8153 matches found
CVE-2016-6763
CVE-2016-6763 describes a denial-of-service vulnerability in Android’s Telephony stack. A local malicious application could cause a device hang or reboot by feeding the system a specially crafted file. Affected versions include Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, and 7.0. The entry notes the...
CVE-2015-3879
CVE-2015-3879 affects the Android Media Player Framework (Android 5.1.1 LMY48T and earlier). The issue allows an attacker via a crafted application to gain privileges in mediaserver through memory corruption in media processing paths. Connected sources frame this as an elevation-of-privilege vuln...
CVE-2015-6614
CVE-2015-6614 affects Android 5.x before 5.1.1 LMY48X in Telephony. The vulnerability is an elevation-of-privilege flaw that can allow a local malicious app to bypass intended network-interface restrictions, gain privileges, and enable actions such as bypassing restrictions, expensive data transf...
CVE-2015-8596
CVE-2015-8596 concerns a buffer length validation flaw in Qualcomm closed‑source malware protection components used in Android CAF builds running the Linux kernel. The root cause is missing validation of buffer lengths, described across multiple sources as a buffer overflow/length-check omission....
CVE-2015-8940
Summary: CVE-2015-8940 describes an integer overflow in the Qualcomm sound driver component at sound/soc/msm/qdsp6v2/q6lsm.c on Nexus 6 devices running Android before 2016-08-05. The root cause is within the Qualcomm MSM qdsp6v2 driver, enabling a crafted application to escalate privileges locall...
CVE-2015-9010
CVE-2015-9010 is described as an elevation of privilege vulnerability affecting Qualcomm closed‑source components used by Android, within the Android kernel. The provided documents confirm the issue is associated with Qualcomm components and Android kernel, but do not provide specific technical d...
CVE-2015-9032
CVE-2015-9032: In CAF Android releases using the Linux kernel, a DRM key was exposed to QTEE applications, enabling information disclosure of DRM secrets. The description does not provide remediation details or explicit root-cause fixes in the supplied documents.
CVE-2015-9063
CVE-2015-9063 : Technical details are not publicly provided in the supplied documents. Monitor for updates from official advisories; there are currently no concrete details on affected products, impact, or remediation in this source set.
CVE-2016-0811
CVE-2016-0811 covers an integer overflow in BnCrypto::onTransact within media/libmedia/ICrypto.cpp of libmediaplayerservice on Android 6.x prior to 2016-02-01. The vulnerability can allow attackers to obtain sensitive information and bypass an unspecified protection mechanism through a improper s...
CVE-2016-0840
CVE-2016-0840 refers to multiple stack-based buffer underflows in mediaserver’s decoder/ih264d_parse_cavlc.c on Android 6.x prior to 2016-04-01. The flaw allows memory corruption that could enable remote code execution or a denial of service when processing crafted media files. The entry is suppo...
CVE-2016-0842
CVE-2016-0842 affects libstagefright’s H.264 decoder in Android 6.x prior to 2016-04-01. The root cause is improper handling of MMCO data, enabling memory corruption that could allow remote code execution or a denial of service via crafted media files. Public details specify the affected componen...
CVE-2016-0846
CVE-2016-0846 affects the IMemory Native Interface (libs/binder/IMemory.cpp) in Android, where the heap size is not properly accounted for, enabling a local attacker to gain privileged execution (Signature or SignatureOrSystem) via a crafted app. The issue affects Android 4.x up to 4.4.3/4.4.4, 5...
CVE-2016-10230
CVE-2016-10230 is a remote code execution vulnerability in the Qualcomm crypto engine driver affecting the Android kernel. The Android bulletin (April 2017) lists the issue under the Qualcomm components and ties the fix to the 2017-04-05 patch level. Affected Google devices include Nexus 5X, Nexu...
CVE-2016-10299
CVE-2016-10299 is an elevation of privilege vulnerability in Qualcomm closed‑source components used by Android, affecting the Android kernel. Reported impact is high/critical (CVSS v3 base score 9.8) with network attack vector, no user interaction required, and likely requires no privileges. The ...
CVE-2016-10332
CVE-2016-10332 : Affects Android builds from CAF using the Linux kernel where stack protection was not enabled for secure applications. The available description specifies the missing stack-protection bit but provides no details on affected products/versions beyond “Android releases from CAF usin...
CVE-2016-10344
CVE-2016-10344 affects Qualcomm components in Android CAF builds using the Linux kernel, where an out-of-range pointer offset in LTE could be exploited. The entry lists a high-severity impact (CVSS v3 base score 9.8, CRITICAL) with attack vector Network and no user interaction, but the provided d...
