Lucene search
K

334 matches found

CVE
CVE
added 2023/10/30 4:56 p.m.53 views

CVE-2023-21321

CVE-2023-21321 affects Android's Package Manager, enabling cross-user information disclosure due to a missing permission check. The vulnerability allows local information disclosure with no privileges and no user interaction required. The connected sources list this CVE as part of Android 14 secu...

5.5CVSS5.7AI score0.00083EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.53 views

CVE-2023-21379

CVE-2023-21379 (Android Bluetooth information disclosure) is described as a Bluetooth vulnerability with an out-of-bounds read caused by a missing bounds check, enabling local information disclosure. The issue affects Bluetooth handling on Android, requiring System privileges for exploitation, wi...

4.4CVSS4.4AI score0.00088EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.52 views

CVE-2014-9969

CVE-2014-9969 concerns Qualcomm GPS client cryptography on Android CAF builds using the Linux kernel, where the GPS client may use an insecure cryptographic algorithm. Connected documents corroborate this description (Android/Qualcomm stack). The provided sources do not include concrete patch ver...

10CVSS8.8AI score0.00415EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.52 views

CVE-2015-1529

The CVE-2015-1529 entry corresponds to an integer overflow in Android’s soundtrigger subsystem, specifically in soundtrigger/ISoundTriggerHwService.cpp. This vulnerability allows a denial of service through unspecified vectors by triggering an overflow in processing within the SoundTrigger hardwa...

7.5CVSS7.3AI score0.00858EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.52 views

CVE-2015-8596

CVE-2015-8596 concerns a buffer length validation flaw in Qualcomm closed‑source malware protection components used in Android CAF builds running the Linux kernel. The root cause is missing validation of buffer lengths, described across multiple sources as a buffer overflow/length-check omission....

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.52 views

CVE-2016-10344

CVE-2016-10344 affects Qualcomm components in Android CAF builds using the Linux kernel, where an out-of-range pointer offset in LTE could be exploited. The entry lists a high-severity impact (CVSS v3 base score 9.8, CRITICAL) with attack vector Network and no user interaction, but the provided d...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.52 views

CVE-2016-5854

CVE-2016-5854 involves a kernel information disclosure in Qualcomm SPCom driver components across Android for MSM, Firefox OS for MSM, and QRD Android. The underlying issue is that kernel heap memory can be exposed to userspace, enabling local information disclosure. Public documents list the aff...

4.7CVSS5.2AI score0.00457EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.52 views

CVE-2016-5864

CVE-2016-5864 affects Qualcomm sound driver components used in Android for MSM, Firefox OS for MSM, and QRD Android. The issue stems from user-supplied parameters that can trigger integer overflow, potentially followed by a buffer overflow, and a separate lower-bound check omission that may cause...

9.3CVSS7.9AI score0.00639EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.52 views

CVE-2017-0843

CVE-2017-0843 is a local elevation-of-privilege vulnerability in MediaTek’s CCCI component within the Android kernel. The NVD entry characterizes it as EoP with high impact (confidentiality, integrity, and availability all affected) and local attack vector with no user interaction. The vulnerabil...

7.8CVSS7.4AI score0.00156EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.52 views

CVE-2017-7371

CVE-2017-7371 affects Android CAF devices using the Linux kernel with SLIMbus when Bluetooth is active. Root cause: a data pointer may be used after being freed when SLIMbus is turned off via Bluetooth, leading to memory corruption and potential local impact. Affected component: Qualcomm/Bluetoot...

9.3CVSS7.4AI score0.00363EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.52 views

CVE-2017-8241

Technical details about CVE-2017-8241 are not publicly provided in the connected documents. The materials here only reiterate a buffer overflow in a WLAN function due to an incorrect message length. Monitor for official updates and patches.

9.3CVSS7.7AI score0.00415EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.52 views

CVE-2023-21295

CVE-2023-21295 affects Google Android’s SliceManagerService. The root cause is a missing null check in the content provider check, enabling local information disclosure without additional privileges and with no user interaction required. Connected sources (e.g., Red Hat, CNVD, NVD, CNNVD, and And...

