CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-14496 191 DoS 2017-10-02 2017-10-23
7.8
None Remote Low Not required None None Complete
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
2 CVE-2017-10996 200 +Info 2017-09-21 2017-09-26
7.1
None Remote Medium Not required Complete None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access.
3 CVE-2017-10709 254 Bypass 2017-06-30 2017-07-06
7.2
None Local Low Not required Complete Complete Complete
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
4 CVE-2017-9684 416 2017-08-18 2017-08-21
7.6
None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
5 CVE-2017-9683 190 Overflow 2017-10-10 2017-10-19
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large.
6 CVE-2017-8267 190 Overflow 2017-08-18 2017-08-22
7.6
None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.
7 CVE-2017-8262 416 2017-08-18 2017-08-23
7.6
None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.
8 CVE-2017-7372 119 Overflow 2017-06-13 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
9 CVE-2017-7370 416 2017-06-13 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
10 CVE-2017-7368 362 2017-06-13 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
11 CVE-2017-6249 264 Exec Code 2017-07-13 2017-07-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.
12 CVE-2017-6248 264 Exec Code 2017-07-06 2017-07-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248.
13 CVE-2017-3748 264 2017-06-29 2017-07-05
7.2
None Local Low Not required Complete Complete Complete
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
14 CVE-2017-0829 264 2017-10-03 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.
15 CVE-2017-0828 264 2017-10-03 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Huawei bootloader. Product: Android. Versions: Android kernel. Android ID: A-34622855.
16 CVE-2017-0824 264 2017-10-03 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37622847. References: B-V2017063001.
17 CVE-2017-0822 264 2017-10-03 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.
18 CVE-2017-0820 399 2017-10-03 2017-10-12
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187433.
19 CVE-2017-0819 399 2017-10-03 2017-10-12
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63045918.
20 CVE-2017-0818 399 2017-10-03 2017-10-12
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63581671.
21 CVE-2017-0814 284 2017-10-03 2017-10-12
7.8
None Remote Low Not required None None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62800140.
22 CVE-2017-0793 200 +Info 2017-09-08 2017-09-15
7.1
None Remote Medium Not required Complete None None
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.
23 CVE-2017-0780 284 DoS 2017-09-08 2017-09-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37742976.
24 CVE-2017-0778 284 2017-09-08 2017-09-15
7.8
None Remote Medium Not required Partial None Complete
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62133227.
25 CVE-2017-0775 284 DoS 2017-09-08 2017-09-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.
26 CVE-2017-0774 284 DoS 2017-09-08 2017-09-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62673844.
27 CVE-2017-0773 284 DoS 2017-09-08 2017-09-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911.
28 CVE-2017-0772 284 DoS 2017-09-08 2017-09-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38115076.
29 CVE-2017-0771 284 DoS 2017-09-08 2017-09-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243.
30 CVE-2017-0736 264 DoS 2017-08-09 2017-08-15
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38487564.
31 CVE-2017-0706 264 2017-07-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.
32 CVE-2017-0705 264 2017-07-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.
33 CVE-2017-0649 264 Exec Code 2017-06-14 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and because of vulnerability specific details which limit the impact of the issue. Product: Android. Versions: N/A. Android ID: A-34468195. References: M-ALPS03162283.
34 CVE-2017-0644 264 DoS 2017-06-14 2017-07-07
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-35472997.
35 CVE-2017-0643 264 DoS 2017-06-14 2017-07-07
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-35645051.
36 CVE-2017-0642 264 DoS 2017-06-14 2017-07-07
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34819017.
37 CVE-2017-0641 264 DoS 2017-06-14 2017-07-07
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.
38 CVE-2017-0640 264 DoS 2017-06-14 2017-07-07
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33129467.
39 CVE-2017-0636 264 Exec Code 2017-06-14 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35310230. References: M-ALPS03162263.
40 CVE-2017-0635 399 DoS 2017-05-12 2017-05-19
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-35467107.
41 CVE-2017-0620 264 Exec Code 2017-05-12 2017-05-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.
42 CVE-2017-0619 264 Exec Code 2017-05-12 2017-05-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.
43 CVE-2017-0618 264 Exec Code 2017-05-12 2017-05-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.
44 CVE-2017-0617 264 Exec Code 2017-05-12 2017-05-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.
45 CVE-2017-0616 264 Exec Code 2017-05-12 2017-05-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.
46 CVE-2017-0615 264 Exec Code 2017-05-12 2017-05-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.
47 CVE-2017-0600 264 DoS 2017-05-12 2017-05-19
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635.
48 CVE-2017-0599 399 DoS 2017-05-12 2017-05-19
7.1
None Remote Medium Not required None None Complete
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748.
49 CVE-2017-0578 264 Exec Code 2017-04-07 2017-07-10
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the DTS sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33964406.
50 CVE-2017-0566 264 Exec Code 2017-04-07 2017-07-10
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. References: M-ALPS02696367.
Total number of vulnerabilities : 238   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.