Lucene search
K

334 matches found

CVE
CVE
added 2017/08/18 6:0 p.m.57 views

CVE-2015-8593

CVE-2015-8593 describes a buffer overflow in the 1x call processing of Qualcomm components used in Android CAF releases running the Linux kernel. The entry indicates a high-severity issue (CVSSv3: 9.8, CRITICAL) with network access, no user interaction, and no privileges required, potentially imp...

10CVSS9AI score0.01184EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.57 views

CVE-2016-10391

CVE-2016-10391 affects Qualcomm Wconnect in Android CAF builds using the Linux kernel. The root cause is insufficient validation of HCI command length, enabling a remote attacker to trigger unauthorized operations. CVSSv3 is reported as 9.8 (CRITICAL). The issue is discussed in multiple sources; ...

10CVSS8AI score0.00836EPSS
CVE
CVE
added 2020/01/08 6:39 p.m.57 views

CVE-2016-5346

CVE-2016-5346 affects Google Pixel/Pixel XL via the Qualcomm Avtimer driver. It is a NULL pointer dereference when processing an accept() call on AF_MSM_IPC sockets in a user process, enabling a local attacker to disclose sensitive information. The available documents confirm local information di...

5.5CVSS6.3AI score0.00346EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.57 views

CVE-2017-8266

CVE-2017-8266 describes a race condition in the Qualcomm video driver used in CAF Android/Linux kernel variants, potentially leading to a use-after-free. Affected component: video driver within Qualcomm/CAF/Linux kernel stack. Impact details in the CVE notes indicate a partial impact on confident...

7CVSS6.7AI score0.00322EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.56 views

CVE-2014-9981

CVE-2014-9981 is reported as a Qualcomm component issue. The connected data indicate a buffer/overflow concern in the USB interface during boot for Qualcomm components used in Android CAF builds running the Linux kernel. The root cause is described as an insufficient overflow check in the USB int...

10CVSS8.9AI score0.00964EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.56 views

CVE-2015-8999

CVE-2015-8999: The vulnerability is described as a TrustZone buffer overflow that can occur in Android CAF builds when loading an ELF file. Connected sources corroborate a TrustZone buffer overflow in Android’s TrustZone component with potential for arbitrary code execution or denial of service, ...

9.3CVSS7.5AI score0.00625EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.56 views

CVE-2017-7369

CVE-2017-7369 affects Android CAF builds using the Linux kernel. The vulnerability stems from an array index in an ALSA routine not properly validating input, which can potentially lead to kernel stack corruption. Public details in the provided documents describe the root cause and impact but do ...

9.3CVSS7.2AI score0.00458EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.56 views

CVE-2017-7370

CVE-2017-7370 is listed in connected sources as a Qualcomm video driver vulnerability (Video driver) causing an elevation of privilege (EoP) with Moderate severity. The detail consistently attributes the flaw to a race condition in the video driver within Android CAF/Linux kernel deployments. No ...

7.6CVSS6.8AI score0.00342EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.56 views

CVE-2017-8262

CVE-2017-8262 is documented in multiple sources as a use-after-free race condition in Qualcomm components (GPU driver) within CAF Android Linux-kernel builds. Affected software is Qualcomm’s GPU driver stack integrated in CAF Android releases; root cause described as a race in memory allocation/f...

7.6CVSS6.7AI score0.00345EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.56 views

CVE-2017-8270

Technical details about CVE-2017-8270 are not publicly provided in the connected documents. The available sources only reiterate a race condition in Qualcomm CAF/Linux kernel driver; monitor for updates and disclosures.

7CVSS6.7AI score0.00284EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.56 views

CVE-2023-21306

CVE-2023-21306 affects Android’s ContentService, enabling local information disclosure by reading installed sync content providers via a side-channel. The vulnerability description states no additional execution privileges and no user interaction are required. The available sources (CVE entry and...

5.5CVSS5.5AI score0.00092EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.56 views

CVE-2023-21334

CVE-2023-21334 affects Android's App Ops Service. A logic error allows an attacker with local access to disclose information about installed packages without requiring extra execution privileges or user interaction. The vulnerability is documented across multiple sources (NVD/Red Hat/CNNVD) with ...