CVE-2016-10387
CVE-2016-10387 concerns Qualcomm CAF Android devices using the Linux kernel, where an assertion could be reachable during a handover. The CVSS3/3.0 score is 9.8 (CRITICAL) with high impact to confidentiality, integrity, and availability, indicating severe risk if exploitable. The provided Connect...
CVE-2016-10390
CVE-2016-10390 corresponds to a memory‑consumption issue in Qualcomm components used in Android builds based on CAF Linux kernels. When a file is downloaded, an excessive amount of memory may be consumed, potentially impacting device stability. The vulnerability is described across multiple feeds...
CVE-2016-11048
Technical details for CVE-2016-11048 are not publicly available in the provided documents. Monitor for updates.
CVE-2016-11052
This CVE affects Samsung mobile devices running Lollipop (5.0/5.1) and involves memory corruption in je_free() within libQjpeg.so (Qt 5.5’s Qjpeg). The root cause is parsing a malformed JPEG file, leading to potential memory corruption in affected components. Connected documents confirm the issue...
CVE-2016-2480
CVE-2016-2480 affects the mm-video-v4l2 vidc component in Mediaserver (Android 4.x up to 4.4.4, 5.0.x up to 5.0.2, 5.1.x up to 5.1.1, and 6.x prior to 2016-06-01). The root cause is improper validation of certain OMX parameter data structures, enabling a local attacker to gain privileges via a cr...
CVE-2016-2482
CVE-2016-2482 affects the mm-video-v4l2 vdec component in Android Mediaserver, where a faulty handling of a buffer count in versions prior to 4.4.4 (and 5.x/6.x ranges listed) enables a local attacker to gain privileges (Signature or SignatureOrSystem) via a crafted application. The issue is an e...
CVE-2016-3753
Technical details about CVE-2016-3753 are not publicly provided in the supplied documents. Mediaserver information disclosure vulnerability is described, but there is no version-specific or exploit information in the connected sources. Monitor for updates.
CVE-2016-3772
CVE-2016-3772 concerns the MediaTek drivers in Android One devices prior to 2016-07-05, enabling local privilege escalation via a crafted application. The issue is described as Android internal bug 29008188 and MediaTek internal bug ALPS02703102, with affected software components being the Androi...
CVE-2016-3793
CVE-2016-3793 affects the NVIDIA camera driver (NVIDIA Tegra/Kernel driver) on Android, where a race condition use-after-free in the camera kernel path could allow a local attacker to gain privileges via a crafted app on affected Nexus devices (e.g., Nexus 9). The issue is described as a race con...
CVE-2016-3799
CVE-2016-3799 is a privilege-escalation flaw in the MediaTek video driver on Android One devices, present in Android builds prior to 2016-07-05. An attacker could exploit a crafted application to gain elevated privileges within the device. The vulnerability affects MediaTek video driver component...
CVE-2016-3806
The CVE-2016-3806 issue affects the MediaTek display driver in Android One devices. It enables privilege escalation via a crafted application, tied to Android internal bug 28402341 and MediaTek internal bug ALPS02715341. Public details indicate the vulnerability exists in the MediaTek display dri...
CVE-2016-3911
CVE-2016-3911 affects Android’s Zygote process: core/java/android/os/Process.java in Zygote allows a crafted application to gain privileges, impacting Android 4.x (before 4.4.4), 5.0.x (before 5.0.2), 5.1.x (before 5.1.1), 6.x (before 2016-10-01), and 7.0 (before 2016-10-01). Root cause is an ele...
CVE-2016-5857
The CVE-2016-5857 issue affects the Qualcomm SPCom driver in Android, where Android kernels prior to 7.0 allow local users to execute arbitrary code in kernel context via a crafted application. The vulnerability originates from the SPCom driver and enables a local escalation of privilege with com...
CVE-2016-5864
CVE-2016-5864 affects Qualcomm sound driver components used in Android for MSM, Firefox OS for MSM, and QRD Android. The issue stems from user-supplied parameters that can trigger integer overflow, potentially followed by a buffer overflow, and a separate lower-bound check omission that may cause...
CVE-2016-6675
This CVE (CVE-2016-6675) is a buffer/size difference (off-by-one) vulnerability in the Qualcomm Wi‑Fi driver’s CORE/HDD wlan_hdd_hostapd.c. Affected devices include Android on Nexus 5X and Android One, with exploitation via a crafted application that invokes the linkspeed ioctl, enabling local pr...
CVE-2016-6700
CVE-2016-6700 affects the libzipfile component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1. The issue is an elevation of privilege that could allow a local malicious app to execute arbitrary code in the context of a privileged process (Android ID A-30916186). Public vu...
CVE-2016-6709
CVE-2016-6709 describes an information disclosure vulnerability in Conscrypt and BoringSSL used by Android. The issue affects Android 6.x and 7.0 prior to 2016-11-01, where a MITM attacker could access sensitive data if a non-standard cipher suite is used by an application. The root cause is an i...
