Lucene search

K

793 matches found

CVE
CVE
added 2017/09/08 8:29 p.m.79 views

CVE-2017-0752

A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.

9.3CVSS7.5AI score0.00031EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.78 views

CVE-2015-8955

arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.

7.3CVSS7.5AI score0.00075EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.77 views

CVE-2019-2012

In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.75 views

CVE-2018-9564

In llcp_util_parse_link_params of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Andr...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.75 views

CVE-2019-2013

In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.74 views

CVE-2019-2015

In rw_t3t_act_handle_check_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Andro...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.72 views

CVE-2019-2014

In rw_t3t_handle_get_sc_poll_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 And...

9.3CVSS8.3AI score0.00145EPSS
CVE
CVE
added 2019/06/19 8:15 p.m.71 views

CVE-2019-2010

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Andr...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.69 views

CVE-2017-0412

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally a...

9.3CVSS7.2AI score0.0106EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.69 views

CVE-2018-9445

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Andr...

7.2CVSS6.7AI score0.00856EPSS
CVE
CVE
added 2019/06/19 9:15 p.m.67 views

CVE-2018-9563

In llcp_util_parse_cc of llcp_util.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1...

7.1CVSS5.9AI score0.00131EPSS
CVE
CVE
added 2024/11/20 6:15 p.m.66 views

CVE-2018-9475

In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is n...

8.8CVSS7.2AI score0.00067EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.65 views

CVE-2019-2109

In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android...

9.3CVSS8.8AI score0.00343EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.62 views

CVE-2017-13230

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0...

9.3CVSS8.7AI score0.0162EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.62 views

CVE-2019-2117

In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. ...

5.5CVSS5AI score0.00015EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.61 views

CVE-2019-2044

In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: An...

9.3CVSS8.7AI score0.01214EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.60 views

CVE-2018-9341

In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7.5AI score0.00209EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.59 views

CVE-2017-0424

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in...

5.5CVSS5.2AI score0.00121EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.59 views

CVE-2019-2134

In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Andr...

9.3CVSS7.7AI score0.00038EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.58 views

CVE-2017-0477

A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Prod...

7.8CVSS7.6AI score0.00321EPSS
CVE
CVE
added 2024/11/27 10:15 p.m.58 views

CVE-2017-13320

In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS8.2AI score0.00027EPSS
CVE
CVE
added 2024/11/27 11:15 p.m.58 views

CVE-2018-9354

In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS9.1AI score0.00457EPSS
CVE
CVE
added 2024/12/02 8:15 p.m.58 views

CVE-2018-9380

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS7AI score0.00682EPSS
CVE
CVE
added 2024/12/03 1:15 a.m.58 views

CVE-2018-9449

In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS7.8AI score0.00017EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.58 views

CVE-2019-2130

In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product: A...

10CVSS9.4AI score0.01098EPSS
CVE
CVE
added 2016/10/10 10:59 a.m.57 views

CVE-2016-5348

The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed...

7.1CVSS5.5AI score0.11586EPSS
CVE
CVE
added 2017/01/12 3:59 p.m.57 views

CVE-2016-6762

An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not nor...

7.8CVSS7.4AI score0.00263EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.57 views

CVE-2017-13280

In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Ver...

7.5CVSS7.2AI score0.00499EPSS
CVE
CVE
added 2024/11/27 8:15 p.m.57 views

CVE-2017-13316

In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS8.5AI score0.00008EPSS
CVE
CVE
added 2024/11/20 6:15 p.m.57 views

CVE-2018-9478

In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.6AI score0.00307EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.56 views

CVE-2017-0390

A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6...

7.1CVSS5.7AI score0.0017EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.56 views

CVE-2019-2047

In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 And...

10CVSS9.2AI score0.00873EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.55 views

CVE-2017-0386

An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally ac...

9.3CVSS7.3AI score0.00337EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.55 views

CVE-2017-0540

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.7AI score0.00476EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.55 views

CVE-2017-0760

A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237396.

9.3CVSS7.9AI score0.00248EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.55 views

CVE-2017-13177

In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0,...

10CVSS9.1AI score0.1052EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.55 views

CVE-2017-13283

In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versi...

10CVSS8.8AI score0.02956EPSS
CVE
CVE
added 2024/11/27 10:15 p.m.55 views

CVE-2017-13323

In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.

8.4CVSS8.3AI score0.00026EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.55 views

CVE-2019-2029

In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1....

8.8CVSS8.8AI score0.00564EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.55 views

CVE-2019-2043

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interactio...

7.3CVSS7.2AI score0.00014EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.54 views

CVE-2017-0467

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.54 views

CVE-2017-0806

An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.

9.3CVSS7.4AI score0.01494EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.54 views

CVE-2017-0870

An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.

7.8CVSS7.5AI score0.00016EPSS
CVE
CVE
added 2024/12/02 9:15 p.m.54 views

CVE-2018-9414

In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.0001EPSS
CVE
CVE
added 2024/12/02 10:15 p.m.54 views

CVE-2018-9418

In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.1AI score0.00056EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.54 views

CVE-2018-9583

In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges...

10CVSS7.6AI score0.00977EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.53 views

CVE-2017-0396

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. P...

5.5CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.53 views

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0...

7.8CVSS6.7AI score0.01038EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.53 views

CVE-2017-0641

A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0,...

7.1CVSS5.1AI score0.02719EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.53 views

CVE-2017-13260

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7....

7.5CVSS6.8AI score0.20857EPSS
Total number of security vulnerabilities793