CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-5822 119 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, compromised WLAN FW can potentially cause a buffer overwrite.
2 CVE-2018-5821 125 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in function wma_wow_wakeup_host_event(), wake_info->vdev_id is received from FW and is used directly as array index to access wma->interfaces whose max index should be (max_bssid-1). If wake_info->vdev_id is greater than or equal to max_bssid, an out-of-bounds read occurs.
3 CVE-2018-5820 190 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update_event_handler(), a parameter received from firmware is used to allocate memory for a local buffer and is not properly validated. This can potentially result in an integer overflow subsequently leading to a heap overwrite.
4 CVE-2018-3599 416 2018-04-03 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur.
5 CVE-2018-3596 264 2018-04-03 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, legacy code vulnerable after migration has been removed.
6 CVE-2017-18147 20 2018-04-03 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in MMCP, a downlink message is not being properly validated.
7 CVE-2017-18069 119 Overflow 2018-03-15 2018-04-06
7.8
None Remote Low Not required Complete None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper message length calculation in oem_cmd_handler() while processing a WLAN_NL_MSG_OEM netlink message leads to buffer overread.
8 CVE-2017-18068 119 Overflow 2018-03-15 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper buffer length calculation in wma_roam_scan_filter() leads to buffer overflow.
9 CVE-2017-18067 20 Overflow 2018-03-15 2018-04-06
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation while processing an encrypted authentication management frame in lim_send_auth_mgmt_frame() leads to buffer overflow.
10 CVE-2017-18064 20 Overflow 2018-03-15 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for p2p_noa_info in wma_send_bcn_buf_ll() which is received from firmware leads to potential buffer overflow.
11 CVE-2017-18063 20 2018-03-15 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for nlo_event in wma_nlo_match_evt_handler(), which is received from firmware, leads to potential out of bound memory access.
12 CVE-2017-18056 125 2018-03-15 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev_id in wma_unified_bcntx_status_event_handler() which is received from firmware leads to potential out of bounds memory read.
13 CVE-2017-17770 476 2018-04-03 2018-05-08
9.3
None Remote Medium Not required Complete Complete Complete
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.
14 CVE-2017-17767 119 Overflow 2018-02-23 2018-03-12
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the IL client may free a buffer OMX Video Encoder Component and then subsequently access the already freed buffer.
15 CVE-2017-17766 190 Overflow 2018-03-30 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received from firmware is not properly validated so that an integer overflow vulnerability in the size of a buffer allocation may potentially lead to a buffer overflow.
16 CVE-2017-17765 119 Overflow 2018-02-23 2018-03-12
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to buffer overflow.
17 CVE-2017-17764 190 Overflow 2018-02-23 2018-03-12
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead to a buffer overflow.
18 CVE-2017-15862 190 Overflow 2018-02-23 2018-03-12
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.
19 CVE-2017-15861 129 2018-02-23 2018-03-12
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
20 CVE-2017-15860 119 Overflow 2018-02-23 2018-03-12
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
21 CVE-2017-15849 416 2018-01-10 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition.
22 CVE-2017-15836 190 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready event to the host with a large number in the num_hw_modes or num_phy, then it could result in an integer overflow which may potentially lead to a buffer overflow.
23 CVE-2017-15822 119 Overflow 2018-04-03 2018-05-08
8.3
None Local Network Low Not required Complete Complete Complete
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing a 802.11 management frame, a buffer overflow may potentially occur.
24 CVE-2017-15821 119 Overflow 2018-03-15 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function wma_p2p_noa_event_handler(), there is no bound check on a value coming from firmware which can potentially lead to a buffer overwrite.
25 CVE-2017-15820 416 2018-02-23 2018-03-12
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
26 CVE-2017-15817 20 2018-02-23 2018-03-12
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.
27 CVE-2017-15815 119 Overflow 2018-03-15 2018-04-06
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame.
28 CVE-2017-15813 119 Overflow 2017-12-05 2017-12-15
7.5
None Remote Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.
29 CVE-2017-14918 416 2017-12-05 2017-12-20
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wireless interface, a Use After Free condition can occur.
30 CVE-2017-14917 119 Overflow 2017-12-05 2017-12-20
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
31 CVE-2017-14916 119 Overflow 2017-12-05 2017-12-20
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated.
32 CVE-2017-14914 20 2017-12-05 2017-12-20
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.
33 CVE-2017-14909 20 2017-12-05 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read from a file is not properly validated.
34 CVE-2017-14908 20 2017-12-05 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.
35 CVE-2017-14907 310 2017-12-05 2017-12-15
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.
36 CVE-2017-14906 2018-03-30 2018-04-23
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs.
37 CVE-2017-14904 264 2017-12-05 2018-01-19
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.
38 CVE-2017-14897 119 Overflow 2017-12-05 2017-12-15
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.
39 CVE-2017-14895 264 2017-12-05 2017-12-15
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, after a subsystem reset, iwpriv is not giving correct information.
40 CVE-2017-14894 119 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle->interfaces[vdev_id].
41 CVE-2017-14890 119 Overflow 2018-04-03 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll().
42 CVE-2017-14885 119 Overflow 2018-03-15 2018-04-06
7.2
None Local Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num_rates. The current behavior in this function is to validate only the num_rates of the first peer stats (peer_stats->num_rates) against WMA_SVC_MSG_MAX_SIZE, but not the sum of all the peer's num_rates (num_rates) which may lead to a buffer overflow when the firmware buffer is copied in to the allocated buffer (peer_stats) as the size for the memory allocation - link_stats_results_size is based on num_rates.
43 CVE-2017-14884 119 Overflow 2018-02-23 2018-03-16
7.2
None Local Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.
44 CVE-2017-14883 119 Overflow 2018-03-30 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer.
45 CVE-2017-14882 119 Overflow 2018-03-15 2018-04-06
7.8
None Remote Low Not required Complete None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access.
46 CVE-2017-14881 416 2018-03-30 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur.
47 CVE-2017-14878 20 DoS 2018-03-15 2018-04-06
7.8
None Remote Low Not required None None Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service.
48 CVE-2017-14877 416 2018-03-30 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur.
49 CVE-2017-14876 787 2018-03-30 2018-04-25
7.5
None Remote Low Not required Partial Partial Partial
In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write.
50 CVE-2017-14496 191 DoS 2017-10-02 2018-05-10
7.8
None Remote Low Not required None None Complete
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
Total number of vulnerabilities : 1141   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.