Total
8912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0557 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.
|
|||||
| CVE-2017-6249 | 1 Google | 1 Android | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
|
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.
|
|||||
| CVE-2017-11045 | 1 Google | 1 Android | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.
|
|||||
| CVE-2017-9720 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.
|
|||||
| CVE-2017-0542 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721.
|
|||||
| CVE-2017-0509 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32124445. References: B-RB#110688.
|
|||||
| CVE-2017-0725 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37627194.
|
|||||
| CVE-2017-13164 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.
|
|||||
| CVE-2017-8242 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.
|
|||||
| CVE-2017-5081 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 2.1 LOW | 3.3 LOW |
|
Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files.
|
|||||
| CVE-2017-9696 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".
|
|||||
| CVE-2017-14905 | 1 Google | 1 Android | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
|
|||||
| CVE-2017-0686 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.
|
|||||
| CVE-2017-0753 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.
|
|||||
| CVE-2017-0872 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.
|
|||||
| CVE-2017-5029 | 7 Apple, Debian, Google and 4 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
|
|||||
| CVE-2017-5042 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2025-04-20 | 3.3 LOW | 5.7 MEDIUM |
|
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.
|
|||||
| CVE-2017-0669 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.
|
|||||
| CVE-2022-20549 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242702451
|
|||||
| CVE-2022-20548 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In setParameter of EqualizerEffect.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-240919398
|
|||||
| CVE-2022-20561 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222162870References: N/A
|
|||||
| CVE-2022-20560 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.5 HIGH |
|
Product: AndroidVersions: Android kernelAndroid ID: A-212623833References: N/A
|
|||||
| CVE-2022-20559 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967
|
|||||
| CVE-2022-20558 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236264289
|
|||||
| CVE-2022-20557 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-247092734
|
|||||
| CVE-2022-20556 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In launchConfigNewNetworkFragment of NetworkProviderSettings.java, there is a possible way for the guest user to add a new WiFi network due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301667
|
|||||
| CVE-2022-20555 | 1 Google | 1 Android | 2025-04-18 | N/A | 4.4 MEDIUM |
|
In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246194233
|
|||||
| CVE-2022-20554 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596
|
|||||
| CVE-2022-20553 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.5 MEDIUM |
|
In onCreate of LogAccessDialogActivity.java, there is a possible way to bypass a permission check due to a tapjacking/overlay attack. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244155265
|
|||||
| CVE-2022-20552 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806
|
|||||
| CVE-2022-20550 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In Multiple Locations, there is a possibility to launch arbitrary protected activities due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242845514
|
|||||
| CVE-2022-20540 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
|
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506
|
|||||
| CVE-2022-20539 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
|
In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291425
|
|||||
| CVE-2022-20538 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
|
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770
|
|||||
| CVE-2022-20537 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601169
|
|||||
| CVE-2022-20536 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In registerBroadcastReceiver of RcsService.java, there is a possible way to change preferred TTY mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235100180
|
|||||
| CVE-2022-20535 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242
|
|||||
| CVE-2022-20533 | 1 Google | 1 Android | 2025-04-18 | N/A | 3.3 LOW |
|
In getSlice of WifiSlice.java, there is a possible way to connect a new WiFi network from the guest mode due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232798363
|
|||||
| CVE-2022-20530 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.3 MEDIUM |
|
In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645
|
|||||
| CVE-2022-20529 | 1 Google | 1 Android | 2025-04-18 | N/A | 2.4 LOW |
|
In multiple locations of WifiDialogActivity.java, there is a possible limited lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege in wifi settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231583603
|
|||||