Android Security Vulnerabilities and Issues — Page 11 of Android CVE List

9.3CVSS7.7AI score0.00212EPSS

CVE-2017-0682

A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36588422.

9.3CVSS7.4AI score0.00035EPSS

CVE-2017-0684

A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.

5.5CVSS5.6AI score0.00044EPSS

CVE-2017-0685

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.

7.2CVSS6.7AI score0.00053EPSS

CVE-2017-0705

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.

CVE•added 2017/08/09 9:29 p.m.•41 views

CVE-2017-0713

A remote code execution vulnerability in the Android libraries (sfntly). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-32096780.

7.8CVSS7.7AI score0.0028EPSS

CVE•added 2017/08/09 9:29 p.m.•41 views

CVE-2017-0728

A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37469795.

7.8CVSS7AI score0.0005EPSS

CVE•added 2017/10/04 1:29 a.m.•41 views

CVE-2017-0811

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177.

9.3CVSS7.7AI score0.00588EPSS

CVE•added 2017/10/04 1:29 a.m.•41 views

CVE-2017-0816

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.

5.5CVSS5AI score0.00154EPSS

CVE•added 2017/11/16 11:29 p.m.•41 views

CVE-2017-0830

An elevation of privilege vulnerability in the Android framework (device policy client). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62623498.

9.3CVSS7.4AI score0.00081EPSS

CVE•added 2017/11/16 11:29 p.m.•41 views

CVE-2017-0865

An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.

7.8CVSS7.3AI score0.00016EPSS

9.3CVSS8.4AI score0.00456EPSS

CVE-2017-0876

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.

CVE•added 2017/11/16 10:29 p.m.•41 views

CVE-2017-11026

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys.

7.8CVSS7.2AI score0.00021EPSS

CVE•added 2017/11/16 10:29 p.m.•41 views

CVE-2017-11038

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.

7.8CVSS7.1AI score0.00016EPSS

7.8CVSS7.5AI score0.00016EPSS

CVE-2017-13153

An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-65280854.

7.5CVSS6.9AI score0.00117EPSS

CVE-2017-13169

An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.

7.8CVSS7.5AI score0.00016EPSS

CVE-2017-13173

An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. References: M-ALPS02672361.

7.8CVSS7.4AI score0.00039EPSS

CVE-2017-13174

An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473.

7.5CVSS7.1AI score0.00117EPSS

CVE-2017-13175

An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175.

CVE•added 2017/12/05 7:29 p.m.•41 views

CVE-2017-14895

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.

7.8CVSS7.1AI score0.00013EPSS

CVE•added 2017/11/14 4:29 p.m.•41 views

CVE-2017-6275

An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.

7.5CVSS6.6AI score0.00098EPSS

CVE•added 2017/08/18 7:29 p.m.•41 views

CVE-2017-7364

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address wi...

10CVSS8.4AI score0.00152EPSS

CVE•added 2017/09/21 3:29 p.m.•41 views

CVE-2017-8250

In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negati...

7.8CVSS8AI score0.00057EPSS

CVE•added 2017/11/16 10:29 p.m.•41 views

CVE-2017-8279

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information.

7.5CVSS7.2AI score0.0009EPSS

CVE•added 2017/09/21 3:29 p.m.•41 views

CVE-2017-9677

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting da...

7.8CVSS8AI score0.00045EPSS

CVE•added 2017/08/18 7:29 p.m.•41 views

CVE-2017-9684

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.

7.6CVSS6.7AI score0.00068EPSS

CVE•added 2017/10/10 8:29 p.m.•41 views

CVE-2017-9697

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while reading command registration table entries in diag_dbgfs_read_table.

7CVSS6.7AI score0.00015EPSS

CVE•added 2017/09/21 3:29 p.m.•41 views

CVE-2017-9720

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur.

7.8CVSS7.7AI score0.00053EPSS

10CVSS7.8AI score0.00152EPSS

CVE-2014-9411

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

9.3CVSS7.4AI score0.00058EPSS

CVE-2014-9933

Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.

9.3CVSS7.7AI score0.00063EPSS

CVE-2014-9937

In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.

CVE•added 2017/06/06 2:29 p.m.•40 views

CVE-2014-9941

In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.

7.6CVSS6.7AI score0.00027EPSS

CVE•added 2017/06/13 8:29 p.m.•40 views

CVE-2014-9967

In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.

9.3CVSS7.4AI score0.00058EPSS

10CVSS8.7AI score0.00252EPSS

CVE-2014-9971

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

10CVSS9AI score0.00247EPSS

CVE-2014-9976

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.

5.5CVSS5.5AI score0.00098EPSS

CVE-2015-9001

In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.

10CVSS9AI score0.00247EPSS

CVE-2015-9063

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.

9.3CVSS7.2AI score0.00058EPSS

CVE-2016-10238

In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.

CVE•added 2017/06/13 8:29 p.m.•40 views

CVE-2016-10340

In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.

9.3CVSS7.6AI score0.00063EPSS

CVE•added 2017/08/16 3:29 p.m.•40 views

CVE-2016-5863

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses.

9.3CVSS7.3AI score0.00054EPSS

CVE•added 2017/02/08 3:59 p.m.•40 views

CVE-2016-8476

An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.1...

7.6CVSS6.6AI score0.00137EPSS

CVE•added 2017/01/12 8:59 p.m.•40 views

CVE-2017-0389

A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID:...

7.8CVSS7.1AI score0.0034EPSS

CVE•added 2017/01/12 8:59 p.m.•40 views

CVE-2017-0400

An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permissio...

5.5CVSS5.2AI score0.00154EPSS

7.8CVSS7.5AI score0.06463EPSS

CVE-2017-0478

A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the...

7.1CVSS5.4AI score0.00284EPSS

CVE-2017-0485

A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-3338...

5.5CVSS5.5AI score0.00107EPSS

CVE-2017-0489

An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0...