CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2017-13276 119 Exec Code Overflow 2018-04-04 2018-05-09
6.8
None Remote Medium Not required Partial Partial Partial
In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599.
152 CVE-2017-13275 125 2018-04-04 2018-05-09
1.9
None Local Medium Not required Partial None None
In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908.
153 CVE-2017-13274 346 2018-04-04 2018-05-09
7.5
None Remote Low Not required Partial Partial Partial
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761.
154 CVE-2017-13273 264 2018-02-14 2018-03-12
6.9
None Local Medium Not required Complete Complete Complete
In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158.
155 CVE-2017-13272 416 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137.
156 CVE-2017-13271 264 2018-04-04 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799.
157 CVE-2017-13270 264 2018-04-04 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744.
158 CVE-2017-13269 200 +Info 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.
159 CVE-2017-13268 200 +Info 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.
160 CVE-2017-13267 119 Overflow 2018-04-04 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009.
161 CVE-2017-13266 119 Exec Code Overflow 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.
162 CVE-2017-13265 264 2018-04-04 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423.
163 CVE-2017-13264 2018-04-04 2018-05-08
5.0
None Remote Low Not required None None Partial
A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343.
164 CVE-2017-13263 264 2018-04-04 2018-05-08
7.5
None Remote Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160.
165 CVE-2017-13262 125 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
166 CVE-2017-13261 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.
167 CVE-2017-13260 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.
168 CVE-2017-13259 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546.
169 CVE-2017-13258 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.
170 CVE-2017-13257 416 2018-04-04 2018-05-08
4.3
None Remote Medium Not required Partial None None
In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692.
171 CVE-2017-13256 787 Exec Code 2018-04-04 2018-05-08
8.3
None Local Network Low Not required Complete Complete Complete
In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.
172 CVE-2017-13255 787 Exec Code 2018-04-04 2018-05-08
8.3
None Local Network Low Not required Complete Complete Complete
In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054.
173 CVE-2017-13254 284 2018-04-04 2018-05-21
7.8
None Remote Low Not required None None Complete
A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507.
174 CVE-2017-13253 787 2018-04-04 2018-05-08
9.3
None Remote Medium Not required Complete Complete Complete
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378.
175 CVE-2017-13252 20 2018-04-04 2018-05-08
9.3
None Remote Medium Not required Complete Complete Complete
In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702.
176 CVE-2017-13251 787 2018-04-04 2018-05-08
9.3
None Remote Medium Not required Complete Complete Complete
In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702.
177 CVE-2017-13250 787 Exec Code 2018-04-04 2018-05-09
9.3
None Remote Medium Not required Complete Complete Complete
In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536.
178 CVE-2017-13249 787 Exec Code 2018-04-04 2018-05-09
9.3
None Remote Medium Not required Complete Complete Complete
In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408.
179 CVE-2017-13248 787 Exec Code 2018-04-04 2018-05-09
9.3
None Remote Medium Not required Complete Complete Complete
In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612.
180 CVE-2017-13247 264 Bypass 2018-02-12 2018-03-14
4.6
None Local Low Not required Partial Partial Partial
In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.
181 CVE-2017-13246 200 +Info 2018-02-12 2018-03-01
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.
182 CVE-2017-13245 264 2018-02-12 2018-03-07
4.6
None Local Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.
183 CVE-2017-13244 264 2018-02-12 2018-03-07
4.6
None Local Low Not required Partial Partial Partial
A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.
184 CVE-2017-13243 200 +Info 2018-02-12 2018-03-01
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
185 CVE-2017-13242 200 +Info 2018-02-12 2018-03-07
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
186 CVE-2017-13241 200 +Info 2018-02-12 2018-03-07
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
187 CVE-2017-13240 200 +Info 2018-02-12 2018-03-07
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.
188 CVE-2017-13239 200 +Info 2018-02-12 2018-03-07
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.
189 CVE-2017-13238 200 +Info 2018-02-12 2018-03-13
4.7
None Local Medium Not required Complete None None
In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.
190 CVE-2017-13236 264 Bypass 2018-02-12 2018-03-13
4.6
None Local Low Not required Partial Partial Partial
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
191 CVE-2017-13235 476 2018-02-12 2018-03-08
4.3
None Remote Medium Not required None None Partial
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
192 CVE-2017-13234 400 DoS 2018-02-12 2018-03-13
7.1
None Remote Medium Not required None None Complete
In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767.
193 CVE-2017-13233 400 DoS 2018-02-12 2018-03-13
7.1
None Remote Medium Not required None None Complete
In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.
194 CVE-2017-13232 787 2018-02-12 2018-03-07
7.8
None Remote Low Not required Complete None None
In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.
195 CVE-2017-13231 787 2018-02-12 2018-03-13
7.2
None Local Low Not required Complete Complete Complete
In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232.
196 CVE-2017-13230 787 Exec Code 2018-02-12 2018-03-13
9.3
None Remote Medium Not required Complete Complete Complete
In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.
197 CVE-2017-13229 20 Exec Code 2018-02-12 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
198 CVE-2017-13228 787 Exec Code 2018-02-12 2018-03-13
9.3
None Remote Medium Not required Complete Complete Complete
In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425.
199 CVE-2017-13226 264 2018-01-12 2018-01-24
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.
200 CVE-2017-13225 119 Exec Code Overflow 2018-01-12 2018-01-25
9.3
None Remote Medium Not required Complete Complete Complete
In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.
Total number of vulnerabilities : 891   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.