Android@7.0 Security Vulnerabilities and Issues — Page 3 of Android@7.0 CVE List

Lucene search

GoogleAndroid7.0

793 matches found

CVE•added 2019/04/19 8:29 p.m.•56 views

CVE-2019-2029

In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1....

8.8CVSS8.8AI score0.00564EPSS

CVE•added 2019/05/08 5:29 p.m.•56 views

CVE-2019-2043

In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interactio...

7.3CVSS7.2AI score0.00014EPSS

CVE•added 2017/03/08 1:59 a.m.•55 views

CVE-2017-0467

A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver proces...

9.3CVSS7.6AI score0.00316EPSS

CVE•added 2017/04/07 10:59 p.m.•55 views

CVE-2017-0548

A remote denial of service vulnerability in libskia could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33251605.

7.1CVSS5.7AI score0.00299EPSS

CVE•added 2017/09/08 8:29 p.m.•55 views

CVE-2017-0776

A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.

5.5CVSS5.8AI score0.00051EPSS

CVE•added 2017/12/06 2:29 p.m.•55 views

CVE-2017-0870

An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.

7.8CVSS7.5AI score0.00016EPSS

CVE•added 2018/01/12 11:29 p.m.•55 views

CVE-2017-13208

In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Pr...

10CVSS9.2AI score0.15731EPSS

CVE•added 2024/12/02 10:15 p.m.•55 views

CVE-2018-9418

In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

9.8CVSS7.1AI score0.00086EPSS

CVE•added 2024/11/19 11:15 p.m.•55 views

CVE-2018-9466

In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS9.3AI score0.00715EPSS

CVE•added 2019/02/12 12:0 a.m.•55 views

CVE-2018-9583

In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges...

10CVSS7.6AI score0.00977EPSS

CVE•added 2017/01/12 8:59 p.m.•54 views

CVE-2017-0396

An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. P...

5.5CVSS5.2AI score0.00091EPSS

CVE•added 2017/02/08 3:59 p.m.•54 views

CVE-2017-0413

An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does no...

5.5CVSS5.2AI score0.00218EPSS

CVE•added 2017/02/08 3:59 p.m.•54 views

CVE-2017-0422

A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0...

7.8CVSS6.7AI score0.01038EPSS

CVE•added 2017/08/09 9:29 p.m.•54 views

CVE-2017-0745

A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37079296.

9.3CVSS7.7AI score0.00308EPSS

CVE•added 2017/09/08 8:29 p.m.•54 views

CVE-2017-0764

A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62872015.

9.3CVSS7.9AI score0.00269EPSS

CVE•added 2017/09/08 8:29 p.m.•54 views

CVE-2017-0777

A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.

5.5CVSS5.8AI score0.00051EPSS

CVE•added 2017/10/04 1:29 a.m.•54 views

CVE-2017-0807

An elevation of privilege vulnerability in the Android framework (ui framework). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35056974.

10CVSS8AI score0.02479EPSS

CVE•added 2019/05/08 5:29 p.m.•54 views

CVE-2019-2046

In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android ...

10CVSS9.3AI score0.01182EPSS

CVE•added 2017/01/12 8:59 p.m.•53 views

CVE-2017-0392

A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5....

7.1CVSS5.7AI score0.0017EPSS

CVE•added 2017/04/07 10:59 p.m.•53 views

CVE-2017-0547

An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applica...

5.5CVSS5.3AI score0.00125EPSS

CVE•added 2017/08/09 9:29 p.m.•53 views

CVE-2017-0719

A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673.

9.3CVSS7.7AI score0.00308EPSS

CVE•added 2017/08/09 9:29 p.m.•53 views

CVE-2017-0720

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37430213.

9.3CVSS7.7AI score0.00248EPSS

CVE•added 2017/09/08 8:29 p.m.•53 views

CVE-2017-0756

A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073.

9.3CVSS7.9AI score0.00164EPSS

CVE•added 2017/09/08 8:29 p.m.•53 views

CVE-2017-0761

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381.

