Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-13247 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645. | |||||
CVE-2017-0390 | 1 Google | 1 Android | 2019-10-02 | 7.1 HIGH | 5.5 MEDIUM |
A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370. | |||||
CVE-2017-13252 | 1 Google | 1 Android | 2019-10-02 | 9.3 HIGH | 7.8 HIGH |
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702. | |||||
CVE-2017-13254 | 1 Google | 1 Android | 2019-10-02 | 7.8 HIGH | 7.5 HIGH |
A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507. | |||||
CVE-2017-13263 | 1 Google | 1 Android | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160. | |||||
CVE-2017-13265 | 1 Google | 1 Android | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423. | |||||
CVE-2017-13270 | 1 Google | 1 Android | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744. | |||||
CVE-2017-13271 | 1 Google | 1 Android | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799. | |||||
CVE-2017-13273 | 1 Google | 1 Android | 2019-10-02 | 6.9 MEDIUM | 7.0 HIGH |
In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158. | |||||
CVE-2017-0435 | 2 Google, Linux | 2 Android, Linux Kernel | 2019-10-02 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000. | |||||
CVE-2017-13279 | 1 Google | 1 Android | 2019-10-02 | 4.3 MEDIUM | 5.5 MEDIUM |
In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439. | |||||
CVE-2017-13305 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2019-10-02 | 3.6 LOW | 7.1 HIGH |
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. | |||||
CVE-2017-13306 | 1 Google | 1 Android | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063. | |||||
CVE-2017-13307 | 1 Google | 1 Android | 2019-10-02 | 7.5 HIGH | 7.3 HIGH |
A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924. | |||||
CVE-2017-14880 | 1 Google | 1 Android | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "num_q6_rule" does not have a mutex lock and thus can be accessed and modified by multiple threads. | |||||
CVE-2017-14895 | 1 Google | 1 Android | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information. | |||||
CVE-2017-14903 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. | |||||
CVE-2017-14904 | 1 Google | 1 Android | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer. | |||||
CVE-2017-14905 | 1 Google | 1 Android | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. | |||||
CVE-2017-14907 | 1 Google | 1 Android | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key. |