CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2016-10392 119 Overflow 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
1052 CVE-2016-10391 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.
1053 CVE-2016-10390 399 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.
1054 CVE-2016-10389 119 Overflow 2017-08-18 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition.
1055 CVE-2016-10388 16 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application.
1056 CVE-2016-10387 20 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.
1057 CVE-2016-10386 129 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.
1058 CVE-2016-10385 416 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.
1059 CVE-2016-10384 20 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a WLAN driver ioctl.
1060 CVE-2016-10383 362 2017-08-18 2017-08-23
9.3
None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI.
1061 CVE-2016-10382 284 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.
1062 CVE-2016-10381 1 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
1063 CVE-2016-10380 1 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location.
1064 CVE-2016-10347 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.
1065 CVE-2016-10346 190 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.
1066 CVE-2016-10344 476 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE.
1067 CVE-2016-10343 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak.
1068 CVE-2016-10342 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.
1069 CVE-2016-10341 264 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended.
1070 CVE-2016-10340 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler.
1071 CVE-2016-10339 200 +Info 2017-06-13 2017-07-07
5.8
None Remote Medium Not required Partial Partial None
In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.
1072 CVE-2016-10338 20 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.
1073 CVE-2016-10337 20 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.
1074 CVE-2016-10336 254 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.
1075 CVE-2016-10335 284 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated.
1076 CVE-2016-10334 284 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten.
1077 CVE-2016-10333 284 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS.
1078 CVE-2016-10332 254 2017-06-13 2017-07-07
4.3
None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.
1079 CVE-2016-10299 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.
1080 CVE-2016-10298 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.
1081 CVE-2016-10297 362 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
1082 CVE-2016-10282 264 Exec Code 2017-05-12 2017-05-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.
1083 CVE-2016-10281 264 Exec Code 2017-05-12 2017-05-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.
1084 CVE-2016-10280 264 Exec Code 2017-05-12 2017-05-24
7.6
None Remote High Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.
1085 CVE-2016-10276 264 Exec Code 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.
1086 CVE-2016-10275 264 Exec Code 2017-05-12 2017-05-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111.
1087 CVE-2016-10274 264 Exec Code 2017-05-12 2017-05-24
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.
1088 CVE-2016-10242 362 2017-05-16 2017-07-10
7.6
None Remote High Not required Complete Complete Complete
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
1089 CVE-2016-10239 190 Overflow Bypass 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur.
1090 CVE-2016-10238 264 Bypass 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.
1091 CVE-2016-10237 284 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory.
1092 CVE-2016-10236 200 +Info 2018-04-04 2018-05-04
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.
1093 CVE-2016-10235 20 DoS 2018-04-04 2018-05-04
5.0
None Remote Low Not required None None Partial
A denial of service vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-34390620. References: QC-CR#1046409.
1094 CVE-2016-10234 200 +Info 2018-04-04 2018-05-04
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in the Qualcomm IPA driver. Product: Android. Versions: Android kernel. Android ID: A-34390017. References: QC-CR#1069060.
1095 CVE-2016-10233 264 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452.
1096 CVE-2016-10232 264 2018-04-04 2018-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872.
1097 CVE-2016-10231 264 2018-04-04 2018-05-04
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.
1098 CVE-2016-10230 264 Exec Code 2018-04-04 2018-05-04
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408.
1099 CVE-2016-10229 358 Exec Code 2017-04-04 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.
1100 CVE-2016-10200 416 DoS +Priv 2017-03-07 2018-01-04
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.