5.5CVSS5.2AI score0.00105EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.52 views

CVE-2023-21310

CVE-2023-21310 affects Android Bluetooth, described as an out-of-bounds write caused by a heap buffer overflow in the Bluetooth component. The vulnerability allows local elevation of privilege with System execution privileges and does not require user interaction. The provided documents confirm t...

6.7CVSS7AI score0.00096EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.52 views

CVE-2023-21378

CVE-2023-21378 : In Telecomm, a missing permission check enables silencing the ring for calls of secondary users, causing a local elevation of privilege with no additional execution privileges needed. Exploitation does not require user interaction. CVSSv3.1 base score is 7.8 (High), with local at...

7.8CVSS7.8AI score0.00087EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.52 views

CVE-2023-21388

CVE-2023-21388 affects Google Android, specifically the Settings component, where a missing permission check can enable a local escalation of privilege without extra execution privileges or user interaction. The vulnerability is categorized as EoP with a high impact on confidentiality, integrity,...

7.8CVSS7.8AI score0.001EPSS
CVE
CVE
added 2020/01/23 2:32 p.m.51 views

CVE-2013-6792

Google Android prior to 4.4 contains an APK Signature Security Bypass vulnerability. The issue is cited across multiple sources (NVD entry CVE-2013-6792, Red Hat advisory, CVE listings) and is associated with a signature bypass in APK handling. The CIRCL feed notes an exploit entry, indicating ex...

9.8CVSS9AI score0.02991EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.51 views

CVE-2014-9411

CVE-2014-9411 concerns a Qualcomm/CAF Android stack issue: in CAF Android releases using the Linux kernel, an out-of-range pointer offset in rollback protection could be triggered. The vulnerability affects Qualcomm components within Android devices and is described as an out-of-range pointer off...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.51 views

CVE-2014-9935

CVE-2014-9935 describes an integer overflow in TrustZone that could lead to a buffer overflow in a DRM routine across CAF Android releases using the Linux kernel. The root cause is an overflow in TrustZone handling within DRM code, enabling potential memory corruption in affected devices. Public ...

9.3CVSS7.6AI score0.00656EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.51 views

CVE-2015-8996

CVE-2015-8996 describes a time-of-check time-of-use race condition in a TrustZone QFPROM routine affecting Android builds from CAF using the Linux kernel. The issue centers on the TrustZone protected QFPROM path; the root cause is a TOCTOU race in the QFPROM routine, potentially enabling incorrec...

7.6CVSS6.7AI score0.00443EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.51 views

CVE-2015-9063

CVE-2015-9063 : Technical details are not publicly provided in the supplied documents. Monitor for updates from official advisories; there are currently no concrete details on affected products, impact, or remediation in this source set.

10CVSS9AI score0.01056EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.51 views

CVE-2016-10387

CVE-2016-10387 concerns Qualcomm CAF Android devices using the Linux kernel, where an assertion could be reachable during a handover. The CVSS3/3.0 score is 9.8 (CRITICAL) with high impact to confidentiality, integrity, and availability, indicating severe risk if exploitable. The provided Connect...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.51 views

CVE-2016-5867

CVE-2016-5867 affects the Qualcomm sound driver in Android MSM (kernel sound subsystem). The root cause is that some variables originate from userspace and can be chosen to trigger a stack overflow, potentially enabling local impact. The initial description notes a stack overflow risk; CVSS3/2 me...

7.6CVSS6.9AI score0.00587EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.51 views

CVE-2017-0862

CVE-2017-0862 is an elevation of privilege in the Android upstream kernel (Kernel component). The connected records consistently describe it as a Kernel EoP issue affecting the Android kernel; no specific vulnerable version ranges or fixed versions are provided in the supplied documents. The mate...

7.8CVSS7.2AI score0.00165EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.51 views

CVE-2017-6421

CVE-2017-6421 describes an elevation-of-privilege vulnerability in the Qualcomm MStar touchscreen driver affecting Qualcomm-based Android devices. The issue arises in the touch controller function where a variable is user-controlled, enabling a buffer overflow. Public details indicate the vulnera...

