabil...

7.8CVSS7.7AI score0.00733EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.54 views

CVE-2017-0716

CVE-2017-0716 is a remote code execution vulnerability in the Android media framework, specifically in the libmpeg2 decoding library. The issue affects Android versions 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The impact, as documented, is that an attacker could potentially execute arbitrary code in th...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.54 views

CVE-2017-0724

CVE-2017-0724 is a denial-of-service vulnerability in the Android media framework libmpeg2. Affected product: Android. Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The connected sources describe a DoS condition in libmpeg2 but do not provide concrete technical details about the root cause, e...

5.5CVSS5.6AI score0.0032EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.54 views

CVE-2017-0739

CVE-2017-0739 is an information-disclosure vulnerability in the Android media framework component libhevc. The issue affects Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2, and is related to information disclosure via media decoding. The connected documents confirm the affected ...

5.5CVSS5.5AI score0.00407EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.54 views

CVE-2017-0771

CVE-2017-0771 is a denial of service vulnerability in Android’s media framework (libskia) affecting Android 7.0, 7.1.1, and 7.1.2. The NVD entry describes DoS in the media framework, with the running impact defined as availability loss. The CVSS v3 vector indicates LOCAL attack vector, low attack...

7.1CVSS5.9AI score0.00331EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.54 views

CVE-2017-0784

CVE-2017-0784 is an elevation of privilege in the Android NFC subsystem. Affected product: Android (versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2). The provided documents identify the issue as an Android NFC privilege escalation but do not specify the root cause, impacted component beyond ...

8.8CVSS8.6AI score0.00269EPSS
CVE
CVE
added 2017/09/08 8:0 p.m.54 views

CVE-2017-0788

CVE-2017-0788 is a local elevation-of-privilege vulnerability in the Broadcom Wi‑Fi driver used by Android (kernel level). The issue affects the Broadcom Wi‑Fi driver component and is documented in the Android 2017-09-01/09-05 security patch level bulletin under Broadcom entries, indicating mitig...

8.8CVSS8.6AI score0.00279EPSS
CVE
CVE
added 2017/10/03 9:0 p.m.54 views

CVE-2017-0826

CVE-2017-0826 is an Elevation of Privilege in the HTC bootloader affecting Android kernel on HTC devices. The vulnerability is described as an EoP in the bootloader, enabling privilege escalation within the Android stack. The primary documented impact is local privilege elevation, with CVSS indic...

9.3CVSS7.4AI score0.00362EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.54 views

CVE-2017-0831

CVE-2017-0831 is an elevation of privilege vulnerability in the Android framework (window manager) affecting Android 8.0. The NVD entry lists a local-privilege escalation risk with user interaction required and exploitation possible within the window manager context, rated HIGH (CVSS v3: LOCAL, U...

9.3CVSS7.4AI score0.00443EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.54 views

CVE-2017-0837

CVE-2017-0837 is an elevation of privilege vulnerability in Android’s media framework (libaudiopolicymanager). Affected: Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Root cause is an elevation of privilege in the Media framework as noted by the Android Security Bulletin (Media framework sec...

7.8CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.54 views

CVE-2017-0854

CVE-2017-0854 is an information-disclosure vulnerability in the Android media framework affecting Android 7.0, 7.1.1, 7.1.2, and 8.0 (Pixel/Nexus devices). The Android Pixel bulletin classifies it under Media framework with patch level 2017-11-05 or later addressing the issue; updated AOSP versio...

9.1CVSS7AI score0.00483EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.54 views

CVE-2017-0873

CVE-2017-0873 is a DoS vulnerability in Android's media framework libmpeg2. The issue affects Android versions 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, and 8.0, and is classified as DoS with impact to availability. The Android Security Bulletin lists this CVE under the Media framework with a high severity,...

7.1CVSS6.3AI score0.00428EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.54 views

CVE-2017-10997

CVE-2017-10997 affects Qualcomm PCIe (PCI driver) in CAF Android builds. The root cause is a write to a PCIe register via a debugfs node that can corrupt kernel memory, as described for all Qualcomm products with CAF Linux kernels. The vulnerability detail specifies the component as the PCI drive...

7.8CVSS7.8AI score0.00368EPSS
CVE
CVE
added 2018/01/10 10:0 p.m.54 views

CVE-2017-11003

CVE-2017-11003 affects Android for MSM, Firefox OS for MSM, and QRD Android builds via CAF Linux kernel. The issue arises during firmware image update where data is read from flash into RAM without confirming it fits allotted RAM, enabling potential memory mismanagement. Documented impact include...

