Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
GoogleAndroid5.0

327 matches found

CVE
CVEadded 2016/05/05 1:59 a.m.692 views

CVE-2016-2107

The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exi...

5.9CVSS6.9AI score0.78923EPSS
CVE
CVEadded 2017/09/14 7:29 p.m.539 views

CVE-2017-0781

A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.

8.8CVSS8.2AI score0.48939EPSS
CVE
CVEadded 2016/05/05 1:59 a.m.495 views

CVE-2016-2108

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

10CVSS8.3AI score0.65505EPSS
CVE
CVEadded 2017/09/14 7:29 p.m.447 views

CVE-2017-0785

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.

6.5CVSS6.8AI score0.10687EPSS
CVE
CVEadded 2016/02/08 3:59 a.m.357 views

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

7.8CVSS6.5AI score0.5601EPSS
In wild
CVE
CVEadded 2016/03/03 8:59 p.m.251 views

CVE-2016-0705

Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.

10CVSS8.1AI score0.38432EPSS
CVE
CVEadded 2017/09/14 7:29 p.m.251 views

CVE-2017-0782

A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.

8.8CVSS8.2AI score0.47225EPSS
CVE
CVEadded 2017/09/14 7:29 p.m.213 views

CVE-2017-0783

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.

6.5CVSS6.7AI score0.00108EPSS
CVE
CVEadded 2016/02/07 1:59 a.m.180 views

CVE-2016-0801

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

9.8CVSS7.6AI score0.46032EPSS
CVE
CVEadded 2016/01/06 7:59 p.m.179 views

CVE-2015-6639

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

9.3CVSS7.5AI score0.07803EPSS
CVE
CVEadded 2017/01/12 8:59 p.m.176 views

CVE-2017-0393

A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7....

7.1CVSS5.3AI score0.00414EPSS
CVE
CVEadded 2017/04/07 10:59 p.m.149 views

CVE-2017-0553

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurati...

7.6CVSS6.6AI score0.00421EPSS
CVE
CVEadded 2016/08/05 8:59 p.m.138 views

CVE-2016-3822

exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data, aka internal bug 288...

7.8CVSS6.7AI score0.00349EPSS
CVE
CVEadded 2016/11/25 4:59 p.m.127 views

CVE-2016-6754

A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of remote code executio...

8.8CVSS8.7AI score0.26473EPSS
CVE
CVEadded 2016/01/06 7:59 p.m.104 views

CVE-2015-6644

Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

4.3CVSS3.4AI score0.00184EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.84 views

CVE-2017-0737

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.

7.8CVSS7.4AI score0.00092EPSS
CVE
CVEadded 2017/01/12 8:59 p.m.83 views

CVE-2017-0381

An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Andro...

9.3CVSS6.3AI score0.00134EPSS
CVE
CVEadded 2017/09/08 8:29 p.m.80 views

CVE-2017-0752

A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.

9.3CVSS7.5AI score0.00031EPSS
CVE
CVEadded 2016/01/06 7:59 p.m.79 views

CVE-2015-5310

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) vi...

4.3CVSS5.3AI score0.00304EPSS
CVE
CVEadded 2016/01/06 7:59 p.m.74 views

CVE-2015-6636

mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.

10CVSS9.5AI score0.01215EPSS
CVE
CVEadded 2015/12/06 1:59 a.m.67 views

CVE-2015-6783

The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in crazy_linker (aka Crazy Linker) in Android 5.x and 6.x, as used in Google Chrome before 47.0.2526.73, improperly searches for an EOCD record, which allows attackers to bypass a signature-validation requirement via a crafted ZIP ...

4.3CVSS8.5AI score0.00254EPSS
CVE
CVEadded 2017/01/12 3:59 p.m.66 views

CVE-2016-6762

An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not nor...

7.8CVSS7.4AI score0.00263EPSS
CVE
CVEadded 2017/03/08 1:59 a.m.61 views

CVE-2017-0475

An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the ope...

9.3CVSS7.2AI score0.00111EPSS
CVE
CVEadded 2016/02/07 1:59 a.m.58 views

CVE-2016-0802

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.