5.5CVSS5.8AI score0.00105EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.56 views

CVE-2023-21347

CVE-2023-21347 is a Bluetooth information-disclosure vulnerability caused by a missing bounds check that enables a remote read of memory without user interaction. The initial and related records consistently describe an out-of-bounds read leading to potential information disclosure with no extra ...

7.5CVSS7.4AI score0.00364EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.56 views

CVE-2023-21396

CVE-2023-21396 affects Android’s Activity Manager (System component) with a logic error that can cause a background activity to launch, enabling local escalation of privilege. Under the Android 14 release notes, this is categorized as EoP (Moderate) in the System group. The description explicitly...

7.8CVSS7.8AI score0.00105EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.55 views

CVE-2014-9936

CVE-2014-9936 describes a time-of-check time-of-use race condition in TrustZone used during authentication on Android devices that use CAF/Linux kernel. Connected sources indicate the issue affects Android releases prior to 7.0 in TrustZone authentication routines, implying a potential impact to ...

7.6CVSS6.8AI score0.00572EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.55 views

CVE-2015-8995

CVE-2015-8995 describes an integer overflow vulnerability in TrustZone that could affect all Android releases from CAF using the Linux kernel. The connected NVD entry attributes this to the TrustZone component, noting potential impacts to confidentiality, integrity, and availability (CVSS base me...

9.3CVSS7.6AI score0.00606EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.55 views

CVE-2015-9002

This CVE concerns Google Android TrustZone, where a DRM routine in the TrustZone DRM path can suffer an out-of-range pointer offset (integer overflow) vulnerability. Connected CNVD entry explicitly states an integer overflow in the TrustZone DRM routine exists on Android, and that an attacker cou...

9.3CVSS7.4AI score0.00578EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.55 views

CVE-2016-10336

Technical details about CVE-2016-10336 are not publicly available in the provided connected documents. The material confirms memory regions unprotected during boot on CAF Android/Linux, but remediation specifics are not included here. Monitor for updates.

5.5CVSS5.6AI score0.00485EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.55 views

CVE-2016-10342

CVE-2016-10342 is a buffer overflow in an Android CAF Linux kernel syscall handler. Attack requires local access and user interaction, with potential for high impact (admin privileges) per CVSS data. Affected: Android CAF builds using the Linux kernel; exploit details are not provided in the link...

9.3CVSS7.7AI score0.00625EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.55 views

CVE-2016-10388

Technical details about CVE-2016-10388 are not publicly provided in the connected documents. Monitor for updates.

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.55 views

CVE-2016-5861

CVE-2016-5861 affects Qualcomm display/video driver in Android for MSM. The vulnerability arises when a userspace-controlled variable is used to compute offsets/sizes for copy operations, potentially causing a heap overflow. The connected documents classify this as an Elevation of Privilege (EoP)...

8.8CVSS8.3AI score0.00442EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.55 views

CVE-2017-8261

CVE-2017-8261 is a Qualcomm component issue affecting the Camera driver in CAF Android builds using the Linux kernel. The root cause is a potential kernel overwrite in a camera driver ioctl, enabling Elevation of Privilege rather than remote code execution. The vulnerability is classified as EoP ...

7.8CVSS6.4AI score0.00356EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.55 views

CVE-2017-9678

CVE-2017-9678 affects Qualcomm’s video driver in Android CAF builds on Linux kernel. The issue is memory corruption due to lack of bounds checking in memcpy(), enabling local exploitation with user interaction. CVSS v3.0 base score 7.8 (HIGH) with LOCAL exploit and HIGH impact on confidentiality,...

9.3CVSS7.4AI score0.00465EPSS
CVE
CVE
added 2020/01/06 5:26 p.m.55 views

CVE-2019-9468

The CVE-2019-9468 issue affects Android 10 and is caused by a double free in export_key_der inside export_key.cpp, leading to memory corruption and local privilege escalation without user interaction. The vulnerability is categorized as EoP with high impact, as reflected in the Pixel Update Bulle...

