android vulnerabilities and exploits

6.8
CVSSv2
CVE-2009-0475

Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption....

7.2
CVSSv2
CVE-2009-0608

Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines....

5.8
CVSSv2
CVE-2014-1969

Directory traversal vulnerability in the apps4u@android SD Card Manager application before 20140224 for Android allows attackers to overwrite or create arbitrary files via a crafted filename....

5.8
CVSSv2
CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict...

7.2
CVSSv2
CVE-2017-14904

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer....

GoogleAndroid
4.6
CVSSv2
CVE-2018-9465

In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:...

GoogleAndroid
4.3
CVSSv2
CVE-2016-10335

In all Android releases from CAF using the Linux kernel, libtomcrypt was updated....

9.3
CVSSv2
CVE-2016-8422

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may...

GoogleAndroid
7.2
CVSSv2
CVE-2018-11261

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a possible Use-after-free issue in Media Codec process. Any application using codec service will be affected....

GoogleAndroid
7.5
CVSSv2
CVE-2016-3742

decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28165659....