Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3567 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages. | |||||
| CVE-2017-15855 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow. | |||||
| CVE-2018-6254 | 1 Google | 1 Android | 2018-06-14 | 2.1 LOW | 3.3 LOW |
| In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. | |||||
| CVE-2017-6293 | 1 Google | 1 Android | 2018-06-14 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-69377364. Reference: N-CVE-2017-6293. | |||||
| CVE-2018-6246 | 1 Google | 1 Android | 2018-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. | |||||
| CVE-2013-6272 | 1 Google | 1 Android | 2018-06-12 | 6.8 MEDIUM | 7.8 HIGH |
| The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. | |||||
| CVE-2014-0900 | 1 Google | 1 Android | 2018-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. | |||||
| CVE-2018-5828 | 1 Google | 1 Android | 2018-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_extscan_start_stop_event_handler(), vdev_id comes from the variable event from firmware and is not properly validated potentially leading to a buffer overwrite. | |||||
| CVE-2017-11075 | 1 Google | 1 Android | 2018-05-14 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write(). | |||||
| CVE-2018-5825 | 1 Google | 1 Android | 2018-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur. | |||||
| CVE-2018-5824 | 1 Google | 1 Android | 2018-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range. | |||||
| CVE-2018-5823 | 1 Google | 1 Android | 2018-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, improper buffer length validation in extscan hotlist event can lead to potential buffer overflow. | |||||
| CVE-2018-5826 | 1 Google | 1 Android | 2018-05-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver. | |||||
| CVE-2017-14496 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Android and 5 more | 2018-05-10 | 7.8 HIGH | 7.5 HIGH |
| Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | |||||
| CVE-2017-13293 | 1 Google | 1 Android | 2018-05-10 | 7.2 HIGH | 7.8 HIGH |
| In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701. | |||||
| CVE-2017-13292 | 1 Google | 1 Android | 2018-05-10 | 10.0 HIGH | 9.8 CRITICAL |
| In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201. | |||||
| CVE-2017-13267 | 1 Google | 1 Android | 2018-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009. | |||||
| CVE-2017-13274 | 1 Google | 1 Android | 2018-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761. | |||||
| CVE-2017-13275 | 1 Google | 1 Android | 2018-05-09 | 1.9 LOW | 5.5 MEDIUM |
| In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908. | |||||
| CVE-2017-13276 | 1 Google | 1 Android | 2018-05-09 | 6.8 MEDIUM | 7.8 HIGH |
| In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599. | |||||