Lucene search

K

930 matches found

CVE
CVE
added 2023/10/30 5:15 p.m.29 views

CVE-2023-21311

In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.2AI score0.00004EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.28 views

CVE-2015-9038

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.

10CVSS7.8AI score0.00131EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.28 views

CVE-2016-3774

The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.28 views

CVE-2016-3795

The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085222 and MediaTek internal bug ALPS02677244.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.28 views

CVE-2016-3807

The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.28 views

CVE-2016-3853

Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.

5.5CVSS5.7AI score0.00012EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.28 views

CVE-2016-3859

The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.

9.3CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.28 views

CVE-2016-3907

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

5.5CVSS5.1AI score0.00072EPSS
CVE
CVE
added 2016/12/13 7:59 p.m.28 views

CVE-2016-6722

An information disclosure vulnerability in libstagefright in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to access data outside of its permission levels. This issue is ra...

5.5CVSS5.3AI score0.00091EPSS
CVE
CVE
added 2017/04/17 4:59 p.m.28 views

CVE-2016-6726

Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.

10CVSS9.2AI score0.00106EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.28 views

CVE-2023-21316

In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.00015EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.28 views

CVE-2023-21323

In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitati...

5.5CVSS5.6AI score0.00027EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.28 views

CVE-2023-21338

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.00017EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.27 views

CVE-2015-9043

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.

10CVSS7.8AI score0.00131EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.27 views

CVE-2016-3767

The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.27 views

CVE-2016-3798

The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek internal bug ALPS02703105.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.27 views

CVE-2016-3804

The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.27 views

CVE-2016-3811

The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.

9.3CVSS7.3AI score0.00043EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.27 views

CVE-2016-3843

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 a...

9.3CVSS7.7AI score0.00173EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.27 views

CVE-2023-21308

In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.9AI score0.00022EPSS
CVE
CVE
added 2016/07/11 2:0 a.m.26 views

CVE-2016-3769

The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656.

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.26 views

CVE-2016-6714

A remote denial of service vulnerability in Mediaserver in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A...

7.1CVSS5.7AI score0.00128EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.26 views

CVE-2023-21332

In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.1AI score0.00031EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.26 views

CVE-2023-21345

In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploi...

3.3CVSS4.4AI score0.00024EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.25 views

CVE-2016-6679

CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes a setwpaie ioctl call, aka Android internal bug 29915601 and Qualcomm internal bug CR 1...

5.5CVSS5.8AI score0.00108EPSS
CVE
CVE
added 2016/10/10 11:0 a.m.25 views

CVE-2016-6693

sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585.

9.8CVSS9.5AI score0.00217EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.25 views

CVE-2023-21341

In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00004EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.25 views

CVE-2023-44127

he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.

5.5CVSS4.4AI score0.00046EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.25 views

CVE-2023-44129

The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a ...

3.6CVSS4AI score0.00034EPSS
CVE
CVE
added 2023/09/27 3:19 p.m.24 views

CVE-2023-44126

The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, co...

5.5CVSS4.3AI score0.00046EPSS
Total number of security vulnerabilities930