7.8CVSS8.3AI score0.00164EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.55 views

CVE-2023-21324

CVE-2023-21324 is listed in Android 14 release notes under the Framework section as an elevation-of-privilege (EoP) vulnerability with moderate severity. The exact affected packages/versions are not detailed in the provided sources, but the Android bulletin states these issues are fixed in Androi...

7.8CVSS7.5AI score0.00093EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.55 views

CVE-2023-21335

CVE-2023-21335 affects Android, describing a side-channel in Settings that allows determining if an app is installed without query permissions. The vulnerability enables local information disclosure with no extra privileges and no user interaction required. Connected sources (RH security advisory...

5.5CVSS5.6AI score0.00101EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.54 views

CVE-2015-0575

CVE-2015-0575 describes an insecure-cipher-suite issue in Qualcomm components used in Android builds (CAF Linux kernel). The connected CNVD-2017-26831 entry explicitly attributes the vulnerability to the Qualcomm closed‑source component in Android, arising from insecure default cipher configurati...

10CVSS7.8AI score0.0052EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.54 views

CVE-2015-9041

CVE-2015-9041 is a buffer overflow vulnerability in Qualcomm closed‑source components used in Android CAF builds based on the Linux kernel, triggered during WCDMA radio tuning. Public sources (NVD/CNVD) describe a buffer overflow in the Qualcomm component within Android, with potential for arbitr...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.54 views

CVE-2015-9065

CVE-2015-9065 concerns Qualcomm products with CAF Android releases using the Linux kernel, where a UE may respond to a UEInformationRequest before Access Stratum security is established. The provided sources describe the issue but do not specify exact affected models, versions, or a vendor patch/...

10CVSS8.7AI score0.00976EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.54 views

CVE-2016-10339

CVE-2016-10339 affects CAF Android builds using the Linux kernel. The issue allows HLOS to overwrite secure memory or read the keystore contents. Details across sources indicate the vulnerability impacts Android devices in CAF releases and were addressed in the 2017 Android security patches (June...

7.1CVSS6.7AI score0.00502EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.54 views

CVE-2017-7368

CVE-2017-7368 affects Android releases from CAF that use the Linux kernel. The issue is a race condition in the ioctl handler of a sound driver, identified as the root cause in the description. The access vector is local, with user interaction required, and the impact is described as high for con...

7.6CVSS6.8AI score0.00272EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.54 views

CVE-2017-9682

CVE-2017-9682 affects the Qualcomm KGSL GPU driver in Android CAF builds on Linux kernel. Description: a race condition between two KGSL driver functions can cause a Use After Free. Exploitation details are not provided in the connected documents. Mitigation: Android security bulletin patches (Au...

4.7CVSS5.2AI score0.00277EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.54 views

CVE-2023-21296

CVE-2023-21296 corresponds to an information-disclosure flaw in Android’s permission side-channel that can reveal whether an app is installed, enabling local escalation of privilege with no extra execution privileges required. Exploitation requires user interaction. Android 14 patch release notes...

5.5CVSS6.2AI score0.00096EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21302

CVE-2023-21302 affects Android’s Package Manager. The issue is a side-channel information disclosure that lets an attacker determine whether an app is installed without query permissions, leading to local information disclosure without any execution privileges. Exploitation details are not provid...

5.5CVSS5.6AI score0.00092EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21328

Technical details about CVE-2023-21328 (affected product/version, root cause, or fixes) are not publicly provided in the connected documents. Monitor for updates and future disclosures.

7.8CVSS7.8AI score0.0009EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.54 views

CVE-2023-21348

The CVE-2023-21348 entry concerns Android Window Manager side-channel leakage that allows an app to be detected as installed without query permissions, causing local information disclosure. Connected sources corroborate the issue as an information-disclosure vulnerability (Framework category) wit...

3.3CVSS4.4AI score0.00082EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.54 views

CVE-2023-21381

CVE-2023-21381 is an Android vulnerability reported across multiple sources, with concrete details indicating a local use-after-free in the Media Resource Manager that enables possible local arbitrary code execution and local escalation of privilege without user interaction. The Android 14 releas...

