Lucene search
K

334 matches found

CVE
CVE
added 2023/10/30 4:56 p.m.47 views

CVE-2023-21298

CVE-2023-21298 is a disclosed vulnerability affecting Slice, described as a side-channel information disclosure that can lead to local privilege escalation without extra execution privileges or user interaction. Connected sources corroborate an installed-apps disclosure with local elevation of pr...

7.8CVSS7.4AI score0.00092EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.47 views

CVE-2023-21370

CVE-2023-21370 is an elevation-of-privilege flaw in the Android Security Element API. The root cause is an integer overflow that enables an out-of-bounds write, leading to local privilege escalation with System privileges. Exploitation requires no user interaction. The affected component is the S...

6.7CVSS6.9AI score0.00092EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.46 views

CVE-2015-9030

CVE-2015-9030 describes an authentication bypass in Android CAF builds that use the Linux kernel, via misused Hypervisor API. Affected: Android devices with CAF/Linux Kerenel stack; vulnerable component: Hypervisor API. Root cause: improper handling of Hypervisor API calls enabling bypass of auth...

9.3CVSS7.5AI score0.00771EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2015-9037

Summary: CVE-2015-9037 refers to a buffer over-read/overflow in Qualcomm closed-source components used in Qualcomm-based Android devices with CAF/Linux kernel, specifically in the downlink 3G NAS message processing. The vulnerability could allow a remote attacker to execute arbitrary code or caus...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2015-9053

CVE-2015-9053 describes a buffer overflow in Qualcomm-provided components used in Android CAF builds on devices with the Linux kernel, specifically in the processing of USIM responses. The vulnerability is located in Qualcomm closed-source components integrated in Android, and the issue could all...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2015-9070

CVE-2015-9070 describes a buffer over-read vulnerability in the TrustZone syscall of Qualcomm closed-source components used in Android builds (CAF Linux kernel). The issue affects Qualcomm components within Android devices that rely on CAF Linux kernels and TrustZone. The root cause is a buffer o...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.46 views

CVE-2016-10333

CVE-2016-10333 affects Android builds from CAF using the Linux kernel. The available details state that a sensitive system call was allowed to be called by HLOS, indicating a potential misuse of privileged interfaces. The documents do not provide explicit impact, affected versions, or remediation...

5.5CVSS5.5AI score0.00467EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2017-8263

CVE-2017-8263 affects Qualcomm components in Android CAF builds that use the Linux kernel. The issue is a kernel fault triggered by certain operations on a read-only user-space virtual address, with a high impact (local, high confidentiality/integrity/availability implications). Exploitation deta...

9.3CVSS7.1AI score0.0046EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.46 views

CVE-2017-8268

CVE-2017-8268 affects Qualcomm components in Android CAF builds using the Linux kernel. The camera application can request frame/command buffer operations with invalid values, causing the camera driver to perform a heap buffer over-read. Documented impact is high (CVSSv3: 7.8; CVSSv2: 9.3). The v...

9.3CVSS7.4AI score0.0046EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.46 views

CVE-2023-21372

CVE-2023-21372 concerns a vulnerability in libdexfile where a missing bounds check allows an out-of-bounds read, enabling local elevation of privilege without user interaction. The issue affects Android’s libdexfile component and is classified as a local EoP (MITRE ambiguous, but Android bulletin...

7.8CVSS7.7AI score0.00093EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.46 views

CVE-2023-21383

Technical details (affected product/version/root cause/fix) for CVE-2023-21383 are not publicly available in the provided connected documents. Monitor for updates.

5.5CVSS5.2AI score0.00094EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2015-8592

CVE-2015-8592 describes a vulnerability in Qualcomm closed‑source components used in Android CAF Linux builds where a reverse‑referenced pointer is not validated before dereference, potentially causing Guest‑OS memory corruption. Affected: Qualcomm components integrated into Android CAF/Linux ker...

