Lucene search

K

793 matches found

CVE
CVE
added 2024/11/19 11:15 p.m.53 views

CVE-2018-9466

In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS9.3AI score0.00682EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.53 views

CVE-2019-2046

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android ...

10CVSS9.3AI score0.01182EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.52 views

CVE-2017-0413

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does no...

5.5CVSS5.2AI score0.00218EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.52 views

CVE-2017-0547

An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applica...

5.5CVSS5.3AI score0.00125EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.52 views

CVE-2017-0756

A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.

9.3CVSS7.9AI score0.00164EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.52 views

CVE-2017-13208

In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Pr...

10CVSS9.2AI score0.16408EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.52 views

CVE-2017-13262

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, ...

6.5CVSS6.1AI score0.13964EPSS
CVE
CVE
added 2024/11/20 6:15 p.m.52 views

CVE-2018-9470

In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS7.2AI score0.00156EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.52 views

CVE-2019-20771

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019).

7.5CVSS7.4AI score0.00092EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.51 views

CVE-2017-0421

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application doe...

5.5CVSS5.2AI score0.00106EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.51 views

CVE-2017-0738

A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.

5.5CVSS5.5AI score0.00063EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.51 views

CVE-2017-0842

An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.

7.8CVSS7.4AI score0.00039EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.51 views

CVE-2017-13176

In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitatio...

9.3CVSS8.2AI score0.00726EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.51 views

CVE-2017-13179

In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->...

10CVSS9.2AI score0.03598EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.51 views

CVE-2017-13266

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7....

10CVSS8.9AI score0.01322EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.51 views

CVE-2017-13277

In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7...

9.3CVSS7.9AI score0.00722EPSS
CVE
CVE
added 2024/11/28 12:15 a.m.51 views

CVE-2018-9374

In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS9AI score0.00007EPSS
CVE
CVE
added 2025/01/28 5:15 p.m.51 views

CVE-2018-9378

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6AI score0.00019EPSS
CVE
CVE
added 2019/07/08 6:15 p.m.51 views

CVE-2019-2106

In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

9.3CVSS8.8AI score0.0037EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.50 views

CVE-2017-0418

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00136EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.50 views

CVE-2017-0475

An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the ope...

9.3CVSS7.2AI score0.00111EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.50 views

CVE-2017-0665

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

9.3CVSS7.4AI score0.00035EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.50 views

CVE-2017-0668

A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.

5.5CVSS5.5AI score0.00063EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.50 views

CVE-2017-0695

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.50 views

CVE-2017-0699

A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.

5.5CVSS5.5AI score0.00063EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.50 views

CVE-2017-0729

A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.

7.8CVSS7.4AI score0.00053EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.50 views

CVE-2017-0807

An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.

10CVSS8AI score0.02479EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.50 views

CVE-2017-0839

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.

7.5CVSS6.8AI score0.00145EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.50 views

CVE-2017-0841

A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.

9.3CVSS7.7AI score0.00886EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.50 views

CVE-2017-13287

In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.6AI score0.00034EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.50 views

CVE-2019-2051

In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android V...

7.8CVSS7AI score0.00396EPSS
CVE
CVE
added 2021/04/06 8:15 a.m.50 views

CVE-2021-30162

An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

7.1CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.49 views

CVE-2017-0637

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.8AI score0.0084EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.49 views

CVE-2017-0646

An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, ...

5.5CVSS5.1AI score0.00109EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.49 views

CVE-2017-0693

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.49 views

CVE-2017-0733

A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.49 views

CVE-2017-0763

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693.

9.3CVSS7.9AI score0.00212EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.49 views

CVE-2017-0768

A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.

9.3CVSS7.9AI score0.00035EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.49 views

CVE-2017-13148

A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65717533.

7.1CVSS6.6AI score0.00102EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.49 views

CVE-2017-13195

In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed...

7.8CVSS7.3AI score0.02288EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.49 views

CVE-2017-13197

In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1...

7.8CVSS7.3AI score0.04329EPSS
CVE
CVE
added 2024/11/27 8:15 p.m.49 views

CVE-2017-13319

In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.8AI score0.00113EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.49 views

CVE-2018-21057

An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).

10CVSS9.7AI score0.00183EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.49 views

CVE-2018-9549

In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7...

9.3CVSS7.9AI score0.00253EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.48 views

CVE-2016-6749

An information disclosure vulnerability in Qualcomm components including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver in Android before 2016-11-05 could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderat...

5.5CVSS5.1AI score0.00072EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.48 views

CVE-2017-0394

A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213.

7.8CVSS7.2AI score0.00327EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.48 views

CVE-2017-0407

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.01376EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.48 views

CVE-2017-0414

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does no...

5.5CVSS4.9AI score0.00106EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.48 views

CVE-2017-0420

An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not hav...

5.5CVSS4.9AI score0.0016EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.48 views

CVE-2017-0594

An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to...

9.3CVSS7.2AI score0.00068EPSS
Total number of security vulnerabilities793