Lucene search

K

327 matches found

CVE
CVE
added 2017/08/09 9:29 p.m.43 views

CVE-2017-0739

A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.

5.5CVSS5.5AI score0.00096EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.43 views

CVE-2017-0775

A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.43 views

CVE-2017-0778

A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.

7.8CVSS6.8AI score0.00064EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.43 views

CVE-2017-0784

A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.

8.8CVSS8.6AI score0.0006EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.43 views

CVE-2017-18682

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017).

7.8CVSS7.5AI score0.00125EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.42 views

CVE-2015-6638

The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.

9.3CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2016/03/12 9:59 p.m.42 views

CVE-2016-0818

The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoo...

5.9CVSS5.6AI score0.00058EPSS
CVE
CVE
added 2020/04/07 1:15 p.m.42 views

CVE-2016-11052

An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).

7.8CVSS7.7AI score0.00061EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.42 views

CVE-2016-2459

mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not initialize certain data structures, which allows attackers to obtain sensitive information via a crafted application, related to IGraphicBufferConsumer.cpp and IGraphicBufferProducer....

5.5CVSS5.5AI score0.00096EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.42 views

CVE-2016-3915

camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.

9.3CVSS8AI score0.00135EPSS
CVE
CVE
added 2017/01/12 3:59 p.m.42 views

CVE-2016-6763

A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, ...

7.1CVSS5.3AI score0.00049EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.42 views

CVE-2017-0481

An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-par...

9.3CVSS7.2AI score0.0006EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.42 views

CVE-2017-0589

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.6AI score0.00272EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.42 views

CVE-2017-0592

A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution withi...

9.3CVSS7.6AI score0.00272EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.42 views

CVE-2017-0596

An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not...

9.3CVSS7.2AI score0.00067EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.42 views

CVE-2017-0712

A elevation of privilege vulnerability in the Android framework (wi-fi service). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207928.

7.8CVSS7.4AI score0.00053EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.42 views

CVE-2017-0767

A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37536407.

9.3CVSS7.9AI score0.00035EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.42 views

CVE-2017-0773

A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.42 views

CVE-2017-0774

A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.42 views

CVE-2017-0815

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.

5.5CVSS5AI score0.00154EPSS
CVE
CVE
added 2015/12/08 11:59 p.m.41 views

CVE-2015-6618

Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows user-assisted remote attackers to execute arbitrary code by leveraging access to the local physical environment, aka internal bug 24595992.

4.3CVSS7.5AI score0.00161EPSS
CVE
CVE
added 2016/02/07 1:59 a.m.41 views

CVE-2016-0804

The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code ...

10CVSS9.4AI score0.01215EPSS
CVE
CVE
added 2020/04/07 1:15 p.m.41 views

CVE-2016-11044

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The Samsung ID is SVE-2016-5923 (June 2016).

7.8CVSS7.6AI score0.00009EPSS
CVE
CVE
added 2016/04/18 12:59 a.m.41 views

CVE-2016-2425

mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers to obtain sensitive information via a crafted application, aka internal bugs 7154234 and 26989185.

5.5CVSS5.6AI score0.00125EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.41 views

CVE-2016-3880

Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted ...

7.1CVSS5.8AI score0.00479EPSS
CVE
CVE
added 2016/12/13 7:59 p.m.41 views

CVE-2016-6711

A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibil...

7.1CVSS5.2AI score0.00452EPSS
CVE
CVE
added 2017/01/12 3:59 p.m.41 views

CVE-2016-6769

An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Pr...

4.6CVSS4.8AI score0.00021EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.41 views

CVE-2017-0387

An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.7AI score0.00052EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0479

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00064EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0491

An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: An...

5.5CVSS5.4AI score0.00072EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0544

An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. An...

9.3CVSS7.8AI score0.00067EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0558

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

5.5CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0559

An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0...

5.5CVSS5.2AI score0.00109EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.41 views

CVE-2017-18670

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. android.intent.action.SIOP_LEVEL_CHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 (May 2017).

7.5CVSS7.5AI score0.00113EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.41 views

CVE-2017-18680

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).

7.1CVSS6.9AI score0.00019EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.41 views

CVE-2017-18683

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017).

9.8CVSS9.4AI score0.00147EPSS
CVE
CVE
added 2020/08/31 9:15 p.m.41 views

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2015/11/03 11:59 a.m.40 views

CVE-2015-6614

Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug...

5.8CVSS6.8AI score0.0005EPSS
CVE
CVE
added 2016/01/06 7:59 p.m.40 views

CVE-2015-6640

The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted applicat...

9.3CVSS7.5AI score0.00105EPSS
CVE
CVE
added 2020/04/07 1:15 p.m.40 views

CVE-2016-11045

An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016).

7.8CVSS7.8AI score0.00061EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2448

media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as dem...

9.3CVSS7.5AI score0.00043EPSS
CVE
CVE
added 2016/05/09 10:59 a.m.40 views

CVE-2016-2451

codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig...

9.3CVSS7.6AI score0.00043EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2463

Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media f...

8.4CVSS8.4AI score0.00615EPSS
CVE
CVE
added 2016/06/13 1:59 a.m.40 views

CVE-2016-2494

Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.

9.3CVSS8AI score0.01072EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.40 views

CVE-2017-0395

An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initi...

5.5CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.40 views

CVE-2017-0397

An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android....

5.5CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.40 views

CVE-2017-0483

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Andr...

7.1CVSS5.4AI score0.00284EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.40 views

CVE-2017-0496

A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android I...

5.5CVSS5.2AI score0.00086EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.40 views

CVE-2017-0499

A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.

7.1CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.40 views

CVE-2017-0590

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.6AI score0.00272EPSS
Total number of security vulnerabilities327