Lucene search

K

34 matches found

CVE
CVE
added 2018/02/19 7:29 p.m.173 views

CVE-2017-7376

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

10CVSS8.1AI score0.39544EPSS
CVE
CVE
added 2018/02/19 7:29 p.m.133 views

CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not u...

9.8CVSS6.9AI score0.00262EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.62 views

CVE-2017-13230

In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0...

9.3CVSS8.7AI score0.0162EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.49 views

CVE-2017-13236

In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.

7.8CVSS7.6AI score0.00101EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.45 views

CVE-2017-13228

In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: ...

9.3CVSS8.8AI score0.00481EPSS
CVE
CVE
added 2018/02/15 2:29 a.m.45 views

CVE-2017-13273

In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158.

7CVSS6.7AI score0.00014EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.42 views

CVE-2017-13245

A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.

7.8CVSS6.8AI score0.00019EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.42 views

CVE-2017-13247

In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-7...

7.8CVSS7.3AI score0.00024EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.42 views

CVE-2017-15860

In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.

9.3CVSS7.6AI score0.00049EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13234

In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.41 views

CVE-2017-13242

A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

7.5CVSS6.2AI score0.00117EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.41 views

CVE-2017-17767

In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.

7.8CVSS7.4AI score0.00016EPSS
CVE
CVE
added 2018/02/06 1:29 p.m.40 views

CVE-2017-6258

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Referenc...

7.8CVSS7.5AI score0.00013EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.39 views

CVE-2017-13229

A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.

10CVSS7.6AI score0.01322EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.39 views

CVE-2017-13238

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android....

4.7CVSS3.9AI score0.00025EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.39 views

CVE-2017-13244

A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.

7.8CVSS6.8AI score0.00019EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.39 views

CVE-2017-15820

In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.

7.8CVSS7.2AI score0.00018EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.38 views

CVE-2017-13232

In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:...

7.8CVSS6.8AI score0.0015EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.38 views

CVE-2017-14884

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.

7.8CVSS7.4AI score0.00017EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.38 views

CVE-2017-17764

In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.

7.8CVSS7.4AI score0.0005EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.38 views

CVE-2017-17765

In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.

7.8CVSS7.5AI score0.00017EPSS
CVE
CVE
added 2018/02/06 1:29 p.m.38 views

CVE-2017-6279

NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Referenc...

7.8CVSS7.8AI score0.00013EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.37 views

CVE-2017-13231

In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.

7.8CVSS7.5AI score0.00021EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.37 views

CVE-2017-15817

In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.

9.3CVSS6.4AI score0.00153EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.36 views

CVE-2017-13235

A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.

6.5CVSS6.3AI score0.00112EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.36 views

CVE-2017-13240

A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.

7.5CVSS6.5AI score0.00143EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.36 views

CVE-2017-13243

A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.

7.5CVSS6.5AI score0.00117EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.36 views

CVE-2017-13246

A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.

7.5CVSS6.4AI score0.00117EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.36 views

CVE-2017-15862

In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.

7.8CVSS7.4AI score0.00015EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.35 views

CVE-2017-15829

In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.

7CVSS6.5AI score0.00014EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.34 views

CVE-2017-13233

In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, ...

7.1CVSS6.4AI score0.00157EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.32 views

CVE-2017-13239

A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.

7.5CVSS6.5AI score0.00123EPSS
CVE
CVE
added 2018/02/23 11:29 p.m.31 views

CVE-2017-15861

In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.

7.8CVSS7.2AI score0.00014EPSS
CVE
CVE
added 2018/02/12 7:29 p.m.30 views

CVE-2017-13241

A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.

7.5CVSS6.4AI score0.00117EPSS