8.8CVSS7.5AI score0.06746EPSS
CVE
CVEadded 2016/10/10 10:59 a.m.58 views

CVE-2016-5348

The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed...

7.1CVSS5.5AI score0.09597EPSS
CVE
CVEadded 2017/01/12 8:59 p.m.57 views

CVE-2017-0386

An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally ac...

9.3CVSS7.3AI score0.00337EPSS
CVE
CVEadded 2017/01/12 8:59 p.m.57 views

CVE-2017-0390

A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6...

7.1CVSS5.7AI score0.0017EPSS
CVE
CVEadded 2017/04/07 10:59 p.m.57 views

CVE-2017-0540

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.7AI score0.00476EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.57 views

CVE-2017-0722

A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827.

9.3CVSS7.7AI score0.00248EPSS
CVE
CVEadded 2016/02/07 1:59 a.m.56 views

CVE-2016-0805

The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.

8.4CVSS8.2AI score0.00127EPSS
CVE
CVEadded 2017/04/07 10:59 p.m.56 views

CVE-2017-0541

A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.7AI score0.04611EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.56 views

CVE-2017-0714

A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637.

9.3CVSS7.7AI score0.00248EPSS
CVE
CVEadded 2016/01/06 7:59 p.m.55 views

CVE-2015-6647

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.

9.3CVSS7.6AI score0.00172EPSS
CVE
CVEadded 2016/01/06 7:59 p.m.54 views

CVE-2015-6637

The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.

9.3CVSS7.6AI score0.00068EPSS
CVE
CVEadded 2016/04/18 12:59 a.m.54 views

CVE-2016-1503

dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malform...

10CVSS8.8AI score0.07135EPSS
CVE
CVEadded 2016/03/12 9:59 p.m.54 views

CVE-2016-1621

libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452...

10CVSS8.6AI score0.08448EPSS
CVE
CVEadded 2016/09/11 9:59 p.m.54 views

CVE-2016-3862

media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in libjhead_jni, which allows remote attackers to execute arbitrary code or cause a denial of service (m...

9.3CVSS7.8AI score0.01137EPSS
CVE
CVEadded 2017/01/12 8:59 p.m.54 views

CVE-2017-0396

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. P...

5.5CVSS5.2AI score0.00091EPSS
CVE
CVEadded 2017/02/08 3:59 p.m.54 views

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0...

7.8CVSS6.7AI score0.01038EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.54 views

CVE-2017-0745

A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.

9.3CVSS7.7AI score0.00308EPSS
CVE
CVEadded 2017/09/08 8:29 p.m.54 views

CVE-2017-0764

A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.

9.3CVSS7.9AI score0.00269EPSS
CVE
CVEadded 2017/09/08 8:29 p.m.54 views

CVE-2017-0777

A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.

5.5CVSS5.8AI score0.00051EPSS
CVE
CVEadded 2017/01/12 8:59 p.m.53 views

CVE-2017-0392

A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5....

7.1CVSS5.7AI score0.0017EPSS
CVE
CVEadded 2017/04/07 10:59 p.m.53 views

CVE-2017-0547

An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applica...

5.5CVSS5.3AI score0.00125EPSS
CVE
CVEadded 2017/08/09 9:29 p.m.53 views

CVE-2017-0720

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.

9.3CVSS7.7AI score0.00248EPSS
CVE
CVEadded 2017/09/08 8:29 p.m.53 views

CVE-2017-0756

A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.

9.3CVSS7.9AI score0.00164EPSS
CVE
CVEadded 2016/02/07 1:59 a.m.52 views

CVE-2016-0810

media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka i...

7.8CVSS8AI score0.00014EPSS
CVE
CVEadded 2016/03/12 9:59 p.m.52 views

CVE-2016-0819

The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034.

9.3CVSS7.4AI score0.00043EPSS
CVE
CVEadded 2017/02/08 3:59 p.m.52 views

CVE-2017-0418

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00136EPSS
CVE
CVEadded 2017/02/08 3:59 p.m.52 views

CVE-2017-0421

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application doe...

5.5CVSS5.2AI score0.00106EPSS
Total number of security vulnerabilities327