10CVSS7.7AI score0.00807EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.45 views

CVE-2015-9023

The CVE-2015-9023 entry describes a buffer overflow in the PlayReady API, present in all Android releases from CAF using the Linux kernel. The vulnerability can enable a remote attacker to execute arbitrary code or cause a denial of service by exploiting the PlayReady API in affected Android comp...

9.3CVSS7.7AI score0.00632EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2015-9044

In CVE-2015-9044, Qualcomm products with CAF Android releases using the Linux kernel have a vulnerability in LTE where an assertion can be reached due to an improper bound on the size of a frequency list. The NVD metrics indicate a CRITICAL impact (Network, No privileges, No user interaction) wit...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2015-9048

CVE-2015-9048 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel, where the vulnerability is in the processing of lost RTP packets due to input validation issues. The CNVD entry describes an unauthorized operation possibility as the impact. The provided documen...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2015-9068

CVE-2015-9068 affects Qualcomm products with Android CAF builds using the Linux kernel. The root cause is improper validation of an argument to a mink syscall, as described in the CVE description. The entry is mapped to a highly critical impact profile (network attack vector, no user interaction,...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2015-9072

CVE-2015-9072 is described as an untrusted pointer dereference in a Qualcomm TrustZone syscall affecting Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is rated with high/critical impact in CVSS terms (network access, no auth, user interaction not required; co...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2016-10380

CVE-2016-10380 affects Qualcomm components in Android CAF builds and relates to an information disclosure where the UE can send unprotected MeasurementReports that reveal UE location. Affected environment is Qualcomm-based Android devices using CAF with the Linux kernel. The underlying issue is i...

10CVSS8.8AI score0.00976EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2016-5871

CVE-2016-5871 is a buffer overflow due to an integer overflow in Qualcomm CAF Android builds using the Linux kernel when loading an image file. The NVD entry assigns a CVSSv3 base score of 9.8 (CRITICAL, Network attack, no user interaction) with impact to confidentiality, integrity, and availabil...

10CVSS8AI score0.00949EPSS
CVE
CVE
added 2017/11/16 11:0 p.m.45 views

CVE-2017-0864

CVE-2017-0864 is an elevation-of-privilege vulnerability in MediaTek ioctl (flashlight) exposed on Android kernels. Connected sources confirm the issue affects MediaTek ioctl flashlight within the Android kernel, enabling an attacker to gain elevated privileges. The CNVD entry explicitly describe...

7.8CVSS7.3AI score0.00138EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.45 views

CVE-2017-7365

CVE-2017-7365 is a Qualcomm bootloader elevation-of-privilege issue disclosed in the Android 2017-06-05 bulletin. It is listed as EoP (High) for the Bootloader component; exploitation would yield higher privileges within the kernel/boot context. Patches are provided via Qualcomm AMSS bulletins an...

9.3CVSS7.6AI score0.00363EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.45 views

CVE-2017-8243

CVE-2017-8243 is documented with concrete details in connected sources: it affects Qualcomm components, specifically the SoC driver, categorized as Elevation of Privilege (EoP) with a Moderate impact. The root cause is a buffer overflow that can occur when processing a firmware image file. Public...

9.3CVSS7.6AI score0.00473EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.45 views

CVE-2017-8256

CVE-2017-8256 affects Qualcomm components in Android CAF builds using the Linux kernel. The vulnerability is an array bounds issue that can occur when userspace sends more than 16 multicast addresses, potentially enabling memory corruption within the kernel. The NVD entry lists CVSS2/3 base score...

7.8CVSS7.3AI score0.00356EPSS
CVE
CVE
added 2020/03/24 7:17 p.m.45 views

CVE-2019-20606

CVE-2019-20606 affects Samsung mobile devices with software prior to May 2019. A phishing attack against the OMACP service can change network and internet settings (Samsung ID SVE-2019-14073). The NVD entries show CVSSv3.1 base score 9.3 (NETWORK, UI REQUIRED, I:H, A:H) and CVSSv2.0 base 5.8 (I:P...

