The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
Max CVSS
7.2
EPSS Score
0.07%
Published
2017-06-30
Updated
2019-10-03
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
Max CVSS
10.0
EPSS Score
0.15%
Published
2017-08-18
Updated
2017-08-23
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.
Max CVSS
5.5
EPSS Score
0.10%
Published
2017-06-13
Updated
2017-07-08
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.
Max CVSS
5.5
EPSS Score
0.10%
Published
2017-06-13
Updated
2017-07-08
In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.
Max CVSS
5.5
EPSS Score
0.10%
Published
2017-06-13
Updated
2017-07-08
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.
Max CVSS
9.3
EPSS Score
0.10%
Published
2017-05-16
Updated
2017-07-11
A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457.
Max CVSS
10.0
EPSS Score
0.62%
Published
2017-02-08
Updated
2017-07-25
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424.
Max CVSS
9.3
EPSS Score
0.06%
Published
2017-01-12
Updated
2017-01-18
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437.
Max CVSS
9.3
EPSS Score
0.07%
Published
2017-01-12
Updated
2017-01-18
An elevation of privilege vulnerability in Telephony could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 6.0, 6.0.1, 7.0. Android ID: A-31566390.
Max CVSS
6.8
EPSS Score
0.05%
Published
2017-01-12
Updated
2017-01-18
An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228.
Max CVSS
4.3
EPSS Score
0.05%
Published
2017-01-12
Updated
2017-01-19
An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171.
Max CVSS
4.6
EPSS Score
0.06%
Published
2017-01-12
Updated
2017-01-19
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31631842.
Max CVSS
7.8
EPSS Score
0.46%
Published
2017-01-12
Updated
2017-01-19
A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of local permanent denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31530456.
Max CVSS
7.1
EPSS Score
0.06%
Published
2017-01-12
Updated
2017-01-19
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.50%
Published
2017-01-19
Updated
2018-01-05
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
Max CVSS
8.8
EPSS Score
0.90%
Published
2017-01-19
Updated
2018-01-05
The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel.
Max CVSS
8.8
EPSS Score
0.18%
Published
2017-04-21
Updated
2017-05-02
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
Max CVSS
10.0
EPSS Score
0.20%
Published
2017-08-18
Updated
2018-04-19
In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.
Max CVSS
10.0
EPSS Score
0.13%
Published
2017-08-18
Updated
2017-08-24
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
Max CVSS
10.0
EPSS Score
0.13%
Published
2017-08-18
Updated
2017-08-24
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.
Max CVSS
10.0
EPSS Score
0.13%
Published
2017-08-18
Updated
2017-08-23
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
Max CVSS
9.3
EPSS Score
0.10%
Published
2017-06-13
Updated
2017-07-08
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.
Max CVSS
5.5
EPSS Score
0.10%
Published
2017-06-13
Updated
2017-07-08
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
Max CVSS
5.5
EPSS Score
0.09%
Published
2017-06-13
Updated
2017-07-08
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
Max CVSS
9.3
EPSS Score
0.06%
Published
2017-06-06
Updated
2017-06-09
31 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!