CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-2344 310 +Priv 2011-07-08 2011-07-08
10.0
 None Remote Low Not required Complete Complete Complete
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com.
2 CVE-2013-7457 +Priv 2016-07-10 2016-07-11
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
3 CVE-2014-7915 189 Overflow 2015-09-30 2015-10-01
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
4 CVE-2014-7916 189 Overflow 2015-09-30 2015-10-01
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
5 CVE-2014-7917 189 Overflow 2015-09-30 2015-10-01
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
6 CVE-2014-7920 264 +Priv 2017-04-13 2017-04-20
10.0
 None Remote Low Not required Complete Complete Complete
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
7 CVE-2014-7921 264 +Priv 2017-04-13 2017-04-20
10.0
 None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
8 CVE-2014-9411 118 2017-08-18 2017-08-23
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.
9 CVE-2014-9795 189 Overflow Bypass 2016-07-10 2016-11-28
10.0
 None Remote Low Not required Complete Complete Complete
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
10 CVE-2014-9902 119 Exec Code Overflow 2016-08-05 2016-11-28
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
11 CVE-2014-9953 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
12 CVE-2014-9954 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
13 CVE-2014-9955 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
14 CVE-2014-9956 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
15 CVE-2014-9957 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
16 CVE-2014-9958 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
17 CVE-2014-9959 264 2018-04-04 2018-05-08
10.0
 None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.
18 CVE-2014-9968 119 Overflow 2017-08-18 2017-08-23
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.
19 CVE-2014-9969 327 2017-08-18 2017-08-23
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.
20 CVE-2014-9971 20 2017-08-18 2018-04-18
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.
21 CVE-2014-9972 476 2017-08-18 2018-04-18
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.
22 CVE-2014-9973 119 Overflow 2017-08-18 2017-08-23
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.
23 CVE-2014-9974 119 Overflow 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.
24 CVE-2014-9975 326 2017-08-18 2017-08-23
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.
25 CVE-2014-9976 119 Overflow 2017-08-18 2018-04-18
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
26 CVE-2014-9977 119 Overflow 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.
27 CVE-2014-9978 119 Overflow 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.
28 CVE-2014-9979 119 Overflow 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory.
29 CVE-2014-9980 119 Overflow 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory.
30 CVE-2014-9981 119 Overflow 2017-08-18 2018-04-18
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.
31 CVE-2015-0574 20 2017-08-18 2018-04-18
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.
32 CVE-2015-0575 326 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
33 CVE-2015-1474 189 DoS Overflow +Priv Mem. Corr. 2015-02-15 2017-09-28
10.0
 None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
34 CVE-2015-1538 189 Exec Code Overflow 2015-09-30 2017-09-20
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
35 CVE-2015-1539 189 Exec Code 2015-09-30 2017-09-20
10.0
 None Remote Low Not required Complete Complete Complete
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.
36 CVE-2015-3100 119 Exec Code Overflow 2015-06-09 2016-12-30
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.
37 CVE-2015-3103 Exec Code 2015-06-09 2016-12-30
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107.
38 CVE-2015-3104 189 Exec Code Overflow 2015-06-09 2016-12-30
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.
39 CVE-2015-3105 119 DoS Exec Code Overflow Mem. Corr. 2015-06-09 2016-12-30
10.0
 None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
40 CVE-2015-3106 Exec Code 2015-06-09 2017-09-16
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107.
41 CVE-2015-3107 416 Exec Code 2015-06-09 2017-09-16
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.
42 CVE-2015-3823 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
 None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
43 CVE-2015-3824 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
 None Remote Low Not required Complete Complete Complete
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261.
44 CVE-2015-3828 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
 None Remote Low Not required Complete Complete Complete
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.
45 CVE-2015-3829 189 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
 None Remote Low Not required Complete Complete Complete
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.
46 CVE-2015-3832 119 Exec Code Overflow 2015-09-30 2015-10-01
10.0
 None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
47 CVE-2015-3834 189 Exec Code Overflow 2015-09-30 2015-10-01
10.0
 None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489.
48 CVE-2015-3836 189 DoS Exec Code Overflow 2015-09-30 2015-10-01
10.0
 None Remote Low Not required Complete Complete Complete
The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.
49 CVE-2015-3864 189 Exec Code 2015-09-30 2017-09-15
10.0
 None Remote Low Not required Complete Complete Complete
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
50 CVE-2015-3867 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
 None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.
Total number of vulnerabilities : 884   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.