8.8CVSS8.5AI score0.00513EPSS
CVE
CVE
added 2023/10/30 4:18 p.m.51 views

CVE-2023-21293

CVE-2023-21293 affects Android’s PackageManagerNative, enabling a side‑channel check to determine if an app is installed without query permissions. Impact: potential information disclosure leading to local elevation of privilege, with no extra execution privileges and no user interaction required...

5.5CVSS6.2AI score0.00103EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.51 views

CVE-2023-21297

CVE-2023-21297 affects SEPolicy in Android, enabling a permissions bypass to access the factory MAC address. This can cause local information disclosure with System execution privileges required and does not require user interaction. The connected Red Hat, CNVD, and other sources reiterate the sa...

4.4CVSS5AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.51 views

CVE-2023-21329

CVE-2023-21329 describes an information disclosure in Android's Activity Manager caused by a missing permission check, enabling local access to whether an app is installed without user interaction. The Android 14 security release notes list this CVE under Framework with a Moderate severity and in...

5.5CVSS5.7AI score0.00099EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.51 views

CVE-2023-21333

CVE-2023-21333 describes an information-disclosure flaw in Android’s Text Services where an attacker can determine if an app is installed via side-channel information disclosure. This can lead to local information leakage with no additional privileges and without user interaction. Connected docum...

5.5CVSS5.6AI score0.00103EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.50 views

CVE-2014-9937

CVE-2014-9937: Concrete detail from connected sources shows a buffer overflow in TrustZone’s DRM routine in Android, applicable across CAF Linux kernel builds. The vulnerability could allow an attacker to execute arbitrary code or cause a denial of service within TrustZone DRM, via a vulnerabilit...

9.3CVSS7.7AI score0.00625EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2014-9967

CVE-2014-9967 describes an untrusted pointer dereference in the WideVine DRM component used by Android CAF builds that run on the Linux kernel. The vulnerability is located in WideVine DRM (a media/content protection feature) and is triggered by dereferencing an untrusted pointer, leading to pote...

9.3CVSS7.4AI score0.00585EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.50 views

CVE-2014-9971

CVE-2014-9971 affects Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability arises when asserts are disabled, causing an instruction inside an assert to be skipped and enabling incorrect control flow. NVD lists a CVSSv3 base score of 9.8 (CRITICAL) with NETWORK attac...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.50 views

CVE-2014-9975

CVE-2014-9975 describes a rollback vulnerability in the Full Disk Encryption (FDE) component affecting Qualcomm closed‑source code used in Android CAF/Linux kernel builds. The issue is documented across multiple sources (NVD/CVE pages) as related to Qualcomm FDE, with a high‑severity impact profi...

10CVSS7.8AI score0.00436EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.50 views

CVE-2015-9000

Technical details about CVE-2015-9000 are not publicly available in the provided Connected documents; the description only states a TrustZone untrusted pointer dereference in a DRM routine across CAF Android kernel releases.

9.3CVSS7.4AI score0.00578EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.50 views

CVE-2015-9001

Technical details, affected components, and remediation for CVE-2015-9001 are not publicly provided in the connected documents. Monitor updates from NVD/Android sources.

5.5CVSS5.5AI score0.00505EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2015-9026

CVE-2015-9026 affects WideVine DRM in Android CAF when running the Linux kernel. The connected documents describe an untrusted pointer dereference vulnerability in WideVine DRM (Android/CAF) with high impact potential. The Android Security Bulletin for 2017-06-01/06-05 indicates patches exist in ...

9.3CVSS7.4AI score0.00597EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2015-9032

CVE-2015-9032: In CAF Android releases using the Linux kernel, a DRM key was exposed to QTEE applications, enabling information disclosure of DRM secrets. The description does not provide remediation details or explicit root-cause fixes in the supplied documents.

