Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13272 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13266 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13292 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13285 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed… | ||
| CVE-2017-13284 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2017-13283 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.… | ||
| CVE-2017-13282 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | ||
| CVE-2017-13281 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | ||
| CVE-2017-13274 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2018 | In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13267 | Cri | 0.64 | 9.8 | 0.02 | Apr 4, 2018 | In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | ||
| CVE-2017-14883 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2018 | In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using… | ||
| CVE-2017-14881 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2018 | While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur. | ||
| CVE-2017-14877 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2018 | While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd… | ||
| CVE-2017-14915 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. | ||
| CVE-2017-14913 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. | ||
| CVE-2017-14912 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in… | ||
| CVE-2017-14911 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of… | ||
| CVE-2017-14906 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs. | ||
| CVE-2017-11010 | Cri | 0.64 | 9.8 | 0.01 | Mar 30, 2018 | In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected. | ||
| CVE-2014-4959 | Cri | 0.64 | 9.8 | 0.02 | Mar 27, 2018 | **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. |
- risk 0.64cvss 9.8epss 0.02
In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.64cvss 9.8epss 0.02
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.64cvss 9.8epss 0.02
In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.64cvss 9.8epss 0.02
In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed…
- risk 0.64cvss 9.8epss 0.02
In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.64cvss 9.8epss 0.02
In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.…
- risk 0.64cvss 9.8epss 0.02
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- risk 0.64cvss 9.8epss 0.02
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- risk 0.64cvss 9.8epss 0.01
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.64cvss 9.8epss 0.02
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- risk 0.64cvss 9.8epss 0.01
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using…
- risk 0.64cvss 9.8epss 0.01
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.
- risk 0.64cvss 9.8epss 0.01
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd…
- risk 0.64cvss 9.8epss 0.02
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition.
- risk 0.64cvss 9.8epss 0.02
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated.
- risk 0.64cvss 9.8epss 0.02
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in…
- risk 0.64cvss 9.8epss 0.02
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of…
- risk 0.64cvss 9.8epss 0.01
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.
- risk 0.64cvss 9.8epss 0.01
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected.
- risk 0.64cvss 9.8epss 0.02
**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.
Page 7 of 203