Total
7761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0869 | 1 Google | 1 Android | 2018-02-01 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869. | |||||
| CVE-2017-0846 | 1 Google | 1 Android | 2018-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810. | |||||
| CVE-2017-13216 | 1 Google | 1 Android | 2018-01-30 | 7.2 HIGH | 7.8 HIGH |
| In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097. | |||||
| CVE-2017-13217 | 1 Google | 1 Android | 2018-01-30 | 7.2 HIGH | 7.8 HIGH |
| In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077. | |||||
| CVE-2017-13210 | 1 Google | 1 Android | 2018-01-30 | 7.2 HIGH | 7.8 HIGH |
| In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345. | |||||
| CVE-2017-11066 | 1 Google | 1 Android | 2018-01-29 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. | |||||
| CVE-2017-15849 | 1 Google | 1 Android | 2018-01-29 | 9.3 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition. | |||||
| CVE-2017-11069 | 1 Google | 1 Android | 2018-01-29 | 9.3 HIGH | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow. | |||||
| CVE-2017-13176 | 1 Google | 1 Android | 2018-01-29 | 9.3 HIGH | 8.8 HIGH |
| In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964. | |||||
| CVE-2017-13207 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426. | |||||
| CVE-2017-13205 | 1 Google | 1 Android | 2018-01-26 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583. | |||||
| CVE-2017-13200 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. | |||||
| CVE-2017-13187 | 1 Google | 1 Android | 2018-01-26 | 8.5 HIGH | 9.1 CRITICAL |
| An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175. | |||||
| CVE-2017-11079 | 1 Google | 1 Android | 2018-01-26 | 7.5 HIGH | 9.8 CRITICAL |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size. | |||||
| CVE-2017-14869 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. | |||||
| CVE-2017-14870 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. | |||||
| CVE-2017-14873 | 1 Google | 1 Android | 2018-01-26 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur. | |||||
| CVE-2017-15847 | 1 Google | 1 Android | 2018-01-26 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. | |||||
| CVE-2017-15848 | 1 Google | 1 Android | 2018-01-26 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist. | |||||
| CVE-2017-15850 | 1 Google | 1 Android | 2018-01-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. | |||||