Lucene search

K
GoogleAndroid7.1.1

676 matches found

CVE
CVE
added 2019/08/20 8:15 p.m.35 views

CVE-2019-2135

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 A...

7.1CVSS5AI score0.00053EPSS
CVE
CVE
added 2017/04/07 10:59 p.m.34 views

CVE-2017-0552

A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. A...

7.1CVSS5.7AI score0.00198EPSS
CVE
CVE
added 2017/10/04 1:29 a.m.34 views

CVE-2017-0818

A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.

7.8CVSS7.2AI score0.00262EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.34 views

CVE-2017-0859

Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.

7.8CVSS7.2AI score0.00101EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.34 views

CVE-2017-13181

In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is n...

7.8CVSS7.6AI score0.00032EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.34 views

CVE-2017-13233

In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, ...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.34 views

CVE-2017-18675

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017).

7.5CVSS7.6AI score0.00113EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.34 views

CVE-2018-21060

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2018).

7.5CVSS7.5AI score0.00123EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.34 views

CVE-2018-21063

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).

10CVSS9.4AI score0.0017EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.34 views

CVE-2018-21064

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018).

9.8CVSS9.5AI score0.00147EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.34 views

CVE-2018-9358

In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Prod...

7.8CVSS6.8AI score0.03247EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.34 views

CVE-2018-9359

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

7.8CVSS6.9AI score0.016EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.34 views

CVE-2018-9454

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0...

5.5CVSS5.3AI score0.00095EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.34 views

CVE-2018-9499

In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Andro...

5.5CVSS5AI score0.00037EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.34 views

CVE-2018-9523

In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: A...

7.8CVSS8.1AI score0.00017EPSS
CVE
CVE
added 2019/05/08 5:29 p.m.34 views

CVE-2019-2052

In VisitPointers of heap.cc, there is a possible out-of-bounds read due to type confusion. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7...

7.8CVSS6.9AI score0.00396EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.34 views

CVE-2019-20561

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. The bootloader has an integer signedness error. The Samsung ID is SVE-2019-15230 (October 2019).

9.8CVSS9.4AI score0.00151EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.34 views

CVE-2019-20573

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the RCS Content Provider. The Samsung IDs are SVE-2019-14059, SVE-2019-14685 (August 2019).

7.8CVSS8AI score0.00037EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.34 views

CVE-2019-20581

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. A stack overflow in the HDCP Trustlet causes arbitrary code execution. The Samsung ID is SVE-2019-14665 (August 2019).

9.8CVSS9.8AI score0.00222EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.34 views

CVE-2019-20602

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), and P(9.0) (Qualcomm chipsets) software. The Authnr Trustlet has a NULL pointer dereference. The Samsung ID is SVE-2019-13949 (May 2019).

7.5CVSS7.6AI score0.00114EPSS
CVE
CVE
added 2019/08/20 8:15 p.m.34 views

CVE-2019-2129

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: A...

6.5CVSS6.1AI score0.00245EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.33 views

CVE-2017-13186

A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716.

7.8CVSS7.1AI score0.00101EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.33 views

CVE-2017-13192

In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not...

7.8CVSS7.3AI score0.02288EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.33 views

CVE-2017-13200

An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.

7.5CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.33 views

CVE-2017-13201

An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.

7.5CVSS6.8AI score0.00117EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.33 views

CVE-2017-13202

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.

7.5CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.33 views

CVE-2017-13205

An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.

9.1CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.33 views

CVE-2017-13264

A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343.

7.5CVSS7.2AI score0.00113EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.33 views

CVE-2018-21051

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).

10CVSS9.7AI score0.00401EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.33 views

CVE-2018-21079

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).

7.5CVSS7.4AI score0.00123EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.33 views

CVE-2018-21086

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).

8.1CVSS8.1AI score0.00114EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.33 views

CVE-2018-9362

In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: And...

7.8CVSS7.2AI score0.03994EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.33 views

CVE-2018-9490

In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android...

9.3CVSS8.1AI score0.00321EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.33 views

CVE-2018-9498

In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android...

9.3CVSS7.9AI score0.00422EPSS
CVE
CVE
added 2018/10/02 7:29 p.m.33 views

CVE-2018-9510

In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Andro...

6.5CVSS6.1AI score0.00312EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.33 views

CVE-2018-9553

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

9.3CVSS7.9AI score0.00253EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.33 views

CVE-2019-2039

In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7....

5CVSS4.7AI score0.00036EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.33 views

CVE-2019-20555

An issue was discovered on Samsung mobile devices with N(7.x) software. The Gallery app allows attackers to view all pictures of a locked device. The Samsung ID is SVE-2019-15189 (October 2019).

5.3CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.33 views

CVE-2019-20591

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is local SQL injection in the Gear VR Service Content Provider. The Samsung ID is SVE-2019-14058 (July 2019).

7.8CVSS8AI score0.00037EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.33 views

CVE-2019-20613

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is time-based SQL injection in Contacts. The Samsung ID is SVE-2018-13452 (March 2019).

8.1CVSS8.5AI score0.00159EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.33 views

CVE-2019-20616

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. Gallery leaks a thumbnail of Private Mode content. The Samsung ID is SVE-2018-13563 (March 2019).

5.3CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.33 views

CVE-2019-20622

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband stack overflow. The Samsung ID is SVE-2018-13188 (February 2019).

10CVSS9.4AI score0.00183EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.32 views

CVE-2017-13207

An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.

7.5CVSS6.8AI score0.0009EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.32 views

CVE-2018-21081

An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is SVE-2017-11018 (March 2018).

9.1CVSS9.1AI score0.00079EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.32 views

CVE-2018-21084

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).

8.1CVSS8AI score0.00114EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.32 views

CVE-2018-21085

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).

8.1CVSS8.1AI score0.00134EPSS
CVE
CVE
added 2020/04/08 2:15 p.m.32 views

CVE-2018-21092

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018).

6.5CVSS6.7AI score0.00029EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.32 views

CVE-2018-9437

In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 And...

7.1CVSS5.8AI score0.02009EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.32 views

CVE-2018-9444

In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android ...

7.1CVSS5.8AI score0.00077EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.32 views

CVE-2018-9540

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Ve...

7.5CVSS7.2AI score0.00386EPSS
Total number of security vulnerabilities676