9.3CVSS9.2AI score0.0034EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.45 views

CVE-2023-21339

CVE-2023-21339: Affects Minikin in Android. The vulnerability enables triggering an ANR through a malicious message, caused by resource exhaustion, leading to remote Denial of Service with no additional privileges and no user interaction required. Public details specify the issue but do not provi...

7.5CVSS7.4AI score0.00412EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.45 views

CVE-2023-21340

The CVE-2023-21340 entry describes an information-disclosure vulnerability in the Telecomm component of Android, caused by a missing permission check that allows local access to the call state without extra privileges or user interaction. Exploitation is local and does not require user action; CV...

5.5CVSS5.7AI score0.00099EPSS
CVE
CVE
added 2023/10/30 4:59 p.m.45 views

CVE-2023-21371

CVE-2023-21371 affects Android’s Secure Element. The issue is an out-of-bounds write caused by an integer overflow in Secure Element code, enabling local escalation of privilege to System execution privileges without user interaction. Exploitation details are not provided in the connected documen...

6.7CVSS6.8AI score0.00092EPSS
CVE
CVE
added 2023/10/30 5:1 p.m.45 views

CVE-2023-21380

CVE-2023-21380 is a Bluetooth heap buffer overflow in Android that can enable local elevation of privilege with SYSTEM execution when exploited without user interaction. The vulnerability is listed in Android 14 security release notes and associated with an out-of-bounds write in Bluetooth. Affec...

6.7CVSS7AI score0.00094EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.44 views

CVE-2014-9964

Technical details about CVE-2014-9964 (affected components, root cause, affected versions, exploitability, remediation) are not publicly provided in the connected documents. Monitor for updates from official sources (NVD, Android bulletins) for specifics.

9.3CVSS7.6AI score0.00606EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.44 views

CVE-2015-9025

CVE-2015-9025 describes a buffer overflow in the QTEE application used in CAF Android builds (Linux kernel). The underlying issue is a buffer overflow in QTEE, enabling potential arbitrary code execution on affected devices. Public references confirm the Android QTEE vulnerability and describe it...

9.3CVSS7.7AI score0.00632EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9034

Summary: CVE-2015-9034 is a buffer overflow in Qualcomm closed-source components used in Android CAF builds with the Linux kernel, caused by a SIP string not being null-terminated. This vulnerability affects Qualcomm components in Android and has a CVSS v3 base score of 9.8 (CRITICAL) with networ...

10CVSS7.8AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9036

CVE-2015-9036 describes a memory-corruption vulnerability in Qualcomm components used in Android CAF builds (Linux kernel). The root cause is an incorrect length used when clearing a memory buffer, which can corrupt adjacent memory. Affected products are Qualcomm/CAF Android releases that rely on...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9045

CVE-2015-9045 is a buffer overflow vulnerability in Qualcomm GERAN within CAF Android builds that use the Linux kernel. The flaw allows a buffer overflow while taking power measurements, impacting affected Qualcomm components. The CVSS data in the public record indicates a high to critical impact...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.44 views

CVE-2015-9062

Technical details about CVE-2015-9062 are not publicly provided in the connected documents. Monitor for updates.

10CVSS8AI score0.00949EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.44 views

CVE-2016-10239

CVE-2016-10239 involves a potential bypass of the TrustZone access control policy in Android CAF builds using the Linux kernel. The description notes improper input validation that could cause an integer overflow, potentially leading to a buffer overflow and a buffer over-read. The NVD entry also...

9.3CVSS7.8AI score0.00654EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21301

CVE-2023-21301 affects Android’s ActivityManagerService and enables a local attacker to determine whether an app is installed without query permissions through a side-channel information disclosure. This could lead to local privilege escalation without additional execution privileges or user inte...

5.5CVSS6.2AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.44 views

CVE-2023-21332

CVE-2023-21332 concerns Android’s Text Services, where a side-channel could reveal whether an app is installed without query permissions. This enables local information disclosure with no extra execution privileges and no user interaction required. The issue is categorized as affecting the Text S...

