Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5888 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
CVE-2018-5887 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
CVE-2018-5865 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. | |||||
CVE-2018-5872 | 1 Google | 1 Android | 2018-08-27 | 8.3 HIGH | 8.0 HIGH |
While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. | |||||
CVE-2018-5836 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. | |||||
CVE-2018-5859 | 1 Google | 1 Android | 2018-08-27 | 4.4 MEDIUM | 7.0 HIGH |
Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. | |||||
CVE-2018-3570 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference. | |||||
CVE-2017-18158 | 1 Google | 1 Android | 2018-08-27 | 7.2 HIGH | 7.8 HIGH |
Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05 while flashing images. | |||||
CVE-2017-15851 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
Lack of copy_from_user and information leak in function "msm_ois_subdev_do_ioctl, file msm_ois.c can lead to a camera crash in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel | |||||
CVE-2017-15856 | 1 Google | 1 Android | 2018-08-27 | 4.4 MEDIUM | 7.0 HIGH |
Due to a race condition while processing the power stats debug file to read status, a double free condition can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
CVE-2017-14893 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
CVE-2017-14872 | 1 Google | 1 Android | 2018-08-27 | 2.1 LOW | 5.5 MEDIUM |
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. | |||||
CVE-2017-5395 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-14 | 4.3 MEDIUM | 4.3 MEDIUM |
Malicious sites can display a spoofed location bar on a subsequently loaded page when the existing location bar on the new page is scrolled out of view if navigations between pages can be timed correctly. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
CVE-2014-7920 | 1 Google | 1 Android | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | |||||
CVE-2014-7921 | 1 Google | 1 Android | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||||
CVE-2017-7770 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-13 | 4.3 MEDIUM | 5.9 MEDIUM |
A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 54. | |||||
CVE-2017-5463 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-09 | 5.0 MEDIUM | 5.3 MEDIUM |
Android intents can be used to launch Firefox for Android in reader mode with a user specified URL. This allows an attacker to spoof the contents of the addressbar as displayed to users. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 53. | |||||
CVE-2018-5138 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59. | |||||
CVE-2017-5394 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-07 | 6.8 MEDIUM | 8.8 HIGH |
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
CVE-2017-5392 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. |