Lucene search

K

793 matches found

CVE
CVE
added 2024/11/27 11:15 p.m.42 views

CVE-2018-9351

In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS8.8AI score0.00114EPSS
CVE
CVE
added 2024/11/27 11:15 p.m.42 views

CVE-2018-9353

In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS8.9AI score0.00457EPSS
CVE
CVE
added 2024/12/02 9:15 p.m.42 views

CVE-2018-9376

In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.5AI score0.00008EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.42 views

CVE-2018-9420

In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.2AI score0.00009EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9440

In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.6AI score0.00037EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9456

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.7AI score0.00253EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.42 views

CVE-2018-9552

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

5.5CVSS5.4AI score0.00116EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9585

In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U...

7.8CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9588

In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileg...

6.5CVSS5.5AI score0.00164EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.42 views

CVE-2019-2031

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Andro...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.42 views

CVE-2019-20610

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).

9.3CVSS8.2AI score0.00151EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.42 views

CVE-2019-20772

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. The Account subsystem allows authorization bypass. The LG ID is LVE-SMP-190007 (August 2019).

9.8CVSS9.2AI score0.00147EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.42 views

CVE-2019-20776

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).

5.5CVSS5.5AI score0.00016EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.42 views

CVE-2019-20784

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).

5.5CVSS5.6AI score0.00018EPSS
CVE
CVE
added 2016/09/11 9:59 p.m.41 views

CVE-2016-3880

Multiple buffer overflows in rtsp/ASessionDescription.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow remote attackers to cause a denial of service (device hang or reboot) via a crafted ...

7.1CVSS5.8AI score0.00479EPSS
CVE
CVE
added 2017/03/20 4:59 p.m.41 views

CVE-2016-5857

The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.

7.8CVSS6.9AI score0.00027EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.41 views

CVE-2016-6740

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ...

9.3CVSS7.5AI score0.0007EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.41 views

CVE-2017-0387

An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.7AI score0.00052EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.41 views

CVE-2017-0391

A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6....

7.1CVSS6.1AI score0.00173EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0469

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0474

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.02868EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0476

A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process...

7.8CVSS7.5AI score0.00321EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0479

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00064EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0491

An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: An...

5.5CVSS5.4AI score0.00072EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0495

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1...

5.5CVSS4.9AI score0.00125EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0538

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaser...

9.3CVSS7.7AI score0.00264EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0544

An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. An...

9.3CVSS7.8AI score0.00067EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0551

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A...

7.1CVSS5.7AI score0.00197EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0558

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

5.5CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0559

An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0...

5.5CVSS5.2AI score0.00109EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.41 views

CVE-2017-0639

An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other application...

5.5CVSS4.8AI score0.00109EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.41 views

CVE-2017-0689

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.41 views

CVE-2017-0696

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.41 views

CVE-2017-0727

A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.

7.8CVSS7.4AI score0.00041EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.41 views

CVE-2017-0732

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.

7.8CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.41 views

CVE-2017-0771

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.41 views

CVE-2017-0835

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.

9.3CVSS7.7AI score0.0096EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.41 views

CVE-2017-0836

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

9.3CVSS7.7AI score0.0096EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-0846

An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

7.5CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13150

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.

9.1CVSS8.2AI score0.00122EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13152

An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.

7.5CVSS7AI score0.00117EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13154

An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.

7.8CVSS7.5AI score0.00014EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13159

An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.

7.8CVSS6.9AI score0.00106EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

9.1CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13234

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13242

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

7.5CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.41 views

CVE-2017-13259

In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1,...

7.5CVSS7AI score0.00862EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.41 views

CVE-2017-13276

In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, ...

7.8CVSS8.1AI score0.01912EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.41 views

CVE-2017-13315

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not ...

7.8CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.41 views

CVE-2017-18649

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 (November 2017).

7.2CVSS7AI score0.00058EPSS
Total number of security vulnerabilities793