5.5CVSS5.1AI score0.00103EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2014-9974

CVE-2014-9974 is described in connected records as a Qualcomm component vulnerability affecting Android CAF builds using the Linux kernel, arising from missing validation of buffer lengths in Keymaster. The CNVD-2017-26641 entry explicitly documents a buffer length validation failure in the Qualc...

10CVSS7.9AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2014-9979

CVE-2014-9979 affects Qualcomm products with CAF Android builds using the Linux kernel. The vulnerability is a TrustZone system call issue caused by an uninitialized variable in the kernel, potentially leading to compromise of secure memory. The available documents explicitly describe the root ca...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2015-9035

CVE-2015-9035 describes a memory-management defect in Qualcomm components used in Android CAF builds on Linux kernels, where a memory buffer is not freed after use, potentially leading to memory exhaustion. Public sources in the connected set (NVD entry, CNVD-2017-26829, CNVD/CVEs and EUVD-2015-8...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2015-9047

CVE-2015-9047 affects Qualcomm components in Android CAF builds using the Linux kernel, describing a GNSS vulnerability that occurs when a scan is performed after bootup. The CVE entry notes affected software as Qualcomm products with CAF Android releases and the GNSS subsystem, with a CVSSv3 bas...

10CVSS7.8AI score0.00805EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2015-9055

Technical details for CVE-2015-9055 are not publicly provided in the connected documents. Please monitor for updates; current documents do not specify affected products, versions, root cause, or fixes beyond the high‑level description.

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2016-10347

CVE-2016-10347 affects Qualcomm components in Android CAF builds using the Linux kernel; the issue is that an argument to a hypervisor function is not properly validated, enabling potential remote exploitation. The vulnerability is serious (CVSS v3 base score 9.8, CRITICAL) with network access an...

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2016-10384

CVE-2016-10384 affects Qualcomm products with Android CAF builds that use the Linux kernel and involve the WLAN driver ioctl. The underlying issue is a potentially reachable assertion in the WLAN driver ioctl, as described in the CVE entry. The Android Security Bulletin (April 2018) notes securit...

10CVSS8.7AI score0.00964EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.43 views

CVE-2016-5855

CVE-2016-5855 affects the Qualcomm SPCom driver in Qualcomm AMSS/Android stacks. The root cause is a user‑supplied buffer being cast to a structure without validating the source buffer size, potentially leading to memory corruption or information exposure as described in the CVE entry. Connected ...

4.7CVSS5.4AI score0.00457EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.43 views

CVE-2016-5858

CVE-2016-5858: A vulnerability in the ioctl handler of Qualcomm components used in Android for MSM, Firefox OS for MSM, and QRD Android. If a user supplies a value that is too large, it can cause an out-of-bounds read, leading to potential information disclosure. The description specifies the aff...

4.7CVSS5.3AI score0.00544EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.43 views

CVE-2017-8233

CVE-2017-8233 : This vulnerability affects Android CAF camera driver code on all CAF Android releases using the Linux kernel. The issue is a missing bounds check when writing into an array, which can lead to an out-of-bounds heap write. The provided documents do not specify affected product versi...

9.3CVSS7.4AI score0.00363EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.43 views

CVE-2017-8272

CVE-2017-8272 affects Qualcomm components in Android CAF builds using the Linux kernel. In a driver function, a value supplied from userspace is not properly validated, potentially causing an out-of-bounds heap write. The vulnerability is described as a kernel-level issue with the potential for m...

7.8CVSS7.2AI score0.00356EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21299

CVE-2023-21299 affects Android’s Package Manager, allowing an attacker to determine whether an app is installed via a side‑channel information disclosure. Impact: local information disclosure without extra privileges or user interaction. The vulnerability is described in multiple sources (includi...

5.5CVSS5.6AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21304

CVE-2023-21304 describes an information-disclosure flaw in Android’s Content Service that can reveal whether an app is installed without query permissions, via a side-channel. The issue allows local information leakage without extra execution privileges and does not require user interaction to ex...

5.5CVSS5.1AI score0.00091EPSS
Total number of security vulnerabilities334