VYPR

Android

by Google

CVEs (4,041)

  • CVE-2016-0844HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    The Qualcomm RF driver in Android 6.x before 2016-04-01 does not properly restrict access to socket ioctl calls, which allows attackers to gain privileges via a crafted application, aka internal bug 26324307.

  • CVE-2016-0843HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.00

    The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197.

  • CVE-2016-0842HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 mishandles Memory Management Control Operation (MMCO) data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug…

  • CVE-2016-0840HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c in mediaserver in Android 6.x before 2016-04-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26399350.

  • CVE-2016-0834HigApr 18, 2016
    risk 0.55cvss 8.4epss 0.02

    An unspecified media codec in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26220548.

  • CVE-2016-0807HigFeb 7, 2016
    risk 0.55cvss 8.4epss 0.00

    The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.

  • CVE-2016-0806HigFeb 7, 2016
    risk 0.55cvss 8.4epss 0.00

    The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.

  • CVE-2016-0805HigFeb 7, 2016
    risk 0.55cvss 8.4epss 0.00

    The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.

  • CVE-2019-2023HigJun 19, 2019
    risk 0.54cvss 7.8epss 0.00

    In ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller. This could allow an app to add or replace a HAL service with its own service, gaining code execution in a privileged process.Product:…

  • CVE-2018-9488HigNov 6, 2018
    risk 0.54cvss 7.8epss 0.00

    In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. This could lead to a local escalation of privilege, with System privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0…

  • CVE-2018-9515HigOct 2, 2018
    risk 0.54cvss 7.8epss 0.01

    In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…

  • CVE-2017-13253HigApr 4, 2018
    risk 0.54cvss 7.8epss 0.03

    In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…

  • CVE-2017-13236HigFeb 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1.…

  • CVE-2017-13216HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not…

  • CVE-2017-13209HigJan 12, 2018
    risk 0.54cvss 7.8epss 0.01

    In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege…

  • CVE-2016-10277HigMay 12, 2017
    risk 0.54cvss 7.8epss 0.09

    An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2017-0412HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2017-0411HigFeb 8, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6772HigJan 12, 2017
    risk 0.54cvss 7.8epss 0.03

    An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-6707HigNov 25, 2016
    risk 0.54cvss 7.8epss 0.04

    An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be…

Page 25 of 203