Lucene search

K

930 matches found

CVE
CVE
added 2014/04/29 8:55 p.m.70 views

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and...

5CVSS6.8AI score0.00841EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.70 views

CVE-2015-3101

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 o...

4.3CVSS6.4AI score0.00545EPSS
CVE
CVE
added 2016/08/07 9:59 p.m.69 views

CVE-2016-5340

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashm...

7.8CVSS7.1AI score0.00022EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.69 views

CVE-2024-31311

In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.0004EPSS
CVE
CVE
added 2024/07/09 9:15 p.m.69 views

CVE-2024-31322

In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.68 views

CVE-2015-3106

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before ...

10CVSS7.4AI score0.57902EPSS
CVE
CVE
added 2015/10/02 2:59 a.m.68 views

CVE-2015-3876

libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.

9.3CVSS7.8AI score0.04562EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.68 views

CVE-2015-5578

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.68 views

CVE-2015-6682

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary co...

10CVSS7.5AI score0.71007EPSS
CVE
CVE
added 2024/12/05 12:15 a.m.68 views

CVE-2018-9402

In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel.

8.8CVSS7AI score0.00025EPSS
CVE
CVE
added 2017/02/07 7:59 a.m.67 views

CVE-2014-9914

Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structu...

7.8CVSS7.3AI score0.00032EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.67 views

CVE-2015-3098

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

5CVSS6.5AI score0.00583EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.67 views

CVE-2017-0750

A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013.

7.8CVSS8.2AI score0.0026EPSS
CVE
CVE
added 2024/12/05 12:15 a.m.67 views

CVE-2018-9439

In __unregister_prot_hook and packet_release of af_packet.c, there is apossible use-after-free due to improper locking. This could lead to localescalation of privilege in the kernel with System execution privilegesneeded. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.0001EPSS
CVE
CVE
added 2020/02/07 4:15 p.m.66 views

CVE-2014-7224

A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.

9CVSS7.5AI score0.02201EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.66 views

CVE-2014-9892

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted applica...

5.5CVSS5.3AI score0.00162EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.66 views

CVE-2015-5570

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary co...

10CVSS7.5AI score0.71007EPSS
CVE
CVE
added 2016/08/30 5:59 p.m.66 views

CVE-2016-5342

Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial ...

7.8CVSS7.9AI score0.00614EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.66 views

CVE-2017-0428

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the ope...

9.3CVSS7.2AI score0.00135EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.65 views

CVE-2014-9870

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qu...

9.3CVSS7.5AI score0.00075EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.65 views

CVE-2015-3096

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

6.8CVSS6.5AI score0.00423EPSS
CVE
CVE
added 2017/01/13 4:59 p.m.65 views

CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire...

5.5CVSS6.2AI score0.00021EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.65 views

CVE-2023-21389

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00007EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.64 views

CVE-2015-3102

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

5CVSS6.5AI score0.00583EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.64 views

CVE-2015-5572

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass intended access restrictions and obtain sensit...

5CVSS6.1AI score0.01518EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.64 views

CVE-2016-2068

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read)...

7.8CVSS7.6AI score0.00162EPSS
CVE
CVE
added 2017/09/21 3:29 p.m.64 views

CVE-2017-10998

In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operat...

7.8CVSS8AI score0.00138EPSS
CVE
CVE
added 2018/11/30 6:29 p.m.64 views

CVE-2018-15835

Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.

7.5CVSS7.4AI score0.06225EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.64 views

CVE-2023-21314

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS5AI score0.00014EPSS
CVE
CVE
added 2015/06/10 1:59 a.m.63 views

CVE-2015-3099

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

5CVSS6.5AI score0.00583EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.63 views

CVE-2015-5588

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVE
added 2015/10/02 2:59 a.m.63 views

CVE-2015-6602

libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.

9.3CVSS7.7AI score0.01766EPSS
CVE
CVE
added 2024/09/11 12:15 a.m.63 views

CVE-2024-23716

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

7.4CVSS7.1AI score0.0001EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.62 views

CVE-2015-5580

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.62 views

CVE-2015-5584

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary co...

10CVSS7.5AI score0.71007EPSS
CVE
CVE
added 2020/12/24 6:15 p.m.62 views

CVE-2020-35693

On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offer...

8.8CVSS8.3AI score0.00044EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.62 views

CVE-2023-21330

In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

5.5CVSS5.6AI score0.00031EPSS
CVE
CVE
added 2020/01/24 6:15 p.m.61 views

CVE-2015-1530

media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size.

7.8CVSS7.8AI score0.00063EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.61 views

CVE-2015-5567

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.7AI score0.11081EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.61 views

CVE-2015-5575

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.61 views

CVE-2023-21342

In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00005EPSS
CVE
CVE
added 2011/10/25 7:55 p.m.60 views

CVE-2011-3881

WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedProperty...

4.3CVSS5.4AI score0.00502EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.60 views

CVE-2015-5568

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) ...

10CVSS7.1AI score0.31842EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.60 views

CVE-2015-5581

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary co...

10CVSS7.5AI score0.71007EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.60 views

CVE-2015-6677

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.60 views

CVE-2017-0523

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Andro...

7.6CVSS6.7AI score0.00056EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.60 views

CVE-2023-21307

In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

5CVSS4.9AI score0.00004EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.60 views

CVE-2023-21390

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00007EPSS
CVE
CVE
added 2011/04/21 10:55 a.m.59 views

CVE-2011-1149

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK...

7.2CVSS6.8AI score0.00035EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.59 views

CVE-2015-5577

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
Total number of security vulnerabilities930