CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score >= 2)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-10709 254 Bypass 2017-06-30 2017-07-06
7.2
None Local Low Not required Complete Complete Complete
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
2 CVE-2017-8242 362 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.
3 CVE-2017-8241 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.
4 CVE-2017-8240 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.
5 CVE-2017-8239 200 +Info 2017-06-13 2017-07-07
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
6 CVE-2017-8238 119 Overflow 2017-06-13 2017-06-16
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.
7 CVE-2017-8237 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.
8 CVE-2017-8236 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.
9 CVE-2017-8235 254 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.
10 CVE-2017-8234 284 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.
11 CVE-2017-8233 787 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.
12 CVE-2017-7373 415 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
13 CVE-2017-7372 119 Overflow 2017-06-13 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
14 CVE-2017-7371 416 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
15 CVE-2017-7370 416 2017-06-13 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
16 CVE-2017-7369 20 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
17 CVE-2017-7368 362 2017-06-13 2017-07-07
7.6
None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
18 CVE-2017-7367 191 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
19 CVE-2017-7366 20 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.
20 CVE-2017-7365 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.
21 CVE-2017-6249 264 Exec Code 2017-07-13 2017-07-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.
22 CVE-2017-6248 264 Exec Code 2017-07-06 2017-07-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248.
23 CVE-2017-6247 264 Exec Code 2017-07-06 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process in the kernel. Product: Android. Versions: N/A. Android ID: A-34386301. References: N-CVE-2017-6247.
24 CVE-2017-3750 264 2017-06-29 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
25 CVE-2017-3749 264 2017-06-29 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
26 CVE-2017-3748 264 2017-06-29 2017-07-05
7.2
None Local Low Not required Complete Complete Complete
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
27 CVE-2017-0711 264 2017-07-06 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the MediaTek networking driver. Product: Android. Versions: Android kernel. Android ID: A-36099953. References: M-ALPS03206781.
28 CVE-2017-0710 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream Linux tcb. Product: Android. Versions: Android kernel. Android ID: A-34951864.
29 CVE-2017-0709 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the HTC sensor hub driver. Product: Android. Versions: Android kernel. Android ID: A-35468048.
30 CVE-2017-0708 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879.
31 CVE-2017-0707 264 2017-07-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the HTC led driver. Product: Android. Versions: Android kernel. Android ID: A-36088467.
32 CVE-2017-0706 264 2017-07-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.
33 CVE-2017-0705 264 2017-07-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-34973477. References: B-RB#119898.
34 CVE-2017-0704 264 2017-07-06 2017-07-12
6.8
None Remote Medium Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-33059280.
35 CVE-2017-0703 264 2017-07-06 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882.
36 CVE-2017-0702 264 Exec Code 2017-07-06 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442.
37 CVE-2017-0701 264 Exec Code 2017-07-06 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36385715.
38 CVE-2017-0700 264 Exec Code 2017-07-06 2017-07-12
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138.
39 CVE-2017-0699 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36490809.
40 CVE-2017-0698 200 +Info 2017-07-06 2017-07-11
4.3
None Remote Medium Not required Partial None None
A information disclosure vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35467458.
41 CVE-2017-0697 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013.
42 CVE-2017-0696 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37207120.
43 CVE-2017-0695 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889.
44 CVE-2017-0694 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318.
45 CVE-2017-0693 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36993291.
46 CVE-2017-0692 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.
47 CVE-2017-0691 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.
48 CVE-2017-0690 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202.
49 CVE-2017-0689 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.
50 CVE-2017-0688 264 DoS 2017-07-06 2017-07-11
4.3
None Remote Medium Not required None None Partial
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35584425.
Total number of vulnerabilities : 1097   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.