NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2014-9950 | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | 7.8 | 0.44% | 2017-06-06 | 2026-06-16 |
| CVE-2014-9951 | In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | 5.5 | 0.41% | 2017-06-06 | 2026-06-16 |
| CVE-2014-9952 | In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | 7.8 | 0.44% | 2017-06-06 | 2026-06-16 |
| CVE-2014-9953 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2014-9954 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2014-9955 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2014-9956 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2014-9957 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2014-9958 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2014-9959 | An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. | 9.8 | 1.13% | 2018-04-04 | 2026-06-16 |
| CVE-2015-3823 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | 10.0 | 2.20% | 2015-10-06 | 2026-06-16 |
| CVE-2015-3824 | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. | 10.0 | 90.48% | 2015-09-30 | 2026-06-16 |
| CVE-2015-3825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3837. Reason: This candidate is a reservation duplicate of CVE-2015-3837. Notes: All CVE users should reference CVE-2015-3837 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.26% | 2016-02-18 | 2023-11-06 |
| CVE-2015-3826 | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to cause a denial of service (integer underflow, buffer over-read, and mediaserver process crash) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3828. | 5.0 | 73.57% | 2015-09-30 | 2026-06-16 |
| CVE-2015-3827 | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261. | 9.3 | 81.14% | 2015-09-30 | 2026-06-16 |
| CVE-2015-3828 | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. | 10.0 | 85.38% | 2015-09-30 | 2026-06-16 |
| CVE-2015-3829 | Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. | 10.0 | 89.78% | 2015-09-30 | 2026-06-16 |
| CVE-2015-3830 | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | 6.5 | 0.47% | 2017-06-06 | 2026-06-16 |
| CVE-2015-3831 | Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 19400722. | 9.3 | 1.46% | 2015-09-30 | 2026-06-16 |
| CVE-2015-3832 | Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. | 10.0 | 2.88% | 2015-09-30 | 2026-06-16 |