4.3CVSS4.8AI score0.00431EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.50 views

CVE-2015-9071

CVE-2015-9071 describes a buffer over-read in a TrustZone syscall present in all Qualcomm products with Android CAF builds using the Linux kernel. The vulnerability affects Qualcomm components integrated in Android and is triggered via a TrustZone interface, enabling a high-impact condition consi...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.50 views

CVE-2015-9073

CVE-2015-9073 : Concrete details available across sources show a vulnerability in Qualcomm components within Android CAF builds using the Linux kernel, where an untrusted pointer could be dereferenced in a TrustZone syscall. The issue affects Qualcomm’s closed-source/TrustZone pathway inside Andr...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2016-10332

CVE-2016-10332 : Affects Android builds from CAF using the Linux kernel where stack protection was not enabled for secure applications. The available description specifies the missing stack-protection bit but provides no details on affected products/versions beyond “Android releases from CAF usin...

5.5CVSS5.9AI score0.00485EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2016-10335

CVE-2016-10335 involves Android CAF builds; connected documents indicate that the Linux kernel usage within CAF Android releases involves an update to libtomcrypt. The available sources do not provide explicit vulnerability details, affected vendor/product version ranges, root cause analysis, exp...

5.5CVSS5.6AI score0.00467EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2016-10338

Technical details about CVE-2016-10338 are not publicly provided in the connected documents. The available descriptions simply note an RPMB processing issue in CAF Android kernels. Monitor for updates; no specifics on impact, affected versions, or fixes are provided.

9.3CVSS7.3AI score0.00578EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.50 views

CVE-2016-10386

CVE-2016-10386 describes an array index out of bounds vulnerability in LPP within Qualcomm CAF Android/Linux kernel components. Public docs confirm the issue affects Qualcomm-labeled CAF Linux kernel code and characterize it as an out-of-bounds condition in LPP, with high-severity impact (per CVS...

10CVSS8.8AI score0.00964EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.50 views

CVE-2016-5859

CVE-2016-5859 involves a vulnerability in the Qualcomm sound driver across Android for MSM, Firefox OS for MSM, and QRD Android. The issue arises when a function is called with a very large length, triggering an integer overflow that is followed by a buffer overflow. The description identifies me...

7.6CVSS7.2AI score0.00616EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2017-7366

CVE-2017-7366 affects Android devices using CAF Linux kernel with KGSL kernel graphics guest library: a KGSL ioctl fails to validate all parameters, enabling an elevation of privilege within the GPU driver. The vulnerability is listed under Qualcomm components in the 2017-06-05 Android bulletin; ...

5.5CVSS5.9AI score0.00281EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.50 views

CVE-2017-8239

CVE-2017-8239 is an information-disclosure issue in the Camera driver on Android devices (Qualcomm components) listed under the 2017 Pixel/Nexus bulletin. The vulnerability is categorized as ID with moderate severity in the camera driver, with no exploitation details provided in the available doc...

5.5CVSS6AI score0.0038EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.50 views

CVE-2023-21325

Technical details about CVE-2023-21325 are not publicly available in the provided connected documents. No concrete information on affected products, versions, or fixes is present. Monitor for updates.

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.50 views

CVE-2023-21337

CVE-2023-21337 affects the Android InputMethod component and describes an information-disclosure side channel that can reveal whether an app is installed. This leads to local elevation of privilege with no extra execution privileges and no required user interaction, per the description in the NVD...

7.8CVSS7.5AI score0.00116EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.50 views

CVE-2023-21346

CVE-2023-21346 is listed in Android 14 security release notes under Framework with Type ID and Moderate severity. The initial description indicates a local information-disclosure via Device Idle Controller side-channel (no user interaction required). Connected notes confirm framework-level classi...

3.3CVSS3.5AI score0.00083EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.49 views

CVE-2014-9960

CVE-2014-9960 is a documented buffer‑overflow vulnerability in the PlayReady API present in Android releases from CAF using the Linux kernel. The issue affects the PlayReady API component (buffer overflow in PlayReady) and is supported by multiple entries (NVD, CNVD, CVELIST, PRION, etc.). The CV...

9.3CVSS7.6AI score0.00632EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.49 views

CVE-2014-9973

CVE-2014-9973 describes a buffer-length validation flaw in the PlayReady DRM routine within Qualcomm closed‑source components used in Qualcomm/CAF Android builds on the Linux kernel. The underlying issue is missing validation of buffer length in the DRM pathway, which could enable a remote attack...

10CVSS7.9AI score0.00836EPSS
Total number of security vulnerabilities334