7.8CVSS7.1AI score0.00138EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.54 views

CVE-2017-11030

CVE-2017-11030 affects Android for MSM and related CAF/Linux-kernel builds, via the HDMI video driver function hdmi_edid_sysfs_rda_res_info() that allows an arbitrary write into kernel memory from userspace. The issue is tied to Android devices using these CAF/kernel HDMI components, potentially ...

7.8CVSS7.1AI score0.00155EPSS
CVE
CVE
added 2017/12/05 5:0 p.m.54 views

CVE-2017-11049

CVE-2017-11049 describes a race condition in a video driver on Android devices (MSM/Qualcomm display stack) that can potentially lead to a buffer overflow. The affected scope includes Android builds for MSM, Firefox OS for MSM, and QRD Android, with CAF Linux kernel-based releases. The issue is c...

7CVSS6.5AI score0.00098EPSS
CVE
CVE
added 2017/10/10 8:0 p.m.54 views

CVE-2017-11053

CVE-2017-11053 affects Android for MSM, Firefox OS for MSM, and QRD Android on CAF Linux-kernel builds. When a qos map set IE with length

7.8CVSS7.5AI score0.00385EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.54 views

CVE-2017-13150

CVE-2017-13150 is an information-disclosure vulnerability in Android’s Media framework affecting Pixel/Nexus devices running Android 7.0, 7.1.1, 7.1.2 and 8.0. The Android Pixel security bulletin attributes a Moderate severity to this issue and ties it to updates that address it. The connected bu...

9.1CVSS8.2AI score0.00462EPSS
CVE
CVE
added 2017/12/06 2:0 p.m.54 views

CVE-2017-13171

The CVE-2017-13171 entry describes an elevation of privilege in the MediaTek performance service used by Android. Affected component: MediaTek performance service within the Android kernel stack. Root cause: local privilege escalation. Impact: attacker with local access could gain higher privileg...

7.8CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2018/01/12 11:0 p.m.54 views

CVE-2017-13204

CVE-2017-13204 is an information-disclosure vulnerability in Android's media framework (libavc) affecting Android 7.0, 7.1.1, 7.1.2, 8.0, and 8.1. The flaw is tied to the libavc component within the Media framework, with Android IDs A-64380237. Public sources classify the related issue in the Pix...

9.1CVSS7.1AI score0.0067EPSS
CVE
CVE
added 2018/04/04 5:0 p.m.54 views

CVE-2017-13256

CVE-2017-13256 affects Android where the SDP server component (sdp_server.cc) contains an out-of-bounds write in process_service_search_attr_req due to a missing bounds check. This can enable remote code execution with no privileges and no user interaction. Affected Android versions include 5.1.1...

8.8CVSS8.5AI score0.00688EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.54 views

CVE-2017-13273

CVE-2017-13273 is a kernel‑level race condition in xt_qtaguid.c of the Android kernel caused by insufficient locking, enabling local elevation of privilege with no required user interaction. The issue affects Android kernel components and has been tracked in Android bulletins; the 2018 patch leve...

7CVSS6.7AI score0.00165EPSS
CVE
CVE
added 2018/04/04 4:0 p.m.54 views

CVE-2017-13289

CVE-2017-13289 affects Android (versions 6.0–8.1). The issue arises in RttManager.java during writeToParcel and createFromParcel, where a write size mismatch enables a permission bypass that can escalate privileges locally. A local attacker can start an activity with system privileges without add...

7.8CVSS7.6AI score0.00192EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.54 views

CVE-2017-14878

CVE-2017-14878 affects Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel. The issue is a length variable used to copy data that is only 8 bits, which can be exceeded and leads to a denial of service. Impact is Denial of Service (availability impact HIGH per CVSS)....

7.8CVSS7AI score0.0117EPSS
CVE
CVE
added 2018/06/12 8:0 p.m.54 views

CVE-2017-15842

CVE-2017-15842 describes a use-after-free vulnerability in Android CAF/Linux kernel code where a mutex is unlocked before freeing the buffer, allowing potential reuse of the freed memory. The issue affects all Android releases using CAF components (Android for MSM, Firefox OS for MSM, QRD Android...

7.8CVSS7.3AI score0.00165EPSS
CVE
CVE
added 2018/05/17 10:0 p.m.54 views

CVE-2017-15855

CVE-2017-15855 affects Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android builds using CAF Linux kernel prior to the 2018-04-05 patch level. The vulnerability arises in the Camera CPP module driver when it directly accesses a user-space buffer; an unchecked userspace value (ioctl_ptr-&...

