Lucene search

K

930 matches found

CVE
CVE
added 2017/02/08 3:59 p.m.51 views

CVE-2017-0446

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3....

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.51 views

CVE-2017-0448

An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: ...

5.5CVSS5.2AI score0.00166EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.51 views

CVE-2017-0798

A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532.

9.3CVSS8AI score0.00088EPSS
CVE
CVE
added 2024/11/28 12:15 a.m.51 views

CVE-2018-9374

In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS9AI score0.00007EPSS
CVE
CVE
added 2022/12/08 4:15 p.m.51 views

CVE-2022-39914

Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.

4CVSS3.9AI score0.00024EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.51 views

CVE-2023-21385

In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.0004EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.51 views

CVE-2023-21393

In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.0003EPSS
CVE
CVE
added 2024/11/11 9:15 p.m.51 views

CVE-2024-46966

The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.

8.1CVSS7.8AI score0.00061EPSS
CVE
CVE
added 2017/08/07 5:29 p.m.50 views

CVE-2015-3839

The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).

5.5CVSS5.2AI score0.0055EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.50 views

CVE-2015-3867

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.

10CVSS7.8AI score0.01467EPSS
CVE
CVE
added 2015/09/22 10:59 a.m.50 views

CVE-2015-5573

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "...

10CVSS7.5AI score0.03821EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.50 views

CVE-2015-6575

SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a di...

10CVSS9AI score0.85627EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.50 views

CVE-2015-6604

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786.

10CVSS7.8AI score0.01331EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.50 views

CVE-2017-0440

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2024/12/05 12:15 a.m.50 views

CVE-2018-9397

In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOBwrite due to a missing bounds check. This could lead to local escalation ofprivilege with System execution privileges needed. User interaction is notneeded for exploitation.

7.8CVSS6.7AI score0.00018EPSS
CVE
CVE
added 2024/12/05 12:15 a.m.50 views

CVE-2018-9398

In fm_set_stat of mediatek FM radio driver, there is a possible OOB writedue to improper input validation. This could lead to local escalation ofprivilege with System execution privileges needed. User interaction is notneeded for exploitation.

7.8CVSS6.7AI score0.00018EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.50 views

CVE-2023-21319

In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.50 views

CVE-2023-21362

In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.0002EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.50 views

CVE-2023-21375

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.9AI score0.00016EPSS
CVE
CVE
added 2011/06/09 10:36 a.m.49 views

CVE-2010-4804

The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.

4.3CVSS6.7AI score0.64162EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.49 views

CVE-2015-1539

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.

10CVSS7.6AI score0.1862EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.49 views

CVE-2015-3842

Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.

9.3CVSS7.7AI score0.00465EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.49 views

CVE-2015-6634

The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.

9.3CVSS7.8AI score0.00933EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.49 views

CVE-2016-2489

The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.

9.3CVSS8AI score0.00043EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.49 views

CVE-2017-0430

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

9.3CVSS7.2AI score0.00135EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.49 views

CVE-2017-0794

A elevation of privilege vulnerability in the Upstream kernel scsi driver. Product: Android. Versions: Android kernel. Android ID: A-35644812.

7.8CVSS7.3AI score0.00015EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.49 views

CVE-2017-0863

An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.

7.8CVSS7.2AI score0.00016EPSS
CVE
CVE
added 2024/11/27 8:15 p.m.49 views

CVE-2017-13319

In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.8AI score0.00113EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.49 views

CVE-2017-8255

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.

9.3CVSS7.4AI score0.00088EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.49 views

CVE-2021-39810

In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00016EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.49 views

CVE-2023-21326

In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp...

5.5CVSS5.6AI score0.00026EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.49 views

CVE-2023-21384

In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.3AI score0.00004EPSS
CVE
CVE
added 2020/02/12 8:15 p.m.48 views

CVE-2011-2343

The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.

2.4CVSS3.7AI score0.00019EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.48 views

CVE-2015-1528

Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.

9.3CVSS6.9AI score0.17098EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.48 views

CVE-2015-1541

The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRAN...

4.3CVSS6.5AI score0.00059EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.48 views

CVE-2015-6620

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.

9.3CVSS7AI score0.12567EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.48 views

CVE-2016-6749

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

5.5CVSS5.1AI score0.00072EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.48 views

CVE-2017-0449

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platfor...

7.6CVSS6.7AI score0.00137EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.48 views

CVE-2017-0465

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3...

7.6CVSS6.6AI score0.00052EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.48 views

CVE-2017-0509

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

9.3CVSS7.2AI score0.0006EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.48 views

CVE-2017-0749

A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-36007735.

7.8CVSS7.4AI score0.00144EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.48 views

CVE-2017-0803

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36136137. References: M-ALPS03361477.

7.8CVSS8AI score0.00083EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.48 views

CVE-2017-0804

A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.

7.8CVSS8AI score0.00083EPSS
CVE
CVE
added 2017/09/21 3:29 p.m.48 views

CVE-2017-11001

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.

5.5CVSS6.1AI score0.00096EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.48 views

CVE-2017-8260

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.

7.8CVSS7.3AI score0.00233EPSS
CVE
CVE
added 2024/12/04 6:15 p.m.48 views

CVE-2018-9392

In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi...

7.8CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2024/12/05 12:15 a.m.48 views

CVE-2018-9399

In /proc/driver/wmt_dbg driver, there are several possible out of boundswrites. These could lead to local escalation of privilege with Systemexecution privileges needed. User interaction is not needed forexploitation.

7.8CVSS6.8AI score0.00018EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.48 views

CVE-2022-20264

In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploita...

5.5CVSS5.6AI score0.00017EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.48 views

CVE-2023-21364

In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.5AI score0.00027EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.48 views

CVE-2023-21376

In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.7AI score0.0002EPSS
Total number of security vulnerabilities930