Lucene search

K
GoogleAndroid7.1.2

612 matches found

CVE
CVE
added 2017/12/06 2:29 p.m.42 views

CVE-2017-0837

An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64340921.

7.8CVSS7.5AI score0.00016EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.42 views

CVE-2017-0848

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.

5.3CVSS5.4AI score0.00091EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.42 views

CVE-2017-0858

Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894.

7.8CVSS7.2AI score0.00108EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.42 views

CVE-2017-0873

A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.

7.1CVSS6.3AI score0.00102EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.42 views

CVE-2017-13178

In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for e...

10CVSS9.3AI score0.03598EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.42 views

CVE-2017-13289

In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is n...

7.8CVSS7.6AI score0.00013EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.42 views

CVE-2017-13294

A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449.

5.3CVSS4.9AI score0.00091EPSS
CVE
CVE
added 2024/11/15 10:15 p.m.42 views

CVE-2017-13313

In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploit...

7.5CVSS6.7AI score0.00067EPSS
CVE
CVE
added 2024/11/27 11:15 p.m.42 views

CVE-2018-9351

In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS8.8AI score0.00114EPSS
CVE
CVE
added 2024/11/27 11:15 p.m.42 views

CVE-2018-9353

In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS8.9AI score0.00457EPSS
CVE
CVE
added 2024/12/02 9:15 p.m.42 views

CVE-2018-9376

In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.5AI score0.00008EPSS
CVE
CVE
added 2024/11/19 10:15 p.m.42 views

CVE-2018-9420

In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS6.2AI score0.00009EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9440

In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

6.5CVSS6.6AI score0.00037EPSS
CVE
CVE
added 2024/11/19 11:15 p.m.42 views

CVE-2018-9456

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

7.5CVSS6.7AI score0.00253EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.42 views

CVE-2018-9552

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

5.5CVSS5.4AI score0.00116EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9585

In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U...

7.8CVSS6.2AI score0.00022EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.42 views

CVE-2018-9588

In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileg...

6.5CVSS5.5AI score0.00164EPSS
CVE
CVE
added 2019/04/19 8:29 p.m.42 views

CVE-2019-2031

In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Andro...

7.8CVSS7.7AI score0.00015EPSS
CVE
CVE
added 2020/03/24 8:15 p.m.42 views

CVE-2019-20610

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).

9.3CVSS8.2AI score0.00151EPSS
CVE
CVE
added 2017/07/07 2:29 p.m.41 views

CVE-2017-0340

An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204...

9.3CVSS7.8AI score0.00212EPSS
CVE
CVE
added 2017/06/14 1:29 p.m.41 views

CVE-2017-0639

An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other application...

5.5CVSS4.8AI score0.00109EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.41 views

CVE-2017-0689

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/07/06 8:29 p.m.41 views

CVE-2017-0696

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.

5.5CVSS5.6AI score0.00044EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.41 views

CVE-2017-0727

A elevation of privilege vulnerability in the Android media framework (libgui). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-33004354.

7.8CVSS7.4AI score0.00041EPSS
CVE
CVE
added 2017/08/09 9:29 p.m.41 views

CVE-2017-0732

A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37504237.

7.8CVSS7.2AI score0.00053EPSS
CVE
CVE
added 2017/09/08 8:29 p.m.41 views

CVE-2017-0771

A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.

7.1CVSS5.9AI score0.00038EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.41 views

CVE-2017-0835

A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63316832.

9.3CVSS7.7AI score0.0096EPSS
CVE
CVE
added 2017/11/16 11:29 p.m.41 views

CVE-2017-0836

A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.

9.3CVSS7.7AI score0.0096EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-0846

An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

7.5CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13150

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.

9.1CVSS8.2AI score0.00122EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13152

An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.

7.5CVSS7AI score0.00117EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13154

An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.

7.8CVSS7.5AI score0.00014EPSS
CVE
CVE
added 2017/12/06 2:29 p.m.41 views

CVE-2017-13159

An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.

7.8CVSS6.9AI score0.00106EPSS
CVE
CVE
added 2018/01/12 11:29 p.m.41 views

CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

9.1CVSS7.1AI score0.00108EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13234

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13242

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

7.5CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2018/04/04 5:29 p.m.41 views

CVE-2017-13259

In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1,...

7.5CVSS7AI score0.00862EPSS
CVE
CVE
added 2018/04/04 4:29 p.m.41 views

CVE-2017-13276

In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, ...

7.8CVSS8.1AI score0.01912EPSS
CVE
CVE
added 2024/11/19 6:15 p.m.41 views

CVE-2017-13315

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not ...

7.8CVSS6.7AI score0.00012EPSS
CVE
CVE
added 2020/04/07 4:15 p.m.41 views

CVE-2017-18649

An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can boot a device with root privileges because the bootloader for the Qualcomm MSM8998 chipset lacks an integrity check of the system image, aka the "SamFAIL" issue. The Samsung ID is SVE-2017-10465 (November 2017).

7.2CVSS7AI score0.00058EPSS
CVE
CVE
added 2020/04/08 6:15 p.m.41 views

CVE-2018-21050

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018).

10CVSS9.8AI score0.00231EPSS
CVE
CVE
added 2020/04/08 3:15 p.m.41 views

CVE-2018-21082

An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).

8.4CVSS8.3AI score0.00017EPSS
CVE
CVE
added 2024/11/19 7:15 p.m.41 views

CVE-2018-9340

In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.

7.5CVSS6.2AI score0.00033EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9356

In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0...

10CVSS8.8AI score0.19616EPSS
CVE
CVE
added 2024/11/19 9:15 p.m.41 views

CVE-2018-9365

In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

9.8CVSS7.5AI score0.00131EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9446

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android...

10CVSS8.2AI score0.00977EPSS
CVE
CVE
added 2018/11/06 5:29 p.m.41 views

CVE-2018-9459

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

8.8CVSS7.4AI score0.05321EPSS
CVE
CVE
added 2019/02/12 12:0 a.m.41 views

CVE-2018-9587

In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no ...

7.3CVSS6.1AI score0.00022EPSS
CVE
CVE
added 2019/02/28 5:29 p.m.41 views

CVE-2019-1995

In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges ne...

5.5CVSS5.4AI score0.00024EPSS
CVE
CVE
added 2020/03/24 7:15 p.m.41 views

CVE-2019-20546

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).

6.5CVSS6.5AI score0.00031EPSS
Total number of security vulnerabilities612