7.8CVSS7.2AI score0.0019EPSS
CVE
CVE
added 2018/03/15 9:0 p.m.54 views

CVE-2017-18069

CVE-2017-18069 affects Android for MSM, Firefox OS for MSM, and QRD Android builds that use CAF Linux kernel, where an improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to a buffer overread. Public data lists CVSS base scores around ...

7.8CVSS7.2AI score0.00616EPSS
CVE
CVE
added 2020/04/07 3:46 p.m.54 views

CVE-2017-18655

CVE-2017-18655 affects Samsung mobile devices running M(6.0) and N(7.x) software. A stack-based buffer overflow in a trustlet leads to memory corruption. Affected component: trustlet; root cause: stack-based buffer overflow. Impact per sources: partial confidentiality, integrity, and availability...

9.8CVSS9.8AI score0.0044EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.54 views

CVE-2017-7364

CVE-2017-7364 affects Qualcomm devices using CAF Android with the Linux kernel. The issue resides in __mdss_fb_copy_destscaler_data(), where ds_data[i].scale may point to a user-provided address, which can be freed on an error, causing a use-after-free condition. CVSS3 vector indicates a network-...

10CVSS8.4AI score0.00829EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.54 views

CVE-2017-7368

CVE-2017-7368 affects Android releases from CAF that use the Linux kernel. The issue is a race condition in the ioctl handler of a sound driver, identified as the root cause in the description. The access vector is local, with user interaction required, and the impact is described as high for con...

7.6CVSS6.8AI score0.00272EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.54 views

CVE-2017-7372

CVE-2017-7372 affects Android devices using CAF Linux kernel video drivers. The issue is a race condition in a video driver that could lead to a buffer overflow or write to an arbitrary pointer location, as described in the NVD entry. No specific affected devices, versions, exploit details, or re...

7.6CVSS7.2AI score0.00294EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.54 views

CVE-2017-8247

CVE-2017-8247 affects Qualcomm camera driver components in Android CAF builds using the Linux kernel. Description: when more than one thread opens the device, the device may be opened multiple times, causing get_pid to be called more than once while put_pid is called only once in msm_close. Impac...

7.8CVSS7.7AI score0.00404EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.54 views

CVE-2017-9684

CVE-2017-9684 concerns a race condition in the Qualcomm USB driver used by Android CAF Linux kernels, leading to a Use-After-Free condition. The vulnerability is localized and requires user interaction to exploit, with potential high impact on confidentiality, integrity, and availability if succe...

7.6CVSS6.7AI score0.00348EPSS
CVE
CVE
added 2018/03/30 9:0 p.m.54 views

CVE-2017-9693

CVE-2017-9693 describes a local vulnerability in Android for MSM, Firefox OS for MSM, and QRD Android where the length of the STA_EXT_CAPABILITY attribute value is shorter than StaParams.extn_capability, causing a memcpy from params->ext_capab to StaParams.extn_capability to read extra bytes. ...

5.5CVSS5.7AI score0.00192EPSS
CVE
CVE
added 2017/09/21 3:0 p.m.54 views

CVE-2017-9720

CVE-2017-9720 affects Qualcomm camera driver in Android CAF Linux kernel builds, where an off-by-one error can trigger an out-of-bounds read/write. The vulnerability is listed under Qualcomm components as an Elevation of Privilege (EoP) risk with the camera driver as the affected component; expli...

7.8CVSS7.7AI score0.00356EPSS
CVE
CVE
added 2020/04/08 5:45 p.m.54 views

CVE-2018-21053

This CVE (CVE-2018-21053) affects Samsung mobile devices running N(7.x), O(8.x), and P(9.0) software. The issue is described as clipboard access in the lockscreen state via a physical keyboard (Samsung ID SVE-2018-12684). The connected Red Hat and other entries corroborate the same description. T...

4.6CVSS4.7AI score0.00142EPSS
CVE
CVE
added 2020/04/08 5:51 p.m.54 views

CVE-2018-21055

CVE-2018-21055 affects Samsung mobile devices running N (Android 7.0) on Qualcomm MSM8996. The issue allows rooting via a custom image to run arbitrary scripts in the INIT context. Samsung assigns ID SVE-2018-11940 (Sept 2018). CVSS metrics indicate a critical impact (C/H, I/H, A/H) with network ...

10CVSS9.5AI score0.00831EPSS
Total number of security vulnerabilities8153