Android
by Google
CVEs (4,715)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13259 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2018 | In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | ||
| CVE-2017-13254 | Hig | 0.49 | 7.5 | 0.00 | Apr 4, 2018 | A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507. | ||
| CVE-2017-13302 | Hig | 0.49 | 7.5 | 0.00 | Apr 4, 2018 | A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749. | ||
| CVE-2017-13301 | Hig | 0.49 | 7.5 | 0.00 | Apr 4, 2018 | A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711. | ||
| CVE-2017-13300 | Hig | 0.49 | 7.5 | 0.00 | Apr 4, 2018 | A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394. | ||
| CVE-2017-13299 | Hig | 0.49 | 7.5 | 0.00 | Apr 4, 2018 | A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. | ||
| CVE-2017-13291 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2018 | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | ||
| CVE-2017-13280 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2018 | In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.… | ||
| CVE-2017-11087 | Hig | 0.49 | 7.5 | 0.01 | Mar 30, 2018 | libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver. | ||
| CVE-2017-18060 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory… | ||
| CVE-2017-18057 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read. | ||
| CVE-2017-18052 | Hig | 0.49 | 7.5 | 0.01 | Mar 16, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from… | ||
| CVE-2017-18069 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread. | ||
| CVE-2017-14878 | Hig | 0.49 | 7.5 | 0.01 | Mar 15, 2018 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service. | ||
| CVE-2017-13246 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469. | ||
| CVE-2017-13243 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991. | ||
| CVE-2017-13242 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248. | ||
| CVE-2017-13241 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651. | ||
| CVE-2017-13240 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819. | ||
| CVE-2017-13239 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2018 | A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132. |
- risk 0.49cvss 7.5epss 0.01
In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- risk 0.49cvss 7.5epss 0.00
A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.
- risk 0.49cvss 7.5epss 0.00
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749.
- risk 0.49cvss 7.5epss 0.00
A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711.
- risk 0.49cvss 7.5epss 0.00
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394.
- risk 0.49cvss 7.5epss 0.00
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394.
- risk 0.49cvss 7.5epss 0.01
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- risk 0.49cvss 7.5epss 0.01
In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.…
- risk 0.49cvss 7.5epss 0.01
libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the "filled length", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory…
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from…
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.
- risk 0.49cvss 7.5epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.
- risk 0.49cvss 7.5epss 0.00
A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.
Page 121 of 236