CVE-2016-6710
CVE-2016-6710 affects the Android Download Manager. The vulnerability is an information disclosure where a local malicious app could bypass OS data isolation to access data from other apps, arising in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01...
CVE-2016-6731
CVE-2016-6731 describes an elevation of privilege vulnerability in the NVIDIA GPU driver on Android prior to 2016-11-05. A local malicious app could execute arbitrary code in the kernel context , enabling a potential permanent device compromise. The issue is listed in public vulnerability tracker...
CVE-2016-6747
CVE-2016-6747 affects Android Mediaserver. A denial-of-service vulnerability allows a specially crafted file to cause a device hang or reboot. The issue is tied to Mediaserver processing media data in Android prior to the 2016-11-05 patch level. Vulnerable component: Mediaserver in Android; root ...
CVE-2016-6769
CVE-2016-6769 is an elevation-of-privilege vulnerability in Android’s Smart Lock. A local attacker could access Smart Lock settings without a PIN on an unlocked device where Smart Lock was the last settings pane accessed. Affected products/versions: Android 5.0.2, 5.1.1, 6.0, 6.0.1 (Android ID A-...
CVE-2017-0397
CVE-2017-0397 is an information-disclosure vulnerability in Android’s Mediaserver component, specifically in id3/ID3.cpp within libstagefright. The issue could allow a local malicious app to access data outside its permission levels. Affected products/versions include Android releases 4.4.4–7.1.1...
CVE-2017-0468
CVE-2017-0468 affects Android Mediaserver; a remote code execution flaw triggered by specially crafted media/files can cause memory corruption during media processing. Affected: Android 6.0–7.1.1. Impact: remote code execution within Mediaserver. Remediation: apply March 2017 Android security pat...
CVE-2017-0480
Technical details about CVE-2017-0480 are not publicly provided in the supplied documents. Monitor updates; current entries summarize impact but lack specific vulnerable components/versions within this dataset.
CVE-2017-0499
Technical details for CVE-2017-0499 are not publicly available in the provided connected documents. The Initial Description notes a Low impact DoS in Audioserver for specific Android versions, but no deeper exploit, root cause, or remediation details are supplied here.
CVE-2017-0501
CVE-2017-0501 : Elevation of privilege in MediaTek components (including M4U, sound, touchscreen, GPU, and Command Queue drivers) could allow a local malicious app to execute arbitrary code in the kernel context on Android. The vulnerability is rated Critical due to potential permanent device com...
CVE-2017-0502
CVE-2017-0502 describes an elevation of privilege in MediaTek components (M4U, sound, touchscreen, GPU, Command Queue drivers) that could allow a local malicious app to execute arbitrary code in the kernel context, potentially leading to permanent device compromise requiring reflashing. The vulne...
CVE-2017-0529
CVE-2017-0529 is an information-disclosure vulnerability in the MediaTek driver for Android. A local malicious app could access data outside its permission levels due to the driver’s data exposure. Primary affected component: MediaTek driver in Android. Root cause: information disclosure (no expl...
CVE-2017-0543
CVE-2017-0543: A remote code execution vulnerability in libavc within Mediaserver could allow memory corruption via a specially crafted media/file, leading to code execution in the Mediaserver process. Affected product: Android devices; versions include 6.0, 6.0.1, 7.0, and 7.1.1. Root cause desc...
CVE-2017-0554
CVE-2017-0554 is an elevation-of-privilege issue in the Android Telephony component that could let a local malicious app access capabilities outside its permissions. Affected Android versions are 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, and 7.1.1. The connected documents confirm this is a local priv...
CVE-2017-0556
CVE-2017-0556 is an information-disclosure vulnerability in libmpeg2 used by Mediaserver on Android (versions 6.0–7.1.1). The root cause is data exposure due to Mediaserver’s handling of media data via libmpeg2, enabling a local attacker to access data outside its permissions. Impact is confident...
CVE-2017-0674
CVE-2017-0674 is a remote code execution vulnerability in Android’s media framework affecting Android 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2. The description attributes the issue to a flaw in the media framework (no deeper root-cause details provided). The Android Security Bulletin for July 2017 ident...
CVE-2017-0700
The CVE-2017-0700 entry concerns a remote code execution vulnerability in Android’s System UI affecting Android 7.1.1 and 7.1.2. Connected sources (CNVD-2017-21549) describe a Google Android System UI RCE affecting the same versions, noting it is exploitable remotely, but do not provide technical...
CVE-2017-0728
CVE-2017-0728 is a denial-of-service vulnerability in the Android media framework, specifically the HEVC decoder. Affected products/versions: Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. The issue is classified as DoS in the Media framework with absence of explicit exploit details in the ...