Lucene search

K

793 matches found

CVE
CVE
added 2020/04/08 6:15 p.m.41 views

CVE-2018-21050

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).

10CVSS9.8AI score0.00231EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.41 views

CVE-2018-21082

An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).

8.4CVSS8.3AI score0.00017EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.41 views

CVE-2018-9340

In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.

7.5CVSS6.2AI score0.00033EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9356

In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0...

10CVSS8.8AI score0.19616EPSS
CVE
CVE
added 2024/11/19 9:15 p.m.41 views

CVE-2018-9365

In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7.5AI score0.00131EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9446

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

10CVSS8.2AI score0.00977EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

8.8CVSS7.4AI score0.05321EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.41 views

CVE-2018-9587

In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no ...

7.3CVSS6.1AI score0.00022EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.41 views

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges ne...

5.5CVSS5.4AI score0.00024EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.41 views

CVE-2019-20546

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).

6.5CVSS6.5AI score0.00031EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.41 views

CVE-2019-20593

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

5.3CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.41 views

CVE-2019-20783

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019).

9.1CVSS9AI score0.00139EPSS
CVE
CVE
added 2020/08/31 9:15 p.m.41 views

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.40 views

CVE-2016-6709

An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle attacker to gain access to sensitive information if a non-standard cipher suite is used by an application. This issue is rated as High becau...

5.9CVSS5.7AI score0.00123EPSS
CVE
CVE
added 2016/11/25 4:59 p.m.40 views

CVE-2016-6741

An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ...

9.3CVSS7.5AI score0.0007EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.40 views

CVE-2017-0383

An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally a...

9.3CVSS7.7AI score0.00052EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.40 views

CVE-2017-0395

An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initi...

5.5CVSS5.8AI score0.00047EPSS
CVE
CVE
added 2017/01/12 8:59 p.m.40 views

CVE-2017-0397

An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android....

5.5CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.40 views

CVE-2017-0483

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Andr...

7.1CVSS5.4AI score0.00284EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.40 views

CVE-2017-0499

A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.

7.1CVSS5.2AI score0.00091EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.40 views

CVE-2017-0543

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaser...

9.3CVSS7.7AI score0.00286EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.40 views

CVE-2017-0590

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.6AI score0.00272EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.40 views

CVE-2017-0599

A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, ...

7.1CVSS5.4AI score0.00194EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.40 views

CVE-2017-0601

An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requirements. Product: Android. Versions: 7.0, 7....

5.5CVSS5.2AI score0.00036EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.40 views

CVE-2017-0676

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.

9.3CVSS7.7AI score0.00288EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.40 views

CVE-2017-0681

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37208566.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.40 views

CVE-2017-0713

A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.

7.8CVSS7.7AI score0.0028EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.40 views

CVE-2017-0716

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.

9.3CVSS7.7AI score0.00212EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.40 views

CVE-2017-0758

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492741.

9.3CVSS7.9AI score0.00248EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.40 views

CVE-2017-0772

A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.40 views

CVE-2017-0811

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.

9.3CVSS7.7AI score0.00996EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.40 views

CVE-2017-0814

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.

7.8CVSS6.8AI score0.00834EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.40 views

CVE-2017-0816

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.

5.5CVSS5AI score0.00154EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.40 views

CVE-2017-0819

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.

7.8CVSS7.2AI score0.00262EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.40 views

CVE-2017-0830

An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.

9.3CVSS7.4AI score0.00081EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.40 views

CVE-2017-13158

An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.

7.8CVSS6.9AI score0.00106EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.40 views

CVE-2017-13193

In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is...

7.8CVSS7.3AI score0.03008EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.40 views

CVE-2017-13268

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.

4.3CVSS4.2AI score0.00029EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.40 views

CVE-2017-13278

In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, ...

7.8CVSS7.6AI score0.00101EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.40 views

CVE-2017-13284

In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android....

10CVSS8.6AI score0.01232EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.40 views

CVE-2017-18650

An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017).

7.5CVSS7.6AI score0.00113EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.40 views

CVE-2017-18655

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8889, SVE-2017-8891, and SVE-2017-8892 (August 2017).

9.8CVSS9.8AI score0.00159EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.40 views

CVE-2017-18690

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017).

9.8CVSS9.7AI score0.00159EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.40 views

CVE-2018-21072

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018).

10CVSS9.6AI score0.00195EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.40 views

CVE-2018-21075

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018).

9.8CVSS9.4AI score0.00187EPSS
CVE
CVE
added 2020/04/08 2:15 p.m.40 views

CVE-2018-21089

An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018).

10CVSS9.8AI score0.00195EPSS
CVE
CVE
added 2024/12/02 10:15 p.m.40 views

CVE-2018-9423

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.8AI score0.00022EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.40 views

CVE-2018-9432

In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges ne...

7.8CVSS7.1AI score0.00006EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.40 views

CVE-2018-9502

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: An...

6.5CVSS6.1AI score0.00306EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.40 views

CVE-2018-9507

In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versio...

6.5CVSS6.1AI score0.00312EPSS
Total number of security vulnerabilities793