CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-11051 200 +Info 2017-10-10 2017-10-19
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero.
2 CVE-2017-11040 200 +Info 2017-09-21 2017-09-26
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.
3 CVE-2017-11002 200 +Info 2017-09-21 2017-09-26
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.
4 CVE-2017-11001 200 +Info 2017-09-21 2017-09-26
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.
5 CVE-2017-10996 200 +Info 2017-09-21 2017-09-26
7.1
None Remote Medium Not required Complete None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access.
6 CVE-2017-9680 200 +Info 2017-08-18 2017-08-21
5.0
None Remote Low Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
7 CVE-2017-9679 200 +Info 2017-08-18 2017-08-21
5.0
None Remote Low Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
8 CVE-2017-8269 200 +Info 2017-08-11 2017-08-16
4.3
None Remote Medium Not required Partial None None
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.
9 CVE-2017-8254 200 +Info 2017-08-18 2017-08-23
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
10 CVE-2017-8239 200 +Info 2017-06-13 2017-11-16
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
11 CVE-2017-0825 200 +Info 2017-10-03 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Broadcom wifi driver. Product: Android. Versions: Android kernel. Android ID: A-37305633. References: B-V2017063002.
12 CVE-2017-0823 200 +Info 2017-10-03 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android system (rild). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37896655.
13 CVE-2017-0817 200 +Info 2017-10-03 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63522430.
14 CVE-2017-0816 200 +Info 2017-10-03 2017-10-12
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63662938.
15 CVE-2017-0815 200 +Info 2017-10-03 2017-10-12
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63526567.
16 CVE-2017-0808 200 +Info 2017-10-03 2017-10-12
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android framework (file system). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62301183.
17 CVE-2017-0793 200 +Info 2017-09-08 2017-09-15
7.1
None Remote Medium Not required Complete None None
A information disclosure vulnerability in the N/A memory subsystem. Product: Android. Versions: Android kernel. Android ID: A-35764946.
18 CVE-2017-0792 200 +Info 2017-09-08 2017-09-12
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301.
19 CVE-2017-0785 200 +Info 2017-09-14 2017-09-18
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
20 CVE-2017-0783 200 +Info 2017-09-14 2017-09-18
6.1
None Local Network Low Not required Complete None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
21 CVE-2017-0779 200 +Info 2017-09-08 2017-09-15
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android media framework (audioflinger). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38340117.
22 CVE-2017-0777 200 +Info 2017-09-08 2017-09-15
4.3
None Remote Medium Not required None None Partial
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-38342499.
23 CVE-2017-0776 200 +Info 2017-09-08 2017-09-15
4.3
None Remote Medium Not required None None Partial
A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38496660.
24 CVE-2017-0739 200 +Info 2017-08-09 2017-08-15
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.
25 CVE-2017-0709 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.
26 CVE-2017-0708 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879.
27 CVE-2017-0699 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.
28 CVE-2017-0698 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.
29 CVE-2017-0669 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752.
30 CVE-2017-0668 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579.
31 CVE-2017-0647 200 +Info 2017-06-14 2017-07-07
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.
32 CVE-2017-0646 200 +Info 2017-06-14 2017-07-07
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33899337.
33 CVE-2017-0645 200 Bypass +Info 2017-06-14 2017-07-07
4.3
None Remote Medium Not required Partial None None
An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35385327.
34 CVE-2017-0639 200 Bypass +Info 2017-06-14 2017-07-07
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991.
35 CVE-2017-0625 200 +Info 2017-05-12 2017-05-24
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.
36 CVE-2017-0602 200 Bypass +Info 2017-05-12 2017-05-19
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955.
37 CVE-2017-0598 200 Bypass +Info 2017-05-12 2017-05-19
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34128677.
38 CVE-2017-0560 200 Bypass +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079.
39 CVE-2017-0559 200 +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722.
40 CVE-2017-0558 200 +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274.
41 CVE-2017-0557 200 +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073.
42 CVE-2017-0556 200 +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093952.
43 CVE-2017-0555 200 +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775.
44 CVE-2017-0547 200 Bypass +Info 2017-04-07 2017-07-10
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560.
45 CVE-2017-0532 200 +Info 2017-03-07 2017-07-17
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32370398. References: M-ALPS03069985.
46 CVE-2017-0529 200 +Info 2017-03-07 2017-07-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.
47 CVE-2017-0495 200 +Info 2017-03-07 2017-07-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.
48 CVE-2017-0494 200 +Info 2017-03-07 2017-07-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32764144.
49 CVE-2017-0493 200 Bypass +Info 2017-05-12 2017-05-19
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32793550.
50 CVE-2017-0451 200 +Info 2017-02-08 2017-07-24
2.6
None Remote High Not required Partial None None
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.
Total number of vulnerabilities : 210   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.