| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-15835 |
275 |
|
|
2018-11-30 |
2018-12-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. |
|
2 |
CVE-2018-11294 |
20 |
|
|
2018-09-18 |
2018-11-09 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories. |
|
3 |
CVE-2018-11263 |
129 |
|
|
2018-09-06 |
2018-11-14 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05. |
|
4 |
CVE-2018-10229 |
254 |
|
|
2018-05-04 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. |
|
5 |
CVE-2018-9565 |
125 |
|
Overflow |
2018-12-06 |
2018-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558. |
|
6 |
CVE-2018-9562 |
125 |
|
|
2018-12-06 |
2019-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621. |
|
7 |
CVE-2018-9542 |
125 |
|
|
2018-11-14 |
2018-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111896861 |
|
8 |
CVE-2018-9541 |
125 |
|
|
2018-11-14 |
2018-12-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531 |
|
9 |
CVE-2018-9540 |
125 |
|
|
2018-11-14 |
2018-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417 |
|
10 |
CVE-2018-9526 |
200 |
|
+Info |
2018-11-14 |
2018-12-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 |
|
11 |
CVE-2018-9489 |
200 |
|
+Info |
2018-11-06 |
2018-12-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245. |
|
12 |
CVE-2018-6246 |
200 |
|
+Info |
2018-05-10 |
2018-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. |
|
13 |
CVE-2018-6158 |
362 |
|
|
2019-01-09 |
2019-01-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
14 |
CVE-2018-6101 |
20 |
|
Exec Code |
2018-12-04 |
2019-01-09 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools debugging server. |
|
15 |
CVE-2018-6061 |
362 |
|
|
2018-11-14 |
2018-12-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
|
16 |
CVE-2018-6034 |
125 |
|
|
2018-09-25 |
2018-11-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. |
|
17 |
CVE-2018-5897 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
18 |
CVE-2018-5886 |
125 |
|
|
2018-07-06 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. |
|
19 |
CVE-2018-3598 |
200 |
|
+Info |
2018-04-03 |
2018-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver can lead to information leak and out-of-bounds access. |
|
20 |
CVE-2018-3584 |
416 |
|
|
2018-04-03 |
2018-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur in the function rmnet_usb_ctrl_init(). |
|
21 |
CVE-2018-3577 |
190 |
|
Overflow |
2018-07-06 |
2018-08-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
22 |
CVE-2017-18354 |
22 |
|
Dir. Trav. File Inclusion |
2018-12-17 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker. |
|
23 |
CVE-2017-18353 |
284 |
|
|
2018-12-17 |
2019-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application. |
|
24 |
CVE-2017-18060 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for resp_event->vdev_id in wma_unified_bcntx_status_event_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
25 |
CVE-2017-18059 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read. |
|
26 |
CVE-2017-18058 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wow_buf_pkt_len in wma_wow_wakeup_host_event() which is received from firmware leads to potential out of bounds memory read. |
|
27 |
CVE-2017-18057 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_nlo_scan_cmp_evt_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
28 |
CVE-2017-18053 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for fix_param->vdev_id in wma_p2p_lo_event_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
29 |
CVE-2017-18052 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for cmpl_params->num_reports, param_buf->desc_ids and param_buf->status in wma_mgmt_tx_bundle_completion_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
30 |
CVE-2017-18051 |
125 |
|
|
2018-03-16 |
2018-04-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for event->vdev_id in wma_rcpi_event_handler(), which is received from firmware, leads to potential out of bounds memory read. |
|
31 |
CVE-2017-17860 |
20 |
|
|
2018-01-18 |
2018-02-06 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone |
|
32 |
CVE-2017-15859 |
200 |
|
+Info |
2018-03-30 |
2018-04-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs. |
|
33 |
CVE-2017-15853 |
119 |
|
Overflow |
2018-04-03 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur. |
|
34 |
CVE-2017-15850 |
200 |
|
+Info |
2018-01-10 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. |
|
35 |
CVE-2017-15837 |
119 |
|
Overflow |
2018-04-03 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32(). |
|
36 |
CVE-2017-15423 |
310 |
|
|
2018-08-28 |
2018-11-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512(password) by inspecting protocol traffic. |
|
37 |
CVE-2017-15397 |
310 |
|
|
2018-02-07 |
2018-03-13 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Inappropriate implementation in ChromeVox in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker in a privileged network position to observe or tamper with certain cleartext HTTP requests by leveraging that position. |
|
38 |
CVE-2017-14905 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur. |
|
39 |
CVE-2017-14903 |
119 |
|
Overflow |
2017-12-05 |
2017-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7. |
|
40 |
CVE-2017-14891 |
200 |
|
+Info |
2018-03-30 |
2018-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable. |
|
41 |
CVE-2017-14875 |
119 |
|
Overflow |
2018-03-30 |
2018-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists. |
|
42 |
CVE-2017-14870 |
200 |
|
+Info |
2018-01-10 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. |
|
43 |
CVE-2017-14869 |
200 |
|
+Info |
2018-01-10 |
2018-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. |
|
44 |
CVE-2017-13305 |
200 |
|
+Info |
2018-04-04 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. |
|
45 |
CVE-2017-13304 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999. |
|
46 |
CVE-2017-13303 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501. |
|
47 |
CVE-2017-13300 |
20 |
|
DoS |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394. |
|
48 |
CVE-2017-13299 |
|
|
|
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. |
|
49 |
CVE-2017-13298 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. |
|
50 |
CVE-2017-13297 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721. |
