Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2024

2023

2022

2021

2020

CVE-2020-0021 (v3: 6.5) 13 Feb 2020
In removeUnusedPackagesLPw of PackageManagerService.java, there is a possible permanent denial-of-service due to a missing package dependency test. This could lead to remote denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141413692

2019

CVE-2019-20602 (v3: 7.5) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019).
CVE-2019-20603 (v3: 7.5) 24 Mar 2020
An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The ESECOMM Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13950 (May 2019).
CVE-2019-9279 (v3: 7.5) 27 Sep 2019
In the wifi hotspot service, there is a possible denial of service due to a null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110476382
CVE-2019-9400 (v3: 7.5) 27 Sep 2019
In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115509589
CVE-2019-9430 (v3: 7.5) 27 Sep 2019
In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296

2018

CVE-2018-11904 (v3: 7.8) 19 Sep 2018
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer.
CVE-2018-3570 (v3: 7.8) 6 Jul 2018
In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference.
CVE-2018-3563 (v3: 7.8) 3 Apr 2018
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, untrusted pointer dereference in apr_cb_func can lead to an arbitrary code execution.

2017

CVE-2017-18658 (v3: 5.3) 7 Apr 2020
An issue was discovered on Samsung mobile devices with M(6.0) software. The multiwindow_facade API allows attackers to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 (August 2017).
CVE-2017-18664 (v3: 7.5) 7 Apr 2020
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. There is a NULL pointer exception in PersonManager, causing memory corruption. The Samsung ID is SVE-2017-8286 (June 2017).
CVE-2017-18665 (v3: 8.8) 7 Apr 2020
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a NULL pointer exception in WifiService via adb-cmd, causing memory corruption. The Samsung ID is SVE-2017-8287 (June 2017).
CVE-2017-13291 (v3: 7.5) 4 Apr 2018
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553.
CVE-2017-17770 (v3: 7.8) 3 Apr 2018
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.
CVE-2017-9692 (v3: 7.8) 30 Mar 2018
When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-03, a NULL pointer dereference may potentially occur.
CVE-2017-15846 (v3: 7.8) 30 Mar 2018
In the video_ioctl2() function in the camera driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-16, an untrusted pointer dereference may potentially occur.
CVE-2017-13235 (v3: 6.5) 12 Feb 2018
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
CVE-2017-11063 (v3: 5.9) 10 Oct 2017
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, as a result of a race condition between two userspace processes that interact with the driver concurrently, a null pointer dereference can potentially occur.
CVE-2017-0686 (v3: 5.5) 6 Jul 2017
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.
CVE-2017-0635 (v3: 5.5) 12 May 2017
A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.
CVE-2017-0546 (v3: 7.8) 7 Apr 2017
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763.

2016

CVE-2016-11039 (v3: 7.5) 7 Apr 2020
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016).
CVE-2016-10344 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
CVE-2016-6692 (v3: 9.8) 10 Oct 2016
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.
CVE-2016-3821 (v3: 9.8) 5 Aug 2016
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.

2015

CVE-2015-9072 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
CVE-2015-9073 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
CVE-2015-8592 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
CVE-2015-9038 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.
CVE-2015-9043 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.
CVE-2015-9054 (v3: 9.8) 18 Aug 2017
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.
CVE-2015-3839 (v3: 5.5) 7 Aug 2017
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
CVE-2015-9020 (v3: 7.8) 13 Jun 2017
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.
CVE-2015-9026 (v3: 7.8) 13 Jun 2017
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
CVE-2015-9027 (v3: 7.8) 13 Jun 2017
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
CVE-2015-9000 (v3: 7.8) 16 May 2017
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.