Lucene search

K

930 matches found

CVE
CVE
added 2017/08/18 6:29 p.m.45 views

CVE-2016-10388

In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.

10CVSS7.8AI score0.00152EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.45 views

CVE-2016-6733

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which m...

9.3CVSS7AI score0.0011EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.45 views

CVE-2016-6735

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which m...

9.3CVSS7.4AI score0.00116EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.45 views

CVE-2016-8462

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383.

5.5CVSS5.2AI score0.00054EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2016-8480

An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Pr...

7.6CVSS6.7AI score0.00138EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2016-8481

An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2017-0442

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2017-0447

An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3....

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2017-0450

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Androi...

9.3CVSS7AI score0.00136EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.45 views

CVE-2017-0795

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-36198473. References: M-ALPS03361480.

9.3CVSS8AI score0.00035EPSS
CVE
CVE
added 2017/06/29 3:29 p.m.45 views

CVE-2017-3748

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

7.8CVSS6.3AI score0.00041EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.45 views

CVE-2017-8235

In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.

5.5CVSS5.8AI score0.00062EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.45 views

CVE-2017-8236

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.

9.3CVSS7.7AI score0.00048EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.45 views

CVE-2017-8240

In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.

9.3CVSS7.3AI score0.00075EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.45 views

CVE-2017-8266

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

7CVSS6.7AI score0.00048EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.45 views

CVE-2017-8270

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.

7CVSS6.7AI score0.00048EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.45 views

CVE-2023-21296

In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS6.2AI score0.00014EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.45 views

CVE-2023-21315

In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.8AI score0.00051EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.45 views

CVE-2023-21334

In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.8AI score0.00049EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.45 views

CVE-2023-21379

In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.

4.4CVSS4.4AI score0.00014EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.45 views

CVE-2023-21396

In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00041EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.45 views

CVE-2023-21397

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.0003EPSS
CVE
CVE
added 2024/11/11 9:15 p.m.45 views

CVE-2024-46962

The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.

9.1CVSS7.8AI score0.00081EPSS
CVE
CVE
added 2014/04/29 8:55 p.m.44 views

CVE-2013-7373

Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications.

7.5CVSS6.7AI score0.00228EPSS
CVE
CVE
added 2017/10/18 2:29 p.m.44 views

CVE-2014-3164

cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.

7.5CVSS7.1AI score0.00312EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.44 views

CVE-2014-9882

Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.

7.8CVSS7.6AI score0.00091EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.44 views

CVE-2014-9885

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm inte...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.44 views

CVE-2014-9972

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.

10CVSS8.7AI score0.00216EPSS
CVE
CVE
added 2017/09/28 1:29 a.m.44 views

CVE-2015-1537

Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.

9.3CVSS7.8AI score0.00644EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.44 views

CVE-2015-3823

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

10CVSS7.8AI score0.01036EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.44 views

CVE-2015-3845

The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka...

6.8CVSS6.5AI score0.00107EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.44 views

CVE-2015-3858

The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, ...

9.3CVSS6.5AI score0.00157EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.44 views

CVE-2015-3873

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, ...

10CVSS7.8AI score0.01467EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.44 views

CVE-2015-3874

The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323.

10CVSS7.9AI score0.01467EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.44 views

CVE-2015-6619

The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714.

9.3CVSS6.6AI score0.00147EPSS
CVE
CVE
added 2015/11/03 11:59 a.m.44 views

CVE-2015-8074

mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.

5CVSS6.6AI score0.00117EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.44 views

CVE-2015-8506

mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507...

9.3CVSS7.5AI score0.01816EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.44 views

CVE-2015-9051

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.

10CVSS7.7AI score0.00152EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.44 views

CVE-2016-10391

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.

10CVSS8AI score0.00152EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.44 views

CVE-2016-2454

The Qualcomm hardware video codec in Android before 2016-05-01 on Nexus 5 devices allows remote attackers to cause a denial of service (reboot) via a crafted file, aka internal bug 26221024.

7.1CVSS5.7AI score0.00133EPSS
CVE
CVE
added 2016/08/05 8:59 p.m.44 views

CVE-2016-3852

The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.

5.5CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.44 views

CVE-2016-8419

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.44 views

CVE-2017-0438

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.44 views

CVE-2017-0506

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical du...

9.3CVSS7.3AI score0.00064EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.44 views

CVE-2017-0532

An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Androi...

4.7CVSS4.3AI score0.00125EPSS
CVE
CVE
added 2017/09/21 3:29 p.m.44 views

CVE-2017-10999

In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.

7.8CVSS8AI score0.00083EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.44 views

CVE-2017-8242

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.

5.9CVSS5.7AI score0.00085EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.44 views

CVE-2017-8261

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.

7.8CVSS6.4AI score0.00053EPSS
CVE
CVE
added 2017/08/18 7:29 p.m.44 views

CVE-2017-9682

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.

4.7CVSS5.2AI score0.00057EPSS
CVE
CVE
added 2022/12/08 4:15 p.m.44 views

CVE-2022-39912

Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.

6.2CVSS3.9AI score0.00019EPSS
Total number of security vulnerabilities930