Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9964 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
|
|||||
| CVE-2017-8255 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.
|
|||||
| CVE-2015-8995 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
|
|||||
| CVE-2015-9054 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.
|
|||||
| CVE-2017-5079 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
|
|||||
| CVE-2016-10386 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.
|
|||||
| CVE-2016-6784 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424.
|
|||||
| CVE-2015-8999 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.
|
|||||
| CVE-2017-11090 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.
|
|||||
| CVE-2016-5872 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.
|
|||||
| CVE-2015-9005 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
|
|||||
| CVE-2015-9043 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.
|
|||||
| CVE-2017-0703 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.
|
|||||
| CVE-2017-0406 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871.
|
|||||
| CVE-2017-0676 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34896431.
|
|||||
| CVE-2017-0390 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
|
A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370.
|
|||||
| CVE-2015-9062 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.
|
|||||
| CVE-2017-0785 | 1 Google | 1 Android | 2025-04-20 | 3.3 LOW | 6.5 MEDIUM |
|
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
|
|||||
| CVE-2017-11000 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write.
|
|||||
| CVE-2017-6276 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276.
|
|||||
| CVE-2017-0877 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.
|
|||||
| CVE-2016-10238 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.
|
|||||
| CVE-2017-11016 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when memory allocation fails while creating a calibration block in create_cal_block stale pointers are left uncleared.
|
|||||
| CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
|
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
|
|||||
| CVE-2017-0819 | 1 Google | 1 Android | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.
|
|||||
| CVE-2017-0619 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.
|
|||||
| CVE-2015-9065 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.
|
|||||
| CVE-2017-9680 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
|
|||||
| CVE-2017-13173 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361.
|
|||||
| CVE-2017-0811 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.
|
|||||
| CVE-2017-9716 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications.
|
|||||
| CVE-2017-11089 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
|
|||||
| CVE-2017-5113 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2017-0836 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.
|
|||||
| CVE-2016-10340 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.
|
|||||
| CVE-2017-5116 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
|
|||||
| CVE-2015-1537 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.
|
|||||
| CVE-2016-10385 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.
|
|||||
| CVE-2017-0495 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.
|
|||||
| CVE-2017-0472 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021.
|
|||||