Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0398 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.
|
|||||
| CVE-2016-5854 | 1 Google | 1 Android | 2025-04-20 | 2.6 LOW | 4.7 MEDIUM |
|
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.
|
|||||
| CVE-2015-8996 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.
|
|||||
| CVE-2014-9979 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.
|
|||||
| CVE-2017-0786 | 1 Google | 1 Android | 2025-04-20 | 5.8 MEDIUM | 8.8 HIGH |
|
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.
|
|||||
| CVE-2017-0716 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.
|
|||||
| CVE-2017-0407 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375.
|
|||||
| CVE-2017-0414 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795.
|
|||||
| CVE-2017-0596 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34749392.
|
|||||
| CVE-2017-14496 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Android and 5 more | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
|
|||||
| CVE-2016-8418 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
|
|||||
| CVE-2017-0734 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38014992.
|
|||||
| CVE-2017-11048 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.
|
|||||
| CVE-2017-9701 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.
|
|||||
| CVE-2016-6727 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2017-5072 | 1 Google | 2 Android, Chrome | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.
|
|||||
| CVE-2017-11064 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed during processing of ACA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST and QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_LIST cfg80211 vendor commands in __wlan_hdd_cfg80211_set_passpoint_list and hdd_extscan_passpoint_fill_network_list function respectively. Android ID: A-36815952. References: QC-CR#2054770, QC-CR#2058447, QC-CR#2066628, QC-CR#2087785
|
|||||
| CVE-2017-9697 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.
|
|||||
| CVE-2017-8272 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.
|
|||||
| CVE-2017-0538 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.
|
|||||
| CVE-2017-11022 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.
|
|||||
| CVE-2017-13158 | 1 Google | 1 Android | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.
|
|||||
| CVE-2014-9924 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
|
|||||
| CVE-2017-0417 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438.
|
|||||
| CVE-2017-9714 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request.
|
|||||
| CVE-2016-5861 | 1 Google | 1 Android | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
|
In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.
|
|||||
| CVE-2014-9973 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.
|
|||||
| CVE-2017-5114 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
|
|||||
| CVE-2017-0873 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 6.5 MEDIUM |
|
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.
|
|||||
| CVE-2017-6211 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.
|
|||||
| CVE-2017-0721 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37561455.
|
|||||
| CVE-2017-0643 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
|
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051.
|
|||||
| CVE-2017-0442 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497.
|
|||||
| CVE-2016-10380 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
|
|||||
| CVE-2017-0752 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.
|
|||||
| CVE-2017-7370 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
|
|||||
| CVE-2017-0447 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560.
|
|||||
| CVE-2017-8245 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs.
|
|||||
| CVE-2017-0780 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
|
A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.
|
|||||
| CVE-2017-0850 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.
|
|||||