Lucene search

K

805 matches found

CVE
CVE
added 2024/12/02 9:15 p.m.42 views

CVE-2018-9376

In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.5AI score0.00009EPSS
CVE
CVE
added 2024/11/19 8:15 p.m.42 views

CVE-2018-9409

In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.00022EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.42 views

CVE-2018-9420

In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.2AI score0.00011EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.42 views

CVE-2018-9424

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS7.1AI score0.00011EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9440

In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.6AI score0.00036EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9456

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.7AI score0.00305EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.42 views

CVE-2018-9539

In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-...

7CVSS7.5AI score0.00173EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.42 views

CVE-2018-9552

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

5.5CVSS5.4AI score0.00116EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9585

In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U...

7.8CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9588

In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileg...

6.5CVSS5.5AI score0.00164EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.42 views

CVE-2019-2031

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Andro...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.42 views

CVE-2019-20610

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).

9.3CVSS8.2AI score0.00151EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.42 views

CVE-2019-20776

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).

5.5CVSS5.5AI score0.00016EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.42 views

CVE-2019-20784

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).

5.5CVSS5.6AI score0.00018EPSS
CVE
CVE
added 2019/11/13 6:15 p.m.42 views

CVE-2019-2207

In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 An...

7.8CVSS7.7AI score0.00034EPSS
CVE
CVE
added 2020/05/14 9:15 p.m.42 views

CVE-2020-0024

In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android...

7.8CVSS7.6AI score0.00013EPSS
CVE
CVE
added 2020/05/14 9:15 p.m.42 views

CVE-2020-0098

In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2020/06/10 6:15 p.m.42 views

CVE-2020-0115

In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitat...

7.8CVSS7.7AI score0.00012EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-0846

An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

7.5CVSS6.8AI score0.00117EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

9.1CVSS7.1AI score0.00102EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13234

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13242

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

7.5CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.41 views

CVE-2017-13259

In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1,...

7.5CVSS7AI score0.00862EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.41 views

CVE-2017-13263

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.

7.5CVSS7AI score0.00102EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.41 views

CVE-2017-13276

In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, ...

7.8CVSS8.1AI score0.01912EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.41 views

CVE-2017-13286

In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interac...

7.8CVSS7.7AI score0.00013EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.41 views

CVE-2017-13315

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not ...

7.8CVSS6.7AI score0.00013EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.41 views

CVE-2018-21050

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).

10CVSS9.8AI score0.00231EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.41 views

CVE-2018-9340

In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.

7.5CVSS6.2AI score0.00041EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9356

In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0...

10CVSS8.8AI score0.19616EPSS
CVE
CVE
added 2024/11/19 9:15 p.m.41 views

CVE-2018-9365

In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7.5AI score0.00176EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.41 views

CVE-2018-9428

In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/...

8.4CVSS7.5AI score0.00009EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9446

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

10CVSS8.2AI score0.00977EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

8.8CVSS7.4AI score0.05321EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.41 views

CVE-2018-9587

In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no ...

7.3CVSS6.1AI score0.00022EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.41 views

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges ne...

5.5CVSS5.4AI score0.00024EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.41 views

CVE-2019-20546

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).

6.5CVSS6.5AI score0.00031EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.41 views

CVE-2019-20593

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks Private Mode thumbnails. The Samsung ID is SVE-2019-14208 (July 2019).

5.3CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2020/04/17 2:15 p.m.41 views

CVE-2019-20783

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (North America CDMA) software. The LTE protocol implementation allows a bypass of AKA (Authentication and Key Agreement). The LG ID is LVE-SMP-180014 (February 2019).

9.1CVSS9AI score0.00139EPSS
CVE
CVE
added 2020/02/13 3:15 p.m.41 views

CVE-2020-0015

In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions...

7.8CVSS7.7AI score0.00028EPSS
CVE
CVE
added 2020/02/13 3:15 p.m.41 views

CVE-2020-0017

In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0...

4.4CVSS4.4AI score0.00034EPSS
CVE
CVE
added 2020/05/14 9:15 p.m.41 views

CVE-2020-0101

In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 An...

5.5CVSS5AI score0.00017EPSS
CVE
CVE
added 2020/08/31 9:15 p.m.41 views

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).

7.5CVSS7.5AI score0.00092EPSS
CVE
CVE
added 2021/02/04 7:15 p.m.41 views

CVE-2021-0351

In wlan driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11; Pa...

7.8CVSS7.4AI score0.00704EPSS
CVE
CVE
added 2021/06/11 3:15 p.m.41 views

CVE-2021-25387

An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

10CVSS9.6AI score0.00187EPSS
CVE
CVE
added 2021/09/09 7:15 p.m.41 views

CVE-2021-25461

An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

7.8CVSS7.5AI score0.00032EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.40 views

CVE-2017-13193

In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is...

7.8CVSS7.3AI score0.03008EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.40 views

CVE-2017-13268

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.

4.3CVSS4.2AI score0.00029EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.40 views

CVE-2017-13278

In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, ...

7.8CVSS7.6AI score0.00101EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.40 views

CVE-2017-13284

In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android....

10CVSS8.6AI score0.01232EPSS
Total number of security vulnerabilities805