Android SDK
by Google
CVEs (1,763)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9465 | 0.00 | — | 0.00 | Nov 6, 2018 | In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9454 | 0.00 | — | 0.00 | Nov 6, 2018 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9453 | 0.00 | — | 0.00 | Nov 6, 2018 | In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9362 | 0.00 | — | 0.02 | Nov 6, 2018 | In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2018-9458 | 0.00 | — | 0.01 | Nov 6, 2018 | In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no… | |||
| CVE-2018-9356 | 0.00 | — | 0.03 | Nov 6, 2018 | In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0… | |||
| CVE-2018-9359 | 0.00 | — | 0.02 | Nov 6, 2018 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9451 | 0.00 | — | 0.00 | Nov 6, 2018 | In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2018-9438 | 0.00 | — | 0.00 | Nov 6, 2018 | When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation.… | |||
| CVE-2018-9446 | 0.00 | — | 0.02 | Nov 6, 2018 | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9455 | 0.00 | — | 0.02 | Nov 6, 2018 | In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2018-9516 | 0.00 | — | 0.00 | Nov 6, 2018 | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2018-9361 | 0.00 | — | 0.02 | Nov 6, 2018 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9360 | 0.00 | — | 0.02 | Nov 6, 2018 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2015-6633 | 0.00 | — | 0.02 | Dec 8, 2015 | The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307. | |||
| CVE-2015-3842 | 0.00 | — | 0.01 | Oct 1, 2015 | Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516. | |||
| CVE-2015-3837 | 0.00 | — | 0.01 | Oct 1, 2015 | The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a… | |||
| CVE-2015-3833 | 0.00 | — | 0.01 | Oct 1, 2015 | The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted… | |||
| CVE-2013-2300 | 0.00 | — | 0.01 | Mar 27, 2013 | The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||
| CVE-2011-1001 | 0.00 | — | 0.01 | Jul 8, 2011 | dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more… |
- CVE-2018-9465Nov 6, 2018risk 0.00cvss —epss 0.00
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9454Nov 6, 2018risk 0.00cvss —epss 0.00
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9453Nov 6, 2018risk 0.00cvss —epss 0.00
In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9362Nov 6, 2018risk 0.00cvss —epss 0.02
In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2018-9458Nov 6, 2018risk 0.00cvss —epss 0.01
In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no…
- CVE-2018-9356Nov 6, 2018risk 0.00cvss —epss 0.03
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0…
- CVE-2018-9359Nov 6, 2018risk 0.00cvss —epss 0.02
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9451Nov 6, 2018risk 0.00cvss —epss 0.00
In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2018-9438Nov 6, 2018risk 0.00cvss —epss 0.00
When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation.…
- CVE-2018-9446Nov 6, 2018risk 0.00cvss —epss 0.02
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9455Nov 6, 2018risk 0.00cvss —epss 0.02
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2018-9516Nov 6, 2018risk 0.00cvss —epss 0.00
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2018-9361Nov 6, 2018risk 0.00cvss —epss 0.02
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9360Nov 6, 2018risk 0.00cvss —epss 0.02
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2015-6633Dec 8, 2015risk 0.00cvss —epss 0.02
The display drivers in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23987307.
- CVE-2015-3842Oct 1, 2015risk 0.00cvss —epss 0.01
Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
- CVE-2015-3837Oct 1, 2015risk 0.00cvss —epss 0.01
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a…
- CVE-2015-3833Oct 1, 2015risk 0.00cvss —epss 0.01
The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted…
- CVE-2013-2300Mar 27, 2013risk 0.00cvss —epss 0.01
The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
- CVE-2011-1001Jul 8, 2011risk 0.00cvss —epss 0.01
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more…
Page 88 of 89