Lucene search

K

793 matches found

CVE
CVE
added 2017/09/08 8:29 p.m.46 views

CVE-2017-0770

A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.

9.3CVSS7.9AI score0.00035EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.46 views

CVE-2017-0872

A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.

9.3CVSS8.4AI score0.00456EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.46 views

CVE-2017-13196

In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Produc...

7.8CVSS7.4AI score0.03008EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.46 views

CVE-2017-13250

In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product...

9.3CVSS7.9AI score0.00212EPSS
CVE
CVE
added 2024/11/15 10:15 p.m.46 views

CVE-2017-13310

In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is n...

7.8CVSS6.8AI score0.00008EPSS
CVE
CVE
added 2024/11/15 10:15 p.m.46 views

CVE-2017-13314

In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with n...

7.8CVSS6.9AI score0.00009EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.46 views

CVE-2018-9338

In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.00023EPSS
CVE
CVE
added 2024/12/02 10:15 p.m.46 views

CVE-2018-9430

In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.4AI score0.01102EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.46 views

CVE-2018-9433

In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7.5AI score0.00137EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2017-0417

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00136EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.45 views

CVE-2017-0426

An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android...

5.5CVSS4.9AI score0.0027EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.45 views

CVE-2017-0484

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-3329...

7.1CVSS5.4AI score0.00284EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.45 views

CVE-2017-0541

A remote code execution vulnerability in sonivox in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.7AI score0.04611EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.45 views

CVE-2017-0598

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application doe...

5.5CVSS5.2AI score0.00063EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.45 views

CVE-2017-0635

A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1....

7.1CVSS5.4AI score0.00111EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.45 views

CVE-2017-0640

A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID:...

7.1CVSS5.5AI score0.00203EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.45 views

CVE-2017-0667

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37478824.

9.3CVSS7.4AI score0.00035EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.45 views

CVE-2017-0673

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33974623.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.45 views

CVE-2017-0679

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.45 views

CVE-2017-0703

A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.

9.3CVSS7.4AI score0.00031EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.45 views

CVE-2017-0715

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.45 views

CVE-2017-0764

A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.

9.3CVSS7.9AI score0.00269EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.45 views

CVE-2017-0766

A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37776688.

9.3CVSS8.2AI score0.00212EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.45 views

CVE-2017-0776

A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.

5.5CVSS5.8AI score0.00051EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.45 views

CVE-2017-0845

A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

7.5CVSS7.1AI score0.00124EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.45 views

CVE-2017-0855

In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed...

7.8CVSS7.4AI score0.02288EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.45 views

CVE-2017-13151

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63874456.

9.3CVSS8.4AI score0.00456EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.45 views

CVE-2017-13228

In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: ...

9.3CVSS8.8AI score0.00481EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.45 views

CVE-2018-21070

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).

8.4CVSS8.3AI score0.00007EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.45 views

CVE-2018-21087

An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018).

9.8CVSS9.7AI score0.00159EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.45 views

CVE-2018-9346

In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6AI score0.00021EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.45 views

CVE-2018-9412

In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

5.5CVSS6.6AI score0.00011EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.45 views

CVE-2019-20777

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService mishandles OTA Provisioning on V40 and G7 devices. The LG ID is LVE-SMP-190006 (July 2019).

9.8CVSS9.2AI score0.00147EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.44 views

CVE-2017-0382

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the...

7.8CVSS8.1AI score0.0028EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.44 views

CVE-2017-0385

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.7AI score0.00052EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.44 views

CVE-2017-0392

A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5....

7.1CVSS5.7AI score0.0017EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.44 views

CVE-2017-0410

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally a...

9.3CVSS7.2AI score0.00144EPSS
CVE
CVE
added 2017/02/08 3:59 p.m.44 views

CVE-2017-0416

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00136EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.44 views

CVE-2017-0470

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.44 views

CVE-2017-0473

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.44 views

CVE-2017-0494

An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6....

5.5CVSS5.1AI score0.00205EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.44 views

CVE-2017-0591

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaser...

9.3CVSS7.6AI score0.00272EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.44 views

CVE-2017-0602

An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4....

5.5CVSS5.1AI score0.00063EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.44 views

CVE-2017-0603

A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6...

5.4CVSS4.9AI score0.00066EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.44 views

CVE-2017-0645

An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Andro...

5.5CVSS5.2AI score0.00093EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.44 views

CVE-2017-0675

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.44 views

CVE-2017-0683

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36591008.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.44 views

CVE-2017-0691

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.

5.5CVSS5.5AI score0.00036EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.44 views

CVE-2017-0720

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.

9.3CVSS7.7AI score0.00248EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.44 views

CVE-2017-0745

A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.

9.3CVSS7.7AI score0.00308EPSS
Total number of security vulnerabilities793