Lucene search
K

334 matches found

CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21318

CVE-2023-21318 affects the Android Framework layer in Android 14, where a side-channel information disclosure could allow an attacker to infer whether an arbitrary app is installed. The NVD entry describes a local attack with low complexity, requiring low privileges and no user interaction, leadi...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21338

CVE-2023-21338 affects Android’s Input Method. The issue is a side-channel information disclosure that lets an app determine whether another app is installed without query permissions, enabling local elevation of privilege with no additional execution privileges required. The Android 14 security ...

5.5CVSS5.7AI score0.00097EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21344

CVE-2023-21344 affects Android’s Job Scheduler. The issue enables a local attacker to determine whether an app is installed via a side-channel information disclosure, without query permissions and with no user interaction. Impact is local information disclosure; exploitation requires local access...

5.5CVSS5.6AI score0.00103EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.43 views

CVE-2023-21349

In CVE-2023-21349, the Android Package Manager exposes a side-channel to determine whether an app is installed without query permissions, enabling local information disclosure with no privileges required and no user interaction. Multiple connected sources (NVD entry and Red Hat/CVE pages, CNVD, a...

3.3CVSS4.4AI score0.00084EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2014-9963

CVE-2014-9963 describes a buffer overflow in WideVine DRM present in Android CAF builds using the Linux kernel. The connected sources confirm a DRM component buffer overflow, implying potential arbitrary code execution under certain conditions, with CVSS indicating HIGH severity (local access, us...

9.3CVSS7.7AI score0.00625EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2014-9965

Technical details about CVE-2014-9965 are not publicly available in the provided connected documents. The descriptions restate the parsing issue in Android CAF/Linux SCM call handling; monitor for updates from the cited sources.

9.3CVSS7.5AI score0.00599EPSS
CVE
CVE
added 2017/05/16 2:0 p.m.42 views

CVE-2015-9003

In CVE-2015-9003, a cryptographic issue in TrustZone could potentially affect all Android releases from CAF using the Linux kernel. The connected documents identify TrustZone/Android CAF/Linux kernel as the affected area, but do not provide detailed root cause, affected subcomponents, specific vu...

9.3CVSS7.4AI score0.00578EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9039

Summary: CVE-2015-9039 affects the Qualcomm eMBMS component in Android CAF builds that use the Linux kernel. The root cause is an assertion that can be reached by a sequence of downlink messages in eMBMS, enabling a potential unauthorized operation. The vulnerability has a high/critical impact pr...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9046

Technical details about CVE-2015-9046 are not publicly provided in the supplied documents. No specific impact, affected products, or fixes are disclosed here. Monitor for updates.

10CVSS7.7AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9050

CVE-2015-9050 describes an out-of-bounds access during a CA call in Qualcomm CAF Android/Linux kernel components. The NVD entry assigns CRITICAL risk (CVSS3: 9.8) with network attack vector and no user interaction. Connected documents refer to Qualcomm/Android out-of-bounds issues but do not prov...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2015-9052

CVE-2015-9052 affects Qualcomm components in Android CAF builds using the Linux kernel LTE stack; the issue is an assertion that can be reached while processing a downlink message. The provided documents do not specify affected product versions, exact root cause details, exploit status, or availa...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2016-10337

Technical details for CVE-2016-10337 are not publicly available in the provided connected documents. The materials confirm a generic Android/Linux kernel validation issue but do not specify affected products, versions, exploitability, impact, or fixes. Monitor for updates.

5.5CVSS5.9AI score0.00485EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2016-10382

CVE-2016-10382 affects Qualcomm products running CAF Android builds on the Linux kernel. The issue is insufficient access control for the I2C bus, enabling potential improper access. Public details consistently describe it as a high-severity vulnerability with a CVSSv3 base score of 9.8 (CRITICAL...

10CVSS7.8AI score0.00805EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2016-5872

CVE-2016-5872 affects Qualcomm components in Android CAF builds that use the Linux kernel, where arguments to several QTEE syscalls are not properly validated. This could allow a crafted input to impact or compromise the kernel under affected conditions, with the CVSS indicating a high-severity, ...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.42 views

CVE-2017-8238

CVE-2017-8238 affects Android CAF builds that use the Linux kernel, with a buffer overflow in a camera function. Documented impact indicates high severity (I/H/A) and local exploitability (CVSSv3: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H); CVSSv2 references network vector in that scheme. Connected rec...

9.3CVSS7.4AI score0.00354EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.42 views

CVE-2017-8253

CVE-2017-8253 affects Qualcomm components in Android CAF builds using the Linux kernel. The issue can allow kernel memory overwrite when an invalid master is sent from userspace, leading to elevation of privilege within the kernel context. The initial document lists it as a high-severity, EoP-typ...

9.3CVSS7.2AI score0.0046EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.42 views

CVE-2023-21303

CVE-2023-21303 is an information-disclosure flaw affecting Android where an attacker can infer whether an app is installed via a side channel without query permissions. It enables local information leakage with no user interaction and requires only local access. Android 14 release notes indicate ...

