Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2494 | Hig | 0.54 | 7.8 | 0.02 | Jun 13, 2016 | Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug… | ||
| CVE-2015-6639 | Hig | 0.54 | 7.8 | 0.07 | Jan 6, 2016 | The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||
| CVE-2023-40077 | Hig | 0.53 | 8.1 | 0.08 | Dec 4, 2023 | In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2014-7914 | Hig | 0.53 | 8.1 | 0.00 | Feb 21, 2020 | btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | ||
| CVE-2016-10439 | Hig | 0.53 | 8.1 | 0.01 | Apr 18, 2018 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer… | ||
| CVE-2016-10432 | Hig | 0.53 | 8.1 | 0.01 | Apr 18, 2018 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to… | ||
| CVE-2016-10409 | Hig | 0.53 | 8.1 | 0.01 | Apr 18, 2018 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled… | ||
| CVE-2017-9685 | Hig | 0.53 | 8.1 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition. | ||
| CVE-2016-10383 | Hig | 0.53 | 8.1 | 0.01 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | ||
| CVE-2016-3851 | Hig | 0.53 | 8.1 | 0.01 | Aug 5, 2016 | The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. | ||
| CVE-2016-2409 | Hig | 0.53 | 8.1 | 0.01 | Apr 18, 2016 | A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. | ||
| CVE-2026-0097 | Hig | 0.52 | 8.0 | 0.00 | Jun 1, 2026 | In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2026-0095 | Hig | 0.52 | 8.0 | 0.00 | Jun 1, 2026 | In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction… | ||
| CVE-2026-0059 | Hig | 0.52 | 8.0 | 0.00 | Jun 1, 2026 | In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2021-0433 | Hig | 0.52 | 8.0 | 0.01 | Apr 13, 2021 | In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges… | ||
| CVE-2015-9222 | Hig | 0.52 | 7.5 | 0.04 | Apr 18, 2018 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630,… | ||
| CVE-2017-13261 | Hig | 0.52 | 7.5 | 0.07 | Apr 4, 2018 | In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | ||
| CVE-2017-13260 | Hig | 0.52 | 7.5 | 0.08 | Apr 4, 2018 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13258 | Hig | 0.52 | 7.5 | 0.07 | Apr 4, 2018 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2014-0997 | Hig | 0.52 | 7.5 | 0.06 | Sep 26, 2017 | WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not… |
- risk 0.54cvss 7.8epss 0.02
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug…
- risk 0.54cvss 7.8epss 0.07
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
- risk 0.53cvss 8.1epss 0.08
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.53cvss 8.1epss 0.00
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
- risk 0.53cvss 8.1epss 0.01
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board_read syscall. A pointer…
- risk 0.53cvss 8.1epss 0.01
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to…
- risk 0.53cvss 8.1epss 0.01
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled…
- risk 0.53cvss 8.1epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
- risk 0.53cvss 8.1epss 0.01
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
- risk 0.53cvss 8.1epss 0.01
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
- risk 0.53cvss 8.1epss 0.01
A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.
- risk 0.52cvss 8.0epss 0.00
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.52cvss 8.0epss 0.00
In l2c_fcr_clone_buf of l2c_fcr.cc, there is a possible way to trigger controlled heap corruption within the privileged Bluetooth process due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- risk 0.52cvss 8.0epss 0.00
In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for…
- risk 0.52cvss 8.0epss 0.01
In onCreate of DeviceChooserActivity.java, there is a possible way to bypass user consent when pairing a Bluetooth device due to a tapjacking/overlay attack. This could lead to local escalation of privilege and pairing malicious devices with no additional execution privileges…
- risk 0.52cvss 7.5epss 0.04
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630,…
- risk 0.52cvss 7.5epss 0.07
In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- risk 0.52cvss 7.5epss 0.08
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.52cvss 7.5epss 0.07
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.52cvss 7.5epss 0.06
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not…
Page 26 of 203