Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7759 | 2 Google, Mozilla | 2 Android, Firefox | 2018-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local "file:" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54. | |||||
| CVE-2018-3582 | 1 Google | 1 Android | 2018-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5863 | 1 Google | 1 Android | 2018-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-5860 | 1 Google | 1 Android | 2018-08-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly. | |||||
| CVE-2018-5857 | 1 Google | 1 Android | 2018-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-5847 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5851 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5843 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure. | |||||
| CVE-2018-5844 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5849 | 1 Google | 1 Android | 2018-08-03 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur. | |||||
| CVE-2018-5842 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-3581 | 1 Google | 1 Android | 2018-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid. | |||||
| CVE-2018-3572 | 1 Google | 1 Android | 2018-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-3576 | 1 Google | 1 Android | 2018-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-3571 | 1 Google | 1 Android | 2018-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations | |||||
| CVE-2017-15842 | 1 Google | 1 Android | 2018-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-15843 | 1 Google | 1 Android | 2018-08-01 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in a bus driver, a double free in msm_bus_floor_vote_context() can potentially occur in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-15854 | 1 Google | 1 Android | 2018-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| The value of fix_param->num_chans is received from firmware and if it is too large, an integer overflow can occur in wma_radio_chan_stats_event_handler() for the derived length len leading to a subsequent buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-15857 | 1 Google | 1 Android | 2018-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-18070 | 1 Google | 1 Android | 2018-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| In wma_ndp_end_response_event_handler(), the variable len_end_rsp is a uint32 which can be overflowed if the value of variable "event->num_ndp_end_rsp_per_ndi_list" is very large which can then lead to a heap overwrite of the heap object end_rsp in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||