CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2017-6284 326 2018-03-06 2018-03-27
2.1
None Local Low Not required Partial None None
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate.
452 CVE-2017-6283 200 +Info 2018-03-06 2018-03-27
4.9
None Local Low Not required Complete None None
NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.
453 CVE-2017-6282 123 2018-03-06 2018-03-27
7.2
None Local Low Not required Complete Complete Complete
NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high.
454 CVE-2017-6281 787 2018-03-12 2018-04-04
7.2
None Local Low Not required Complete Complete Complete
NVIDIA libnvomx contains a possible out of bounds write due to a improper input validation which could lead to local escalation of privilege. This issue is rated as high. Product: Android. Version: N/A. Android: A-66969318. Reference: N-CVE-2017-6281.
455 CVE-2017-6280 125 +Info 2018-03-06 2018-03-27
5.0
None Remote Low Not required Partial None None
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.
456 CVE-2017-6279 787 Exec Code 2018-02-06 2018-03-01
7.2
None Local Low Not required Complete Complete Complete
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-65023166. Reference: N-CVE-2017-6279.
457 CVE-2017-6276 416 Exec Code 2017-12-06 2017-12-21
7.2
None Local Low Not required Complete Complete Complete
NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android: A-63802421. References: N-CVE-2017-6276.
458 CVE-2017-6275 200 +Info 2017-11-14 2017-11-29
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.
459 CVE-2017-6274 787 2017-11-14 2017-11-29
7.5
None Remote Low Not required Partial Partial Partial
An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274.
460 CVE-2017-6263 416 Exec Code 2017-12-06 2017-12-21
7.2
None Local Low Not required Complete Complete Complete
NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to improper usage of the list_for_each kernel macro which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38046353. References: N-CVE-2017-6263.
461 CVE-2017-6262 416 Exec Code 2017-12-06 2017-12-21
6.9
None Local Medium Not required Complete Complete Complete
NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262.
462 CVE-2017-6258 787 Exec Code 2018-02-06 2018-03-01
7.2
None Local Low Not required Complete Complete Complete
NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnerability when running in media server which may cause an out of bounds write and could lead to local code execution in a privileged process. This issue is rated as high. Product: Android. Version: N/A. Android: A-38027496. Reference: N-CVE-2017-6258.
463 CVE-2017-6249 264 Exec Code 2017-07-13 2017-07-19
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.
464 CVE-2017-6248 264 Exec Code 2017-07-06 2017-07-17
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34372667. References: N-CVE-2017-6248.
465 CVE-2017-6247 264 Exec Code 2017-07-06 2017-07-17
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process in the kernel. Product: Android. Versions: N/A. Android ID: A-34386301. References: N-CVE-2017-6247.
466 CVE-2017-6211 119 Overflow 2017-12-05 2017-12-22
10.0
None Remote Low Not required Complete Complete Complete
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.
467 CVE-2017-3750 264 2017-06-29 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
468 CVE-2017-3749 264 2017-06-29 2017-07-05
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.
469 CVE-2017-3748 264 2017-06-29 2017-07-05
7.2
None Local Low Not required Complete Complete Complete
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).
470 CVE-2017-0880 264 DoS 2017-12-06 2017-12-18
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012.
471 CVE-2017-0879 200 +Info 2017-12-06 2017-12-19
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.
472 CVE-2017-0878 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.
473 CVE-2017-0877 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.
474 CVE-2017-0876 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.
475 CVE-2017-0874 20 DoS 2017-12-06 2017-12-19
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932.
476 CVE-2017-0873 20 DoS 2017-12-06 2017-12-19
7.1
None Remote Medium Not required None None Complete
A denial of service vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63316255.
477 CVE-2017-0872 20 Exec Code 2017-12-06 2017-12-19
9.3
None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65290323.
478 CVE-2017-0871 264 2017-12-06 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159.
479 CVE-2017-0870 264 2017-12-06 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807.
480 CVE-2017-0869 190 Exec Code Overflow 2018-01-12 2018-02-01
7.2
None Local Low Not required Complete Complete Complete
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.
481 CVE-2017-0865 264 2017-11-16 2017-12-07
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.
482 CVE-2017-0864 264 2017-11-16 2017-12-07
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.
483 CVE-2017-0863 264 2017-11-16 2017-12-07
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.
484 CVE-2017-0862 264 2017-11-16 2017-12-07
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.
485 CVE-2017-0861 264 +Priv 2017-11-16 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
486 CVE-2017-0860 264 2017-11-16 2017-12-07
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-31097064.
487 CVE-2017-0859 399 2017-11-16 2017-12-07
7.8
None Remote Low Not required None None Complete
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36075131.
488 CVE-2017-0858 399 2017-11-16 2017-12-07
7.8
None Remote Low Not required None None Complete
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894.
489 CVE-2017-0857 399 2017-11-16 2017-12-07
7.8
None Remote Low Not required None None Complete
Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.
490 CVE-2017-0855 119 DoS Overflow 2018-01-12 2018-02-01
7.8
None Remote Low Not required None None Complete
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.
491 CVE-2017-0854 200 +Info 2017-11-16 2017-12-07
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63873837.
492 CVE-2017-0853 200 +Info 2017-11-16 2017-12-07
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644.
493 CVE-2017-0852 399 DoS 2017-11-16 2017-12-07
7.8
None Remote Low Not required None None Complete
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0. Android ID: A-62815506.
494 CVE-2017-0851 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.
495 CVE-2017-0850 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.
496 CVE-2017-0849 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.
497 CVE-2017-0848 200 +Info 2017-11-16 2017-12-07
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.
498 CVE-2017-0847 264 2017-11-16 2017-11-27
7.5
None Remote Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999.
499 CVE-2017-0846 200 +Info 2018-01-12 2018-02-01
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.
500 CVE-2017-0845 284 DoS 2017-11-16 2017-11-27
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.
Total number of vulnerabilities : 1092   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.