Lucene search

K

930 matches found

CVE
CVE
added 2023/10/30 5:15 p.m.44 views

CVE-2023-21343

In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.0003EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.44 views

CVE-2023-21398

In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.8AI score0.00047EPSS
CVE
CVE
added 2023/10/30 6:15 p.m.44 views

CVE-2023-45780

In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.3CVSS7.3AI score0.00047EPSS
CVE
CVE
added 2018/05/02 3:29 p.m.43 views

CVE-2013-6272

The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.

7.8CVSS7.3AI score0.00139EPSS
CVE
CVE
added 2014/09/04 5:55 p.m.43 views

CVE-2014-6060

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

3.3CVSS7.2AI score0.00159EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.43 views

CVE-2014-7916

Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.

10CVSS6.9AI score0.00218EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.43 views

CVE-2014-9867

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qua...

9.3CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.43 views

CVE-2014-9881

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 287693...

7.8CVSS7.5AI score0.00071EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.43 views

CVE-2014-9886

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm interna...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.43 views

CVE-2014-9961

In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.

9.3CVSS7.3AI score0.00051EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.43 views

CVE-2014-9981

In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.

10CVSS8.9AI score0.00252EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.43 views

CVE-2015-3862

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.

5CVSS6.6AI score0.0011EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.43 views

CVE-2015-3865

The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.

9.3CVSS6.8AI score0.00207EPSS
CVE
CVE
added 2015/11/03 11:59 a.m.43 views

CVE-2015-6612

libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.

9.3CVSS6.7AI score0.07723EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.43 views

CVE-2015-8505

mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.

9.3CVSS7.5AI score0.01816EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.43 views

CVE-2015-9020

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.

9.3CVSS7.5AI score0.00058EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.43 views

CVE-2016-10342

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.

9.3CVSS7.7AI score0.00063EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.43 views

CVE-2016-2474

The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 27424603.

9.3CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.43 views

CVE-2016-2475

The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges for certain system calls via a crafted application, aka internal bug 26425765.

7.8CVSS8AI score0.0003EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.43 views

CVE-2016-6739

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ...

9.3CVSS7.5AI score0.0004EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.43 views

CVE-2016-6744

An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. An...

9.3CVSS7.5AI score0.0007EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.43 views

CVE-2016-6750

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

5.5CVSS5.1AI score0.00072EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.43 views

CVE-2016-8420

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.43 views

CVE-2017-0451

An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kern...

4.7CVSS4.3AI score0.00088EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.43 views

CVE-2017-0616

An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android...

7.6CVSS6.6AI score0.00052EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.43 views

CVE-2017-0741

A elevation of privilege vulnerability in the MediaTek gpu driver. Product: Android. Versions: Android kernel. Android ID: A-32458601. References: M-ALPS03007523.

7.8CVSS7.4AI score0.00053EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.43 views

CVE-2017-0799

A elevation of privilege vulnerability in the MediaTek lastbus. Product: Android. Versions: Android kernel. Android ID: A-36731602. References: M-ALPS03342072.

9.3CVSS8AI score0.00088EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.43 views

CVE-2017-0800

A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988.

9.3CVSS8AI score0.00088EPSS
CVE
CVE
added 2017/09/21 3:29 p.m.43 views

CVE-2017-10997

In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory.

7.8CVSS7.8AI score0.00083EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.43 views

CVE-2017-7369

In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.

9.3CVSS7.2AI score0.00075EPSS
CVE
CVE
added 2020/01/06 6:15 p.m.43 views

CVE-2019-9468

In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683...

7.8CVSS8.3AI score0.00013EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.43 views

CVE-2023-21336

In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.6AI score0.00017EPSS
CVE
CVE
added 2023/10/30 5:15 p.m.43 views

CVE-2023-21365

In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.5AI score0.0002EPSS
CVE
CVE
added 2009/10/14 10:30 a.m.42 views

CVE-2009-3698

An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656.

4.3CVSS6.8AI score0.01192EPSS
CVE
CVE
added 2014/12/15 6:59 p.m.42 views

CVE-2014-8609

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category info...

7.2CVSS6.4AI score0.00473EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.42 views

CVE-2014-9784

Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147.

9.3CVSS7.6AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.42 views

CVE-2014-9876

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR48340...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.42 views

CVE-2014-9880

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm in...

7.8CVSS7.5AI score0.00076EPSS
CVE
CVE
added 2016/08/06 10:59 a.m.42 views

CVE-2014-9887

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.

9.3CVSS7.5AI score0.00059EPSS
CVE
CVE
added 2015/10/01 12:59 a.m.42 views

CVE-2015-3844

The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings applic...

6.8CVSS6.5AI score0.00107EPSS
CVE
CVE
added 2015/10/06 5:59 p.m.42 views

CVE-2015-3870

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132.

10CVSS7.8AI score0.01036EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.42 views

CVE-2015-6628

Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24074485.

5CVSS6.6AI score0.001EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.42 views

CVE-2015-6631

libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 246...

5CVSS6.8AI score0.00143EPSS
CVE
CVE
added 2017/05/16 2:29 p.m.42 views

CVE-2015-8998

In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.

9.3CVSS7.6AI score0.00058EPSS
CVE
CVE
added 2017/08/18 6:29 p.m.42 views

CVE-2015-9065

In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.

10CVSS8.7AI score0.00252EPSS
CVE
CVE
added 2017/06/13 8:29 p.m.42 views

CVE-2016-10339

In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.

7.1CVSS6.7AI score0.00095EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.42 views

CVE-2016-2432

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.

9.3CVSS7.5AI score0.00044EPSS
CVE
CVE
added 2016/07/11 1:59 a.m.42 views

CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.

9.3CVSS7.8AI score0.0017EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.42 views

CVE-2016-3938

drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232.

9.3CVSS8AI score0.00073EPSS
CVE
CVE
added 2017/08/16 3:29 p.m.42 views

CVE-2016-5867

In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow.

7.6CVSS6.9AI score0.00064EPSS
Total number of security vulnerabilities930