Lucene search

K
GoogleAndroid7.1.1

676 matches found

CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9440

In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.6AI score0.00037EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9456

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.7AI score0.00253EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.42 views

CVE-2018-9552

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

5.5CVSS5.4AI score0.00116EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9585

In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U...

7.8CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9588

In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileg...

6.5CVSS5.5AI score0.00164EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.42 views

CVE-2019-2031

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Andro...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.42 views

CVE-2019-20610

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).

9.3CVSS8.2AI score0.00151EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0469

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0474

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.02868EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0476

A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process...

7.8CVSS7.5AI score0.00321EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0479

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00064EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0491

An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: An...

5.5CVSS5.4AI score0.00072EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.41 views

CVE-2017-0495

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1...

5.5CVSS4.9AI score0.00125EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0538

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaser...

9.3CVSS7.7AI score0.00264EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0544

An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. An...

9.3CVSS7.8AI score0.00067EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0551

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A...

7.1CVSS5.7AI score0.00197EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0558

An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1,...

5.5CVSS5.2AI score0.00112EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.41 views

CVE-2017-0559

An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0...

5.5CVSS5.2AI score0.00109EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.41 views

CVE-2017-0639

An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other application...

5.5CVSS4.8AI score0.00109EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.41 views

CVE-2017-0689

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.41 views

CVE-2017-0696

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.41 views

CVE-2017-0727

A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.

7.8CVSS7.4AI score0.00041EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.41 views

CVE-2017-0732

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.

7.8CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.41 views

CVE-2017-0771

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.41 views

CVE-2017-0835

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.

9.3CVSS7.7AI score0.0096EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.41 views

CVE-2017-0836

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

9.3CVSS7.7AI score0.0096EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-0846

An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

7.5CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13150

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.

9.1CVSS8.2AI score0.00122EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13152

An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.

7.5CVSS7AI score0.00117EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13154

An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.

7.8CVSS7.5AI score0.00014EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13159

An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.

7.8CVSS6.9AI score0.00106EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

9.1CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13234

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13242

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

7.5CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.41 views

CVE-2017-13259

In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1,...

7.5CVSS7AI score0.00862EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.41 views

CVE-2017-13276

In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, ...

7.8CVSS8.1AI score0.01912EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.41 views

CVE-2017-13315

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not ...

7.8CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.41 views

CVE-2017-18649

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 (November 2017).

7.2CVSS7AI score0.00058EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.41 views

CVE-2018-21050

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).

10CVSS9.8AI score0.00231EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.41 views

CVE-2018-21082

An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).

8.4CVSS8.3AI score0.00017EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.41 views

CVE-2018-9340

In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.

7.5CVSS6.2AI score0.00033EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9356

In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0...

10CVSS8.8AI score0.19616EPSS
CVE
CVE
added 2024/11/19 9:15 p.m.41 views

CVE-2018-9365

In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7.5AI score0.00131EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9446

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

10CVSS8.2AI score0.00977EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

8.8CVSS7.4AI score0.05321EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.41 views

CVE-2018-9587

In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no ...

7.3CVSS6.1AI score0.00022EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.41 views

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges ne...

5.5CVSS5.4AI score0.00024EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.41 views

CVE-2019-20546

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).

6.5CVSS6.5AI score0.00031EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.41 views

CVE-2019-20593

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

5.3CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2017/03/08 1:59 a.m.40 views

CVE-2017-0483

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Andr...

7.1CVSS5.4AI score0.00284EPSS
Total number of security vulnerabilities676