9.3CVSS7.9AI score0.00248EPSS

CVE•added 2017/11/16 11:29 p.m.•53 views

CVE-2017-0842

An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.

7.8CVSS7.4AI score0.00039EPSS

CVE•added 2024/11/20 6:15 p.m.•53 views

CVE-2018-9470

In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

8.8CVSS7.2AI score0.00209EPSS

CVE•added 2020/04/17 2:15 p.m.•53 views

CVE-2019-20771

An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019).

7.5CVSS7.4AI score0.00092EPSS

CVE•added 2017/02/08 3:59 p.m.•52 views

CVE-2017-0418

An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessib...

9.3CVSS7.2AI score0.00136EPSS

CVE•added 2017/02/08 3:59 p.m.•52 views

CVE-2017-0421

An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application doe...

5.5CVSS5.2AI score0.00106EPSS

CVE•added 2017/08/09 9:29 p.m.•52 views

CVE-2017-0738

A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.

5.5CVSS5.5AI score0.00063EPSS

CVE•added 2017/09/08 8:29 p.m.•52 views

CVE-2017-0778

A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.

7.8CVSS6.8AI score0.00064EPSS

CVE•added 2017/10/04 1:29 a.m.•52 views

CVE-2017-0820

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.

7.8CVSS7.2AI score0.00599EPSS

CVE•added 2018/01/12 11:29 p.m.•52 views

CVE-2017-13176

In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitatio...

9.3CVSS8.2AI score0.00689EPSS

CVE•added 2018/01/12 11:29 p.m.•52 views

CVE-2017-13179

In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->...

10CVSS9.2AI score0.03421EPSS

CVE•added 2018/04/04 5:29 p.m.•52 views

CVE-2017-13258

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7....

7.5CVSS6.8AI score0.17014EPSS

CVE•added 2018/04/04 5:29 p.m.•52 views

CVE-2017-13266

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7....

10CVSS8.9AI score0.01322EPSS

CVE•added 2018/04/04 4:29 p.m.•52 views

CVE-2017-13277

In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7...

9.3CVSS7.9AI score0.00722EPSS

CVE•added 2024/11/28 12:15 a.m.•52 views

CVE-2018-9374

In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS9AI score0.00007EPSS

CVE•added 2025/01/28 5:15 p.m.•52 views

CVE-2018-9378

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6AI score0.00019EPSS

CVE•added 2019/07/08 6:15 p.m.•52 views

CVE-2019-2106

In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

9.3CVSS8.8AI score0.0037EPSS

CVE•added 2017/03/08 1:59 a.m.•51 views

CVE-2017-0474

9.3CVSS7.6AI score0.02868EPSS

CVE•added 2017/07/06 8:29 p.m.•51 views

CVE-2017-0665

A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36991414.

9.3CVSS7.4AI score0.00035EPSS

CVE•added 2017/07/06 8:29 p.m.•51 views

CVE-2017-0668

A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.

5.5CVSS5.5AI score0.00063EPSS

CVE•added 2017/07/06 8:29 p.m.•51 views

CVE-2017-0695

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.

5.5CVSS5.6AI score0.00044EPSS

CVE•added 2017/07/06 8:29 p.m.•51 views

CVE-2017-0699

A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.

5.5CVSS5.5AI score0.00063EPSS

CVE•added 2017/08/09 9:29 p.m.•51 views

CVE-2017-0729

A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346.

7.8CVSS7.4AI score0.00053EPSS

CVE•added 2017/08/09 9:29 p.m.•51 views

CVE-2017-0733

A denial of service vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38391487.

5.5CVSS5.6AI score0.00044EPSS

CVE•added 2017/09/08 8:29 p.m.•51 views

CVE-2017-0768

A elevation of privilege vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62019992.

9.3CVSS7.9AI score0.00035EPSS

CVE•added 2017/11/16 11:29 p.m.•51 views

CVE-2017-0839

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.

7.5CVSS6.8AI score0.00145EPSS

CVE•added 2017/11/16 11:29 p.m.•51 views

CVE-2017-0841

A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.

9.3CVSS7.7AI score0.00886EPSS

Total number of security vulnerabilities793