CVE Daily
← All tags

Tag: Android OS

All CVEs associated with "Android OS". Page 43/76 • 9114 CVEs.

Subscribe CVEs: RSS for “Android OS”  ·  RSS (High+Critical only)

About “Android OS”

A curated feed of “Android OS”-related CVEs appears below. We currently track 9114 CVEs for this tag (all time). In the last 365 days, 360 were published. Average CVSS is 6.8 (all time; 6.1 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-926 - Improper Export of Android Application Components, CWE-451 - User Interface (UI) Misrepresentation of Critical Information, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-03-29
Medium

CVE-2017-5947

An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2015-2020

The MyScript SDK before 1.3 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer t…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2015-2004

The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attack…

CVSS: 9.8 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
Critical

CVE-2015-2003

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-…

CVSS: 9.8 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
Critical

CVE-2015-2002

The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-cont…

CVSS: 9.8 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
Critical

CVE-2015-2001

The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer…

CVSS: 9.8 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
Critical

CVE-2015-2000

The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to…

CVSS: 9.8 CWE: CWE-118 - Incorrect Access of Indexable Resource ('Range Error') View on NVD
2018-03-27
Critical

CVE-2014-4959

**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method.

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2018-03-26
Medium

CVE-2014-2312

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.

CVSS: 5.5 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2018-03-22
High

CVE-2018-8909

The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2018-03-20
Medium

CVE-2018-4844

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capa…

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
2018-03-16
High

CVE-2018-3561

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2018-3560

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression de…

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
High

CVE-2017-18066

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl().

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-18065

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vent->vdev_id in wma_action_frame_filter_mac_event_handle…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18062

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing UTF event in wma_process_utf_event…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-18061

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, potential buffer overflow can happen when processing AOA measurement event from WIGIG f…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-18060

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_han…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18059

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received f…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18058

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is r…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18057

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is recei…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18055

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_r…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18054

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for num_vdev_mac_entries in wma_pdev_hw_mode_transition_evt_h…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18053

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which i…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18052

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_b…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18051

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is rece…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18050

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_map in wma_tbttoffset_update_event_handler(), which…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-15834

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, race condition in diag_dbgfs_read_dcistats(), while accessing diag_dbgfs_dci_data_index…

CVSS: 7.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-15833

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, untrusted pointer dereference in update_userspace_power() function in power leads to in…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-15831

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_ndp_end_indication_event_handler(), there is no input validation ch…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-15830

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes po…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-15814

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_f…

CVSS: 4.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-14889

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbit…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2017-14887

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overfl…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11082

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentia…

CVSS: 7.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11074

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API.

CVSS: 7.8 CWE: N/A View on NVD
2018-03-15
High

CVE-2017-18069

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG…

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-18068

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2017-18067

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18064

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received f…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18063

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is receiv…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-18056

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-15821

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2017-15815

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-14885

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which repre…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-14882

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-14878

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be excee…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2016-10393

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and alloca…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-03-13
Medium

CVE-2018-1000109

An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credentia…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
2018-03-12
Medium

CVE-2017-6288

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2017-6287

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. A…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-6286

NVIDIA libnvomx contains a possible out of bounds write due to a missing bounds check which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. A…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2017-6285

NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A.…

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-6281

NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2018-03-06
Medium

CVE-2018-6019

Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission.

CVSS: 5.9 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2017-6280

NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-02-23
High

CVE-2017-17767

In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-17765

In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocat…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-17764

In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an in…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-15862

In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly vali…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2017-15861

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without val…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
High

CVE-2017-15860

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2017-15829

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2017-15820

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-15817

In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentia…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-14884

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow m…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-02-22
Critical

CVE-2017-5250

In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CVSS: 9.8 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
Critical

CVE-2017-5249

In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.

CVSS: 9.8 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
2018-02-20
High

CVE-2017-18192

smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-16835

The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb ba…

CVSS: 7.5 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2018-02-15
Medium

CVE-2017-15340

Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2017-13273

In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed…

CVSS: 7.0 CWE: N/A View on NVD
2018-02-12
High

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User int…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2017-13246

A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13245

A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13244

A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13243

A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13242

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13241

A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13240

A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13239

A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-13238

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additi…

CVSS: 4.2 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13236

In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User intera…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Medium

CVE-2017-13235

A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.

CVSS: 6.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2017-13234

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed.…

CVSS: 6.5 CWE: CWE-772 - Missing Release of Resource after Effective Lifetime View on NVD
Medium

CVE-2017-13233

In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2017-13232

In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execu…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13231

In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13230

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execu…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2017-13229

A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-13228

In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional ex…

CVSS: 8.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2018-02-09
High

CVE-2018-1000055

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets fro…

CVSS: 8.3 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2018-02-06
High

CVE-2017-6279

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-6258

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2018-02-01
High

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI…

CVSS: 7.4 CWE: N/A View on NVD
2018-01-24
Critical

CVE-2018-6018

Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android app allow an attacker to extract private sensitive information by sniffing network traffic.

CVSS: 9.1 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
Critical

CVE-2018-6017

Unencrypted transmission of images in Tinder iOS app and Tinder Android app allows an attacker to extract private sensitive information by sniffing network traffic.

CVSS: 9.1 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2018-01-23
High

CVE-2016-5345

Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and…

CVSS: 7.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-01-19
High

CVE-2017-7326

Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2018-01-16
High

CVE-2017-11072

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 b…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2018-01-12
High

CVE-2017-13226

An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13225

In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privilege…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-13222

An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13221

An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13220

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CVSS: 7.8 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2017-13219

A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-13217

In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13216

In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13215

A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13214

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. Use…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-13213

An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13212

An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2017-13211

In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2017-13210

In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execu…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2017-13209

In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL…

CVSS: 7.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2017-13208

In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-13207

An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13206

An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2017-13205

An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.

CVSS: 9.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

CVSS: 9.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD