Lucene search

K
GoogleAndroid7.1.1

676 matches found

CVE
CVE
added 2018/11/06 5:29 p.m.37 views

CVE-2018-9436

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6....

7.8CVSS6.3AI score0.02686EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.37 views

CVE-2018-9508

In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr...

6.5CVSS6.1AI score0.00288EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9566

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exp...

5.7CVSS5.6AI score0.003EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.37 views

CVE-2019-2038

In rw_i93_process_sys_info of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-...

5.5CVSS5AI score0.00062EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.37 views

CVE-2019-20549

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom chipsets) software. A heap out-of-bounds access can occur during LE Packet reception in Broadcom Bluetooth. The Samsung ID is SVE-2019-15724 (November 2019).

9.8CVSS9.4AI score0.00147EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.37 views

CVE-2019-20551

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019).

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.37 views

CVE-2019-20558

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019).

9.8CVSS9.4AI score0.00159EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.36 views

CVE-2017-0488

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-3409...

7.1CVSS5.4AI score0.00284EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.36 views

CVE-2017-0539

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediase...

9.3CVSS7.7AI score0.00286EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.36 views

CVE-2017-0546

An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally acces...

9.3CVSS7.7AI score0.00084EPSS
CVE
CVE
added 2017/05/12 3:29 p.m.36 views

CVE-2017-0600

A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1...

7.1CVSS5.4AI score0.00111EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.36 views

CVE-2017-13185

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.

9.1CVSS7.1AI score0.00128EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.36 views

CVE-2017-13206

An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.

7.5CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.36 views

CVE-2017-13235

A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.

6.5CVSS6.3AI score0.00112EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.36 views

CVE-2017-13243

A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.

7.5CVSS6.5AI score0.00103EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.36 views

CVE-2017-18660

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in tlc_server. The Samsung ID is SVE-2017-8888 (July 2017).

9.8CVSS9.7AI score0.00159EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.36 views

CVE-2017-18661

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in process_cipher_tdea. The Samsung ID is SVE-2017-8973 (July 2017).

9.8CVSS9.7AI score0.00159EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.36 views

CVE-2017-18667

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017).

5CVSS4.8AI score0.00097EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.36 views

CVE-2018-21042

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Dual Messenger allows installation of an arbitrary APK with resultant privileged code execution. The Samsung ID is SVE-2018-13299 (December 2018).

9.8CVSS9.6AI score0.00164EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.36 views

CVE-2018-21069

An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018).

7.5CVSS7.1AI score0.00123EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.36 views

CVE-2018-9361

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

7.8CVSS6.9AI score0.016EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.36 views

CVE-2018-9452

In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges neede...

5.5CVSS5.5AI score0.00392EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.36 views

CVE-2018-9455

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Andr...

7.8CVSS6.6AI score0.05327EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.36 views

CVE-2018-9491

In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: An...

9.3CVSS7.9AI score0.0034EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9541

In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andro...

7.5CVSS7.2AI score0.00386EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9542

In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0...

7.5CVSS7.2AI score0.00386EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9543

In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. V...

5.5CVSS5.6AI score0.0004EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.36 views

CVE-2018-9584

In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. ...

7.8CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.36 views

CVE-2018-9592

In mca_ccb_hdl_rsp of mca_cact.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interac...

7.5CVSS5.7AI score0.00386EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.36 views

CVE-2018-9594

In llcp_link_proc_agf_pdu of llcp_link.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure over NFC with no additional execution privileges needed....

6.5CVSS5.3AI score0.00049EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.36 views

CVE-2019-20574

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Wi-Fi history Content Provider. The Samsung ID is SVE-2019-14061 (August 2019).

7.8CVSS8AI score0.00037EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.36 views

CVE-2019-20599

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Voice Assistant mishandles the notification audibility of a secured app. The Samsung ID is SVE-2018-13326 (May 2019).

7.5CVSS7.6AI score0.00081EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.36 views

CVE-2019-2131

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Androi...

9.3CVSS7.6AI score0.0004EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.35 views

CVE-2017-0471

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.35 views

CVE-2017-0554

An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible ...

7.8CVSS7.5AI score0.00762EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.35 views

CVE-2017-0853

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644.

9.1CVSS7AI score0.00122EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.35 views

CVE-2017-13189

A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.

7.8CVSS7.1AI score0.00152EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.35 views

CVE-2017-13198

A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.

7.8CVSS7.1AI score0.0013EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.35 views

CVE-2017-18677

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Because of an unprotected Intent, an attacker can reset the configuration of certain applications. The Samsung ID is SVE-2016-7142 (April 2017).

7.5CVSS7.6AI score0.00081EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.35 views

CVE-2018-21044

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software. The sem Trustlet has a buffer overflow that leads to arbitrary TEE code execution. The Samsung IDs are SVE-2018-13230, SVE-2018-13231, SVE-2018-13232, SVE-2018-13233 (December 2018).

9.8CVSS9.8AI score0.00222EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.35 views

CVE-2018-21065

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018).

9.8CVSS9.3AI score0.00147EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.35 views

CVE-2018-21073

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018).

2.4CVSS4.2AI score0.00018EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.35 views

CVE-2018-9503

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7...

7.8CVSS7AI score0.00904EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.35 views

CVE-2018-9554

In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Ve...

5.5CVSS5.4AI score0.0002EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.35 views

CVE-2019-20601

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).

7.5CVSS7.8AI score0.00092EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.35 views

CVE-2019-20608

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. An attacker can use Emergency mode to disable features. The Samsung IDs are SVE-2018-13164, SVE-2018-13165 (April 2019).

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.35 views

CVE-2019-20612

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Broadcom Wi-Fi, and SEC Wi-Fi chipsets) software. Wi-Fi allows a denial of service via TCP SYN packets. The Samsung ID is SVE-2018-13162 (March 2019).

7.5CVSS7.5AI score0.00113EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.35 views

CVE-2019-20623

An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. Gallery has uninitialized memory disclosure. The Samsung ID is SVE-2018-13060 (February 2019).

3.3CVSS4.3AI score0.00019EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.35 views

CVE-2019-2122

In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is ne...

7.3CVSS7.2AI score0.00013EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.35 views

CVE-2019-2125

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exp...

7.3CVSS7.2AI score0.00014EPSS
Total number of security vulnerabilities676