Android@7.1.2 Security Vulnerabilities and Issues — Page 10 of Android@7.1.2 CVE List

5.3CVSS5.5AI score0.00092EPSS

CVE-2017-18657

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is an arbitrary write in a trustlet. The Samsung ID is SVE-2017-8893 (August 2017).

5.3CVSS5.3AI score0.0011EPSS

CVE-2017-18659

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017).

7.5CVSS7.6AI score0.00081EPSS

CVE-2017-18666

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 (June 2017).

2.4CVSS4.1AI score0.00019EPSS

CVE-2017-18673

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).

CVE•added 2020/04/08 6:15 p.m.•38 views

CVE-2018-21049

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018).

10CVSS9.3AI score0.0017EPSS

CVE•added 2020/04/08 6:15 p.m.•38 views

CVE-2018-21053

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).

4.6CVSS4.7AI score0.0002EPSS

CVE•added 2024/11/19 10:15 p.m.•38 views

CVE-2018-9421

In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.2AI score0.00011EPSS

CVE•added 2024/12/02 10:15 p.m.•38 views

CVE-2018-9435

In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS8.1AI score0.00013EPSS

CVE•added 2018/11/06 5:29 p.m.•38 views

CVE-2018-9451

In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6....

5.5CVSS5.3AI score0.00095EPSS

CVE•added 2024/11/20 6:15 p.m.•38 views

CVE-2018-9484

In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.3AI score0.00142EPSS

CVE•added 2024/11/20 6:15 p.m.•38 views

CVE-2018-9485

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.3AI score0.00046EPSS

9.3CVSS7.9AI score0.00422EPSS

CVE-2018-9497

In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions:...

8.8CVSS8.8AI score0.00694EPSS

CVE-2018-9504

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: And...

6.5CVSS6.1AI score0.00312EPSS

CVE-2018-9505

In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Androi...

6.5CVSS6.1AI score0.00358EPSS

CVE-2018-9506

In avrc_msg_cback of avrc_api.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-...

6.5CVSS6.1AI score0.00288EPSS

CVE-2018-9508

In smp_process_keypress_notification of smp_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr...

CVE•added 2018/11/14 6:29 p.m.•38 views

CVE-2018-9524

In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 And...

7.8CVSS8.1AI score0.00019EPSS

CVE•added 2020/03/24 8:15 p.m.•38 views

CVE-2019-20596

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).

9.1CVSS8.7AI score0.00147EPSS

CVE•added 2020/03/24 8:15 p.m.•38 views

CVE-2019-20611

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), Go(8.1), P(9.0), and Go(9.0) (Exynos chipsets) software. A baseband stack overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-13963 (April 2019).

10CVSS9.8AI score0.00231EPSS

CVE•added 2019/08/20 8:15 p.m.•38 views

CVE-2019-2120

In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andro...

7.8CVSS7.8AI score0.00013EPSS

CVE•added 2017/05/12 3:29 p.m.•37 views

CVE-2017-0588

A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the ...

9.3CVSS7.6AI score0.00272EPSS

CVE•added 2017/06/14 1:29 p.m.•37 views

CVE-2017-0636

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/...

7.6CVSS6.9AI score0.00084EPSS

CVE•added 2017/07/06 8:29 p.m.•37 views

CVE-2017-0710

A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.

7.8CVSS7.4AI score0.00053EPSS

CVE•added 2017/08/09 9:29 p.m.•37 views

CVE-2017-0723

A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37968755.

9.3CVSS7.7AI score0.00212EPSS

CVE•added 2017/09/08 8:29 p.m.•37 views

CVE-2017-0753

A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744.

9.3CVSS8.3AI score0.00212EPSS

CVE•added 2017/10/04 1:29 a.m.•37 views

CVE-2017-0808

An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.

7.5CVSS6.8AI score0.00161EPSS

CVE•added 2017/11/16 11:29 p.m.•37 views

CVE-2017-0849

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.

5.3CVSS5.4AI score0.00091EPSS

CVE•added 2017/11/16 11:29 p.m.•37 views

CVE-2017-0851

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.

5.3CVSS5.4AI score0.00091EPSS

CVE•added 2017/12/06 2:29 p.m.•37 views

CVE-2017-0879

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.

9.1CVSS8.2AI score0.00212EPSS

CVE•added 2017/12/06 2:29 p.m.•37 views

CVE-2017-13157

An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.

7.8CVSS6.9AI score0.00106EPSS

CVE•added 2018/01/12 11:29 p.m.•37 views

CVE-2017-13185

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.

9.1CVSS7.1AI score0.00122EPSS

CVE•added 2018/01/12 11:29 p.m.•37 views

CVE-2017-13212

An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.

7.8CVSS7.4AI score0.00028EPSS

CVE•added 2018/02/12 7:29 p.m.•37 views

CVE-2017-13235

A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.

6.5CVSS6.3AI score0.00112EPSS

CVE•added 2018/02/12 7:29 p.m.•37 views

CVE-2017-13243

A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.

7.5CVSS6.5AI score0.00103EPSS

CVE•added 2018/04/04 4:29 p.m.•37 views

CVE-2017-13296

A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454.

5.3CVSS4.8AI score0.00091EPSS

CVE•added 2018/04/04 4:29 p.m.•37 views

CVE-2017-13297

A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721.

5.3CVSS4.8AI score0.00091EPSS

CVE•added 2020/04/08 1:15 p.m.•37 views

CVE-2017-18646

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017).

4.6CVSS5AI score0.00018EPSS

7.5CVSS7.6AI score0.00123EPSS

CVE-2017-18662

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. Data outside of the rkp log buffer boundary is read, causing an information leak. The Samsung ID is SVE-2017-9109 (July 2017).

7.5CVSS7.6AI score0.00081EPSS

CVE-2017-18669

An issue was discovered on Samsung mobile devices with N(7.x) software. Persona has an unprotected API that allows launch of any activity with system privileges. The Samsung ID is SVE-2017-9000 (June 2017).

5.5CVSS5.5AI score0.00015EPSS

CVE-2017-18672

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).