CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-15850 200 +Info 2018-01-10 2018-01-26
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers.
2 CVE-2017-14870 200 +Info 2018-01-10 2018-01-26
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked.
3 CVE-2017-14869 200 +Info 2018-01-10 2018-01-26
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage.
4 CVE-2017-13222 200 +Info 2018-01-12 2018-01-24
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.
5 CVE-2017-13218 200 +Info 2018-01-12 2018-02-06
4.7
None Local Medium Not required Complete None None
Access to CNTVCT_EL0 could be used for side channel attacks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68266545.
6 CVE-2017-13207 200 +Info 2018-01-12 2018-01-26
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.
7 CVE-2017-13206 200 +Info 2018-01-12 2018-02-02
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.
8 CVE-2017-13205 200 +Info 2018-01-12 2018-01-26
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.
9 CVE-2017-13204 200 +Info 2018-01-12 2018-01-25
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.
10 CVE-2017-13203 200 +Info 2018-01-12 2018-01-25
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634.
11 CVE-2017-13202 200 +Info 2018-01-12 2018-01-25
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.
12 CVE-2017-13201 200 +Info 2018-01-12 2018-01-25
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.
13 CVE-2017-13200 200 +Info 2018-01-12 2018-01-26
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.
14 CVE-2017-13188 200 +Info 2018-01-12 2018-01-25
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786.
15 CVE-2017-13187 200 +Info 2018-01-12 2018-01-26
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.
16 CVE-2017-13185 200 +Info 2018-01-12 2018-01-25
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.
17 CVE-2017-13175 200 +Info 2017-12-06 2017-12-19
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the NVIDIA libwilhelm. Product: Android. Versions: Android kernel. Android ID A-64339309. References: N-CVE-2017-13175.
18 CVE-2017-13169 200 +Info 2017-12-06 2017-12-19
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.
19 CVE-2017-13164 200 +Info 2017-12-06 2017-12-19
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.
20 CVE-2017-13159 200 +Info 2017-12-06 2017-12-18
7.8
None Remote Low Not required Complete None None
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.
21 CVE-2017-13158 200 +Info 2017-12-06 2017-12-18
7.8
None Remote Low Not required Complete None None
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.
22 CVE-2017-13157 200 +Info 2017-12-06 2017-12-18
7.8
None Remote Low Not required Complete None None
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.
23 CVE-2017-13152 200 +Info 2017-12-06 2017-12-18
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.
24 CVE-2017-13150 200 +Info 2017-12-06 2017-12-19
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-38328132.
25 CVE-2017-13149 200 +Info 2017-12-06 2017-12-19
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.
26 CVE-2017-11093 200 +Info 2017-11-16 2017-11-30
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer Over-read in Display due to the lack of an upper-bound validation when reading "num_of_cea_blocks" from the untrusted source (EDID), kernel memory can be exposed.
27 CVE-2017-11090 200 +Info 2017-11-16 2017-11-30
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in __wlan_hdd_cfg80211_set_pmksa when user space application sends PMKID of size less than WLAN_PMKID_LEN bytes.
28 CVE-2017-11089 200 +Info 2017-11-16 2017-11-30
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes
29 CVE-2017-11079 200 +Info 2018-01-10 2018-01-26
7.5
None Remote Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.
30 CVE-2017-11066 200 +Info 2018-01-10 2018-01-29
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed.
31 CVE-2017-11051 200 +Info 2017-10-10 2017-10-19
5.0
None Remote Low Not required Partial None None
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero.
32 CVE-2017-11040 200 +Info 2017-09-21 2017-09-26
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to.
33 CVE-2017-11035 119 Overflow +Info 2017-11-16 2018-01