CVE-2018-9551

In CAacDecoderInit of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:...

CVE-2018-9550

In CAacDecoderInit of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID:...

CVE-2018-11264

Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 45...

CVE-2018-9531

In AudioSpecificConfigParse of tpdecasc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android...

CVE-2018-9490

In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0...

CVE-2018-5866

While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660...

CVE-2018-9433

...

CVE-2017-13284

In configsetstring of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android...

CVE-2017-17773

In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in...

CVE-2017-13249

In impeg2dapisetdisplayframe of impeg2dapimain.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1,...

CVE-2017-13230

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2picwidthinlumasamples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0,...

CVE-2017-13178

In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for...

CVE-2017-0876

A remote code execution vulnerability in the Android media framework libavc. Product: Android. Versions: 6.0. Android ID A-64964675...

CVE-2017-13160

A remote code execution vulnerability in the Android system bluetooth. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362...

CVE-2017-9714

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an out of bound memory access may happen in limCheckRxRSNIeMatch in case incorrect RSNIE is received from the client in assoc request...

CVE-2017-0722

A remote code execution vulnerability in the Android media framework h263 decoder. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37660827...

CVE-2017-0745

A remote code execution vulnerability in the Android media framework avc decoder. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296...

CVE-2015-9008

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689...

CVE-2015-9009

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600...

CVE-2015-9013

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251...

CVE-2017-0590

A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the...

CVE-2017-0592

A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution...

CVE-2015-8997

In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel...

CVE-2015-9003

In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel...

CVE-2017-0542

A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the...

CVE-2017-0337

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-8487

An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-28823724...

CVE-2017-0335

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-8424

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-8423

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-8431

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-6776

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

CVE-2016-3861

LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of...

CVE-2016-2067

drivers/gpu/msm/kgsl.c in the MSM graphics driver aka GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, mishandles the KGSLMEMFLAGSGPUREADONLY flag, which allows attackers to gain privileges by leveraging...

CVE-2016-0815

The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file...

CVE-2015-6638

The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908...

CVE-2015-6609

libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted audio file, aka internal bug 22953624...

CVE-2015-6598

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23306638...

CVE-2015-6603

libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted media file, aka internal bug 23227354...

TacoRoot

HTC recovery log on some devices is world writable and so can be deleted and symlinked to /data/local.prop to allow root on reboot, this is a appears to be a unstable exploit and requires the user to reboot into recovery mode...

CVE-2018-5912

Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660...

CVE-2018-13887

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215,...

CVE-2018-9555

In l2clccprocpdu of l2cfcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...

CVE-2018-9496

In ixheaacdrealsynthfftp3 of ixheaacdesbrfft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Androi...

CVE-2017-13276

In CProgramConfigReadHeightExt of tpdecasc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1,...

CVE-2017-13266

In avrcparsvendorcmd of avrcparstg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,...

CVE-2017-18067

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in limsendauthmgmtframe leads to buffer overflow...

CVE-2017-11043

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur...

CVE-2017-0762

A remote code execution vulnerability in the Android media framework libhevc. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62214264...

CVE-2017-7065

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code on the Wi-Fi chip or cause a denial of service memory...