Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid*

892 matches found

CVE
CVEadded 2011/06/09 10:36 a.m.742 views

CVE-2011-1823

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::hand...

7.8CVSS7.5AI score0.55581EPSS
In wild
CVE
CVEadded 2011/05/16 5:55 p.m.717 views

CVE-2011-0419

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allow...

4.3CVSS7.7AI score0.58438EPSS
CVE
CVEadded 2017/04/04 5:59 a.m.247 views

CVE-2016-10229

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

10CVSS9.2AI score0.01242EPSS
CVE
CVEadded 2024/04/05 8:15 p.m.243 views

CVE-2024-29748

there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

7.8CVSS8.2AI score0.00288EPSS
In wild
CVE
CVEadded 2016/08/06 8:59 p.m.215 views

CVE-2016-5696

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

5.8CVSS6.3AI score0.34409EPSS
CVE
CVEadded 2016/10/10 10:59 a.m.181 views

CVE-2015-8956

The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.

6.1CVSS6.6AI score0.00035EPSS
CVE
CVEadded 2017/03/07 9:59 p.m.171 views

CVE-2016-10200

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/...

7CVSS6.8AI score0.00029EPSS
CVE
CVEadded 2017/05/02 9:59 p.m.170 views

CVE-2014-9940

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.

7.6CVSS6.6AI score0.00097EPSS
CVE
CVEadded 2010/09/10 7:0 p.m.166 views

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related...

9.3CVSS8.9AI score0.80553EPSS
CVE
CVEadded 2016/04/27 5:59 p.m.161 views

CVE-2016-0774

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed ...

6.8CVSS6.7AI score0.16663EPSS
CVE
CVEadded 2017/02/07 7:59 a.m.155 views

CVE-2016-10044

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.

7.8CVSS7.3AI score0.00016EPSS
CVE
CVEadded 2016/05/09 10:59 a.m.137 views

CVE-2016-2431

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

9.3CVSS7.4AI score0.01198EPSS
CVE
CVEadded 2017/09/21 3:29 p.m.128 views

CVE-2017-9725

In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.

9.3CVSS8AI score0.00184EPSS
CVE
CVEadded 2016/11/25 4:59 p.m.127 views

CVE-2016-6754

A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code executio...

8.8CVSS8.7AI score0.26473EPSS
CVE
CVEadded 2023/10/30 6:15 p.m.116 views

CVE-2023-21394

In registerPhoneAccount of TelecomServiceImpl.java, there is a possible way to reveal images from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.2AI score0.00029EPSS
CVE
CVEadded 2016/08/30 5:59 p.m.113 views

CVE-2016-5344

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to md...

9.8CVSS9.2AI score0.00252EPSS
CVE
CVEadded 2016/05/09 10:59 a.m.112 views

CVE-2016-2434

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.

9.3CVSS7.4AI score0.0125EPSS
CVE
CVEadded 2015/10/01 12:59 a.m.102 views

CVE-2015-1538

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related iss...

10CVSS8.9AI score0.87777EPSS
CVE
CVEadded 2016/08/06 10:59 a.m.102 views

CVE-2015-8944

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28...

5.5CVSS4.8AI score0.00059EPSS
CVE
CVEadded 2023/10/30 5:15 p.m.102 views

CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.8AI score0.00015EPSS
CVE
CVEadded 2016/07/11 1:59 a.m.101 views

CVE-2014-9803

arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.

9.3CVSS7.1AI score0.00071EPSS
CVE
CVEadded 2022/01/21 7:15 p.m.95 views

CVE-2022-23728

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.

6.6CVSS6.3AI score0.00017EPSS
CVE
CVEadded 2020/02/21 2:15 a.m.93 views

CVE-2014-7914

btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.

8.1CVSS7.8AI score0.00147EPSS
CVE
CVEadded 2023/10/30 5:15 p.m.90 views

CVE-2023-21342

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

7.8CVSS7.6AI score0.00025EPSS
CVE
CVEadded 2016/08/06 10:59 a.m.89 views

CVE-2014-9900

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android int...

5.5CVSS4.6AI score0.0014EPSS
CVE
CVEadded 2016/12/08 9:59 p.m.86 views

CVE-2015-8967

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

9.3CVSS8AI score0.00072EPSS
CVE
CVEadded 2015/09/22 10:59 a.m.85 views

CVE-2015-5582

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVEadded 2011/08/09 7:55 p.m.84 views

CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS)...

5.8CVSS6.6AI score0.00228EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.84 views

CVE-2015-3104

Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 o...

10CVSS7.7AI score0.04479EPSS
CVE
CVEadded 2015/10/01 12:59 a.m.84 views

CVE-2015-3864

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an inco...

10CVSS7.8AI score0.84443EPSS
CVE
CVEadded 2020/06/05 12:15 a.m.84 views

CVE-2020-13843

An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).

5.5CVSS5.5AI score0.00015EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.82 views

CVE-2015-3100

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 1...

10CVSS7.9AI score0.03964EPSS
CVE
CVEadded 2022/03/04 4:15 p.m.82 views

CVE-2022-23729

When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.

7.8CVSS7.7AI score0.00014EPSS
CVE
CVEadded 2023/10/30 6:15 p.m.82 views

CVE-2023-21395

In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.6AI score0.00549EPSS
CVE
CVEadded 2020/01/07 7:15 p.m.79 views

CVE-2019-9465

In the Titan M handling of cryptographic operations, there is a possible information disclosure due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: A...

5.5CVSS5.2AI score0.00032EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.78 views

CVE-2015-3103

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before ...

10CVSS7.4AI score0.57902EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.78 views

CVE-2015-3105

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

10CVSS7.6AI score0.90282EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.78 views

CVE-2015-3108

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

5CVSS6.3AI score0.00443EPSS
CVE
CVEadded 2016/08/06 10:59 a.m.77 views

CVE-2014-9895

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 2875...

5.5CVSS5.3AI score0.00107EPSS
CVE
CVEadded 2017/05/02 9:59 p.m.77 views

CVE-2015-9004

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

9.3CVSS7.2AI score0.00145EPSS
CVE
CVEadded 2016/07/11 1:59 a.m.77 views

CVE-2016-2067

drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging ...

9.3CVSS7.4AI score0.00066EPSS
CVE
CVEadded 2017/04/04 5:59 a.m.76 views

CVE-2014-9922

The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.

9.3CVSS7.2AI score0.00073EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.76 views

CVE-2015-3107

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before ...

10CVSS7.4AI score0.57902EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.74 views

CVE-2015-3106

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before ...

10CVSS7.4AI score0.57902EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.72 views

CVE-2015-3098

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

5CVSS6.5AI score0.00583EPSS
CVE
CVEadded 2014/04/29 8:55 p.m.71 views

CVE-2013-7372

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and...

5CVSS6.8AI score0.00715EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.71 views

CVE-2015-3101

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 o...

4.3CVSS6.4AI score0.00545EPSS
CVE
CVEadded 2015/09/22 10:59 a.m.71 views

CVE-2015-5578

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (...

10CVSS7.8AI score0.06367EPSS
CVE
CVEadded 2015/09/22 10:59 a.m.71 views

CVE-2015-6682

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary co...

10CVSS7.5AI score0.71007EPSS
CVE
CVEadded 2015/06/10 1:59 a.m.70 views

CVE-2015-3096

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AI...

6.8CVSS6.5AI score0.00423EPSS
Total number of security vulnerabilities892