5.5CVSS5.6AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.42 views

CVE-2023-21316

CVE-2023-21316 affects Google Android: an information-disclosure side channel in content that lets an app determine whether another app is installed without query permissions. Local attack with no user interaction; no explicit exploit details or affected versions are provided in the documents. Re...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.41 views

CVE-2014-9977

CVE-2014-9977 describes a buffer overflow in the PlayReady DRM within Qualcomm closed‑source components used by Android CAF on Linux, enabling potential arbitrary code execution or denial of service as described in linked CNVD/NVD entries. Affected: Qualcomm PlayReady DRM in Android CAF/Linux ker...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.41 views

CVE-2014-9978

CVE-2014-9978 (and related CNVD-2017-25680) describes a buffer overflow in the QTEE service of Qualcomm closed‑source components used by Android CAF/Linux kernels. The vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service within Qualcomm/Android enviro...

10CVSS8.1AI score0.00904EPSS
CVE
CVE
added 2017/06/13 8:0 p.m.41 views

CVE-2015-9021

CVE-2015-9021 describes a security issue where, in all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. The entry lists a MEDIUM overall impact (CVSS2: AV:N/AC:M/Au:N/C:N/I:N/A:P; CVSS3: LOCAL, LOW/L, NONE to partial impacts) and indicates no public...

5.5CVSS5.8AI score0.00473EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.41 views

CVE-2023-21311

CVE-2023-21311 describes an information-disclosure vulnerability in Android Settings where a permissions bypass could let a secondary user control private DNS settings. Exploitation is local (ATT&CK-like, not remote), requires no user interaction, and could disclose private information without ad...

5.5CVSS5.2AI score0.00084EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.40 views

CVE-2015-9049

CVE-2015-9049 is corroborated by connected sources describing an input-validation vulnerability in Qualcomm’s closed‑source components (USIM handling) within Android CAF Linux environments. CNVD-2017-26834 outlines an unauthorized-operations flaw in the Qualcomm Android component causing remote e...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.40 views

CVE-2023-21341

CVE-2023-21341 concerns Android’s Permission Manager, where a missing permission check can bypass required permissions, enabling local elevation of privilege. The issue is described as a local, low-privilege escalation with no user interaction required. Affected product/area: Android components r...

7.8CVSS7.8AI score0.00098EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.39 views

CVE-2015-0574

CVE-2015-0574 is described in multiple sources as a file system input validation vulnerability in Qualcomm components used in Android CAF builds on the Linux kernel. The root cause is insufficient validation of filesystem access, which could enable an attacker to execute arbitrary code. Concrete ...

10CVSS8.8AI score0.00976EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.39 views

CVE-2015-9060

CVE-2015-9060 affects Qualcomm products with CAF Android builds using the Linux kernel. The issue is a pointer validation flaw in a QTEE system call, as described in the CVE description. The connected documents confirm the root cause (improper pointer validation) and the affected context (Qualcom...

10CVSS7.8AI score0.00836EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.39 views

CVE-2023-21300

Summary: CVE-2023-21300 affects Android’s PackageManager and arises from a side-channel information disclosure that allows a local attacker to infer whether an app is installed without query permissions. This is described as a local information disclosure with no additional execution privileges r...

5.5CVSS5.6AI score0.00091EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.39 views

CVE-2023-21308

CVE-2023-21308 : In Composer, a missing bounds check allows an out-of-bounds read which could enable local escalation of privilege without user interaction. Exploitation details/affected versions are not disclosed in the provided documents. No patch/remediation information is included here. If ex...

5.5CVSS5.9AI score0.00086EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.38 views

CVE-2015-9038

CVE-2015-9038 affects Qualcomm closed‑source components in Android CAF builds using the Linux kernel. Description: a NULL pointer may be dereferenced in the front end, caused by NULL pointer usage in the vulnerable path. Root cause: NULL pointer dereference. Impact: potential crash or denial of s...

10CVSS7.8AI score0.00861EPSS
CVE
CVE
added 2017/08/16 3:0 p.m.38 views

CVE-2016-5862

CVE-2016-5862 affects Qualcomm-based Android for MSM codecs; the vulnerability arises when a codec control issued from userspace is cast to the container structure rather than the codec’s own structure. This type confusion can lead to a kernel crash and a subsequent device restart on affected Qua...

7.6CVSS6.8AI score0.00523EPSS
CVE
CVE
added 2017/08/18 6:0 p.m.37 views

CVE-2015-9043

CVE-2015-9043 is described in connected sources as a NULL pointer dereference vulnerability affecting Qualcomm components in Android CAF builds using the Linux kernel. The root cause, as stated, is a NULL pointer dereference on timer expiry, with impact described as high/critical in CVSS terms. T...

10CVSS7.8AI score0.00861EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.37 views

CVE-2023-21323

CVE-2023-21323 is an information-disclosure vulnerability in Android's Activity Manager that could let a local attacker determine whether an app is installed without query permissions. The issue stems from a side-channel disclosure, requiring no user interaction and no additional execution privil...

5.5CVSS5.6AI score0.00086EPSS
CVE
CVE
added 2023/10/30 4:56 p.m.37 views

CVE-2023-21345

CVE-2023-21345 is described as an information-disclosure issue in Android’s Game Manager Service where an attacker can determine if an app is installed without query permissions via a side-channel. The available documents indicate local exploitation with no user interaction and a low overall risk...

3.3CVSS4.4AI score0.00082EPSS
CVE
CVE
added 2025/08/06 4:23 a.m.18 views

CVE-2025-21024

Samsung Smart View before Android 16 is affected by CVE-2025-21024 due to the use of implicit intents for sensitive communication, enabling local attackers to access sensitive information through the affected component. The issue is described across multiple sources as a vulnerability in Smart Vi...

5.5CVSS6.2AI score0.00073EPSS
Total number of security vulnerabilities334