7.8CVSS8.1AI score0.00093EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.54 views

CVE-2023-45780

CVE-2023-45780 affects the Android Print Service. The issue stems from a logic error enabling a background activity launch, potentially causing local privilege escalation with no extra execution privileges required beyond user interaction. Documented impact covers confidentiality, integrity, and ...

7.3CVSS7.3AI score0.00119EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2014-9976

Summary (MODE C): CVE-2014-9976 describes a buffer overflow in the 1x call processing path of Qualcomm components used in Android CAF builds that rely on the Linux kernel. The vulnerability is documented with a high/critical impact in CVSS metrics (network attack vector, low complexity, no privil...

10CVSS9AI score0.01056EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.53 views

CVE-2015-8998

CVE-2015-8998 describes an integer overflow in TrustZone that could potentially affect Android devices using the CAF Linux kernel. Connected sources reiterate TrustZone/CAF exposure and label it as an integer overflow inTrustZone components; no further technical specifics (affected versions, expl...

9.3CVSS7.6AI score0.00606EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2015-9020

Technical details about CVE-2015-9020 are not publicly available in the provided documents. Monitor for updates as new information becomes available.

9.3CVSS7.5AI score0.00585EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2015-9033

CVE-2015-9033 is an Android CAF/Linux kernel issue where a QTEE system call fails to validate a pointer. Reported as a local vulnerability with high impact (confidentiality, integrity, availability) and requiring user interaction. Public references describe the root cause as pointer validation fa...

9.3CVSS7.4AI score0.00585EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.53 views

CVE-2015-9051

CVE-2015-9051 affects Qualcomm components in Android CAF builds using the Linux kernel (LTE stack). Root cause: an assertion can be reached due to an improper bound on a length in a System Information message. Severity in the provided metrics is critical (CVSSv3 base 9.8). The connected documents...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2016-10341

Technical details about CVE-2016-10341 are not provided in the connected documents. The initial description notes elevated privileges for third-party TEEs on CAF Android/Linux kernel, but no vendor, component, version, impact, or remediation details are disclosed here. Monitor for updates.

9.3CVSS7.5AI score0.00578EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.53 views

CVE-2016-5863

Technical details about CVE-2016-5863 are not provided in the supplied documents. Public references exist (NVD, Ubuntu, SUSE, Tenable, ENISA) but no vendor/product/version/patch info is included here. Monitor for updates.

9.3CVSS7.3AI score0.0055EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.53 views

CVE-2017-7364

CVE-2017-7364 affects Qualcomm devices using CAF Android with the Linux kernel. The issue resides in __mdss_fb_copy_destscaler_data(), where ds_data[i].scale may point to a user-provided address, which can be freed on an error, causing a use-after-free condition. CVSS3 vector indicates a network-...

10CVSS8.4AI score0.00829EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2017-7372

CVE-2017-7372 affects Android devices using CAF Linux kernel video drivers. The issue is a race condition in a video driver that could lead to a buffer overflow or write to an arbitrary pointer location, as described in the NVD entry. No specific affected devices, versions, exploit details, or re...

7.6CVSS7.2AI score0.00294EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2017-8234

CVE-2017-8234 affects Android devices using CAF with the Linux kernel, where an out-of-bounds access in a camera driver function can potentially occur. Connected sources identify the issue within camera-related components, notably Qualcomm camera driver entries in the 2017 Android security bullet...

9.3CVSS7.5AI score0.00363EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.53 views

CVE-2017-8242

CVE-2017-8242 affects Android CAF releases that use the Linux kernel and involve the Secure Execution Environment (QTEE) driver. The issue is a race condition in the QTEE driver that can lead to an arbitrary memory write. The provided connected sources confirm the vulnerability description but do...

5.9CVSS5.7AI score0.00321EPSS
CVE
CVE
added 2017/08/18 7:0 p.m.53 views

CVE-2017-9684

CVE-2017-9684 concerns a race condition in the Qualcomm USB driver used by Android CAF Linux kernels, leading to a Use-After-Free condition. The vulnerability is localized and requires user interaction to exploit, with potential high impact on confidentiality, integrity, and availability if succe...

7.6CVSS6.7AI score0.00348EPSS
Total number of security vulnerabilities334