Lucene search
K
GoogleAndroid

8153 matches found

CVE
CVE
added 2017/01/12 3:0 p.m.54 views

CVE-2016-6763

CVE-2016-6763 describes a denial-of-service vulnerability in Android’s Telephony stack. A local malicious application could cause a device hang or reboot by feeding the system a specially crafted file. Affected versions include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, and 7.0. The entry notes the...

7.1CVSS5.3AI score0.00341EPSS
CVE
CVE
added 2015/10/06 5:0 p.m.53 views

CVE-2015-3879

CVE-2015-3879 affects the Android Media Player Framework (Android 5.1.1 LMY48T and earlier). The issue allows an attacker via a crafted application to gain privileges in mediaserver through memory corruption in media processing paths. Connected sources frame this as an elevation-of-privilege vuln...

9.3CVSS6.8AI score0.00618EPSS
CVE
CVE
added 2015/11/03 11:0 a.m.53 views

CVE-2015-6614

CVE-2015-6614 affects Android 5.x before 5.1.1 LMY48X in Telephony. The vulnerability is an elevation-of-privilege flaw that can allow a local malicious app to bypass intended network-interface restrictions, gain privileges, and enable actions such as bypassing restrictions, expensive data transf...

5.8CVSS6.8AI score0.00563EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2015-8596

CVE-2015-8596 concerns a buffer length validation flaw in Qualcomm closed‑source malware protection components used in Android CAF builds running the Linux kernel. The root cause is missing validation of buffer lengths, described across multiple sources as a buffer overflow/length-check omission....

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2016/08/06 10:0 a.m.53 views

CVE-2015-8940

Summary: CVE-2015-8940 describes an integer overflow in the Qualcomm sound driver component at sound/soc/msm/qdsp6v2/q6lsm.c on Nexus 6 devices running Android before 2016-08-05. The root cause is within the Qualcomm MSM qdsp6v2 driver, enabling a crafted application to escalate privileges locall...

9.3CVSS7.6AI score0.00544EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.53 views

CVE-2015-9010

CVE-2015-9010 is described as an elevation of privilege vulnerability affecting Qualcomm closed‑source components used by Android, within the Android kernel. The provided documents confirm the issue is associated with Qualcomm components and Android kernel, but do not provide specific technical d...

10CVSS8.8AI score0.01154EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2015-9032

CVE-2015-9032: In CAF Android releases using the Linux kernel, a DRM key was exposed to QTEE applications, enabling information disclosure of DRM secrets. The description does not provide remediation details or explicit root-cause fixes in the supplied documents.

4.3CVSS4.8AI score0.00431EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2015-9063

CVE-2015-9063 : Technical details are not publicly provided in the supplied documents. Monitor for updates from official advisories; there are currently no concrete details on affected products, impact, or remediation in this source set.

10CVSS9AI score0.01056EPSS
CVE
CVE
added 2016/02/07 1:0 a.m.53 views

CVE-2016-0811

CVE-2016-0811 covers an integer overflow in BnCrypto::onTransact within media/libmedia/ICrypto.cpp of libmediaplayerservice on Android 6.x prior to 2016-02-01. The vulnerability can allow attackers to obtain sensitive information and bypass an unspecified protection mechanism through a improper s...

7.8CVSS8AI score0.00675EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.53 views

CVE-2016-0840

CVE-2016-0840 refers to multiple stack-based buffer underflows in mediaserver’s decoder/ih264d_parse_cavlc.c on Android 6.x prior to 2016-04-01. The flaw allows memory corruption that could enable remote code execution or a denial of service when processing crafted media files. The entry is suppo...

10CVSS8.2AI score0.01652EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.53 views

CVE-2016-0842

CVE-2016-0842 affects libstagefright’s H.264 decoder in Android 6.x prior to 2016-04-01. The root cause is improper handling of MMCO data, enabling memory corruption that could allow remote code execution or a denial of service via crafted media files. Public details specify the affected componen...

10CVSS8.2AI score0.01667EPSS
CVE
CVE
added 2016/04/18 12:0 a.m.53 views

CVE-2016-0846

CVE-2016-0846 affects the IMemory Native Interface (libs/binder/IMemory.cpp) in Android, where the heap size is not properly accounted for, enabling a local attacker to gain privileged execution (Signature or SignatureOrSystem) via a crafted app. The issue affects Android 4.x up to 4.4.3/4.4.4, 5...

8.4CVSS7.8AI score0.01306EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.53 views

CVE-2016-10230

CVE-2016-10230 is a remote code execution vulnerability in the Qualcomm crypto engine driver affecting the Android kernel. The Android bulletin (April 2017) lists the issue under the Qualcomm components and ties the fix to the 2017-04-05 patch level. Affected Google devices include Nexus 5X, Nexu...

10CVSS9.3AI score0.03066EPSS
CVE
CVE
added 2018/04/04 6:0 p.m.53 views

CVE-2016-10299

CVE-2016-10299 is an elevation of privilege vulnerability in Qualcomm closed‑source components used by Android, affecting the Android kernel. Reported impact is high/critical (CVSS v3 base score 9.8) with network attack vector, no user interaction required, and likely requires no privileges. The ...

10CVSS8.8AI score0.0113EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2016-10332

CVE-2016-10332 : Affects Android builds from CAF using the Linux kernel where stack protection was not enabled for secure applications. The available description specifies the missing stack-protection bit but provides no details on affected products/versions beyond “Android releases from CAF usin...

5.5CVSS5.9AI score0.00485EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2016-10344

CVE-2016-10344 affects Qualcomm components in Android CAF builds using the Linux kernel, where an out-of-range pointer offset in LTE could be exploited. The entry lists a high-severity impact (CVSS v3 base score 9.8, CRITICAL) with attack vector Network and no user interaction, but the provided d...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2016-10387

CVE-2016-10387 concerns Qualcomm CAF Android devices using the Linux kernel, where an assertion could be reachable during a handover. The CVSS3/3.0 score is 9.8 (CRITICAL) with high impact to confidentiality, integrity, and availability, indicating severe risk if exploitable. The provided Connect...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2016-10390

CVE-2016-10390 corresponds to a memory‑consumption issue in Qualcomm components used in Android builds based on CAF Linux kernels. When a file is downloaded, an excessive amount of memory may be consumed, potentially impacting device stability. The vulnerability is described across multiple feeds...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2020/04/07 12:45 p.m.53 views

CVE-2016-11048

Technical details for CVE-2016-11048 are not publicly available in the provided documents. Monitor for updates.

4.6CVSS4.8AI score0.00134EPSS
CVE
CVE
added 2020/04/07 12:34 p.m.53 views

CVE-2016-11052

This CVE affects Samsung mobile devices running Lollipop (5.0/5.1) and involves memory corruption in je_free() within libQjpeg.so (Qt 5.5’s Qjpeg). The root cause is parsing a malformed JPEG file, leading to potential memory corruption in affected components. Connected documents confirm the issue...

7.8CVSS7.7AI score0.00295EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.53 views

CVE-2016-2480

CVE-2016-2480 affects the mm-video-v4l2 vidc component in Mediaserver (Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-06-01). The root cause is improper validation of certain OMX parameter data structures, enabling a local attacker to gain privileges via a cr...

9.3CVSS8AI score0.00419EPSS
CVE
CVE
added 2016/06/13 1:0 a.m.53 views

CVE-2016-2482

CVE-2016-2482 affects the mm-video-v4l2 vdec component in Android Mediaserver, where a faulty handling of a buffer count in versions prior to 4.4.4 (and 5.x/6.x ranges listed) enables a local attacker to gain privileges (Signature or SignatureOrSystem) via a crafted application. The issue is an e...

9.3CVSS8.1AI score0.00419EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.53 views

CVE-2016-3753

Technical details about CVE-2016-3753 are not publicly provided in the supplied documents. Mediaserver information disclosure vulnerability is described, but there is no version-specific or exploit information in the connected sources. Monitor for updates.

7.5CVSS7AI score0.00715EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.53 views

CVE-2016-3772

CVE-2016-3772 concerns the MediaTek drivers in Android One devices prior to 2016-07-05, enabling local privilege escalation via a crafted application. The issue is described as Android internal bug 29008188 and MediaTek internal bug ALPS02703102, with affected software components being the Androi...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.53 views

CVE-2016-3793

CVE-2016-3793 affects the NVIDIA camera driver (NVIDIA Tegra/Kernel driver) on Android, where a race condition use-after-free in the camera kernel path could allow a local attacker to gain privileges via a crafted app on affected Nexus devices (e.g., Nexus 9). The issue is described as a race con...

9.3CVSS7.4AI score0.00419EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.53 views

CVE-2016-3799

CVE-2016-3799 is a privilege-escalation flaw in the MediaTek video driver on Android One devices, present in Android builds prior to 2016-07-05. An attacker could exploit a crafted application to gain elevated privileges within the device. The vulnerability affects MediaTek video driver component...

9.3CVSS7.5AI score0.00421EPSS
CVE
CVE
added 2016/07/11 1:0 a.m.53 views

CVE-2016-3806

The CVE-2016-3806 issue affects the MediaTek display driver in Android One devices. It enables privilege escalation via a crafted application, tied to Android internal bug 28402341 and MediaTek internal bug ALPS02715341. Public details indicate the vulnerability exists in the MediaTek display dri...

9.3CVSS7.5AI score0.00412EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.53 views

CVE-2016-3911

CVE-2016-3911 affects Android’s Zygote process: core/java/android/os/Process.java in Zygote allows a crafted application to gain privileges, impacting Android 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), 6.x (before 2016-10-01), and 7.0 (before 2016-10-01). Root cause is an ele...

9.3CVSS8AI score0.00524EPSS
CVE
CVE
added 2017/03/20 4:0 p.m.53 views

CVE-2016-5857

The CVE-2016-5857 issue affects the Qualcomm SPCom driver in Android, where Android kernels prior to 7.0 allow local users to execute arbitrary code in kernel context via a crafted application. The vulnerability originates from the SPCom driver and enables a local escalation of privilege with com...

7.8CVSS6.9AI score0.0026EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.53 views

CVE-2016-5864

CVE-2016-5864 affects Qualcomm sound driver components used in Android for MSM, Firefox OS for MSM, and QRD Android. The issue stems from user-supplied parameters that can trigger integer overflow, potentially followed by a buffer overflow, and a separate lower-bound check omission that may cause...

9.3CVSS7.9AI score0.00639EPSS
CVE
CVE
added 2016/10/10 10:0 a.m.53 views

CVE-2016-6675

This CVE (CVE-2016-6675) is a buffer/size difference (off-by-one) vulnerability in the Qualcomm Wi‑Fi driver’s CORE/HDD wlan_hdd_hostapd.c. Affected devices include Android on Nexus 5X and Android One, with exploitation via a crafted application that invokes the linkspeed ioctl, enabling local pr...

9.3CVSS7.9AI score0.00704EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.53 views

CVE-2016-6700

CVE-2016-6700 affects the libzipfile component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1. The issue is an elevation of privilege that could allow a local malicious app to execute arbitrary code in the context of a privileged process (Android ID A-30916186). Public vu...

9.3CVSS7.3AI score0.00836EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.53 views

CVE-2016-6709

CVE-2016-6709 describes an information disclosure vulnerability in Conscrypt and BoringSSL used by Android. The issue affects Android 6.x and 7.0 prior to 2016-11-01, where a MITM attacker could access sensitive data if a non-standard cipher suite is used by an application. The root cause is an i...

5.9CVSS5.7AI score0.00521EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.53 views

CVE-2016-6710

CVE-2016-6710 affects the Android Download Manager. The vulnerability is an information disclosure where a local malicious app could bypass OS data isolation to access data from other apps, arising in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01...

5.5CVSS5.5AI score0.0046EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.53 views

CVE-2016-6731

CVE-2016-6731 describes an elevation of privilege vulnerability in the NVIDIA GPU driver on Android prior to 2016-11-05. A local malicious app could execute arbitrary code in the kernel context , enabling a potential permanent device compromise. The issue is listed in public vulnerability tracker...

9.3CVSS7AI score0.00666EPSS
CVE
CVE
added 2016/11/25 4:0 p.m.53 views

CVE-2016-6747

CVE-2016-6747 affects Android Mediaserver. A denial-of-service vulnerability allows a specially crafted file to cause a device hang or reboot. The issue is tied to Mediaserver processing media data in Android prior to the 2016-11-05 patch level. Vulnerable component: Mediaserver in Android; root ...

7.1CVSS5.7AI score0.00544EPSS
CVE
CVE
added 2017/01/12 3:0 p.m.53 views

CVE-2016-6769

CVE-2016-6769 is an elevation-of-privilege vulnerability in Android’s Smart Lock. A local attacker could access Smart Lock settings without a PIN on an unlocked device where Smart Lock was the last settings pane accessed. Affected products/versions: Android 5.0.2, 5.1.1, 6.0, 6.0.1 (Android ID A-...

4.6CVSS4.8AI score0.00153EPSS
CVE
CVE
added 2017/01/12 8:0 p.m.53 views

CVE-2017-0397

CVE-2017-0397 is an information-disclosure vulnerability in Android’s Mediaserver component, specifically in id3/ID3.cpp within libstagefright. The issue could allow a local malicious app to access data outside its permission levels. Affected products/versions include Android releases 4.4.4–7.1.1...

5.5CVSS5.2AI score0.00467EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.53 views

CVE-2017-0468

CVE-2017-0468 affects Android Mediaserver; a remote code execution flaw triggered by specially crafted media/files can cause memory corruption during media processing. Affected: Android 6.0–7.1.1. Impact: remote code execution within Mediaserver. Remediation: apply March 2017 Android security pat...

9.3CVSS7.6AI score0.01422EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.53 views

CVE-2017-0480

Technical details about CVE-2017-0480 are not publicly provided in the supplied documents. Monitor updates; current entries summarize impact but lack specific vulnerable components/versions within this dataset.

9.3CVSS7.2AI score0.0076EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.53 views

CVE-2017-0499

Technical details for CVE-2017-0499 are not publicly available in the provided connected documents. The Initial Description notes a Low impact DoS in Audioserver for specific Android versions, but no deeper exploit, root cause, or remediation details are supplied here.

7.1CVSS5.2AI score0.00417EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.53 views

CVE-2017-0501

CVE-2017-0501 : Elevation of privilege in MediaTek components (including M4U, sound, touchscreen, GPU, and Command Queue drivers) could allow a local malicious app to execute arbitrary code in the kernel context on Android. The vulnerability is rated Critical due to potential permanent device com...

9.3CVSS7.3AI score0.00745EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.53 views

CVE-2017-0502

CVE-2017-0502 describes an elevation of privilege in MediaTek components (M4U, sound, touchscreen, GPU, Command Queue drivers) that could allow a local malicious app to execute arbitrary code in the kernel context, potentially leading to permanent device compromise requiring reflashing. The vulne...

9.3CVSS7.3AI score0.00745EPSS
CVE
CVE
added 2017/03/08 1:0 a.m.53 views

CVE-2017-0529

CVE-2017-0529 is an information-disclosure vulnerability in the MediaTek driver for Android. A local malicious app could access data outside its permission levels due to the driver’s data exposure. Primary affected component: MediaTek driver in Android. Root cause: information disclosure (no expl...

5.5CVSS4.9AI score0.00412EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.53 views

CVE-2017-0543

CVE-2017-0543: A remote code execution vulnerability in libavc within Mediaserver could allow memory corruption via a specially crafted media/file, leading to code execution in the Mediaserver process. Affected product: Android devices; versions include 6.0, 6.0.1, 7.0, and 7.1.1. Root cause desc...

9.3CVSS7.7AI score0.01575EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.53 views

CVE-2017-0554

CVE-2017-0554 is an elevation-of-privilege issue in the Android Telephony component that could let a local malicious app access capabilities outside its permissions. Affected Android versions are 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected documents confirm this is a local priv...

7.8CVSS7.5AI score0.01014EPSS
CVE
CVE
added 2017/04/07 10:0 p.m.53 views

CVE-2017-0556

CVE-2017-0556 is an information-disclosure vulnerability in libmpeg2 used by Mediaserver on Android (versions 6.0–7.1.1). The root cause is data exposure due to Mediaserver’s handling of media data via libmpeg2, enabling a local attacker to access data outside its permissions. Impact is confident...

5.5CVSS5.2AI score0.00524EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.53 views

CVE-2017-0674

CVE-2017-0674 is a remote code execution vulnerability in Android’s media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The description attributes the issue to a flaw in the media framework (no deeper root-cause details provided). The Android Security Bulletin for July 2017 ident...

9.3CVSS7.7AI score0.01096EPSS
CVE
CVE
added 2017/07/06 8:0 p.m.53 views

CVE-2017-0700

The CVE-2017-0700 entry concerns a remote code execution vulnerability in Android’s System UI affecting Android 7.1.1 and 7.1.2. Connected sources (CNVD-2017-21549) describe a Google Android System UI RCE affecting the same versions, noting it is exploitable remotely, but do not provide technical...

9.3CVSS7.7AI score0.01378EPSS
CVE
CVE
added 2017/08/09 9:0 p.m.53 views

CVE-2017-0728

CVE-2017-0728 is a denial-of-service vulnerability in the Android media framework, specifically the HEVC decoder. Affected products/versions: Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The issue is classified as DoS in the Media framework with absence of explicit exploit details in the ...

7.8CVSS7AI score0.00336EPSS
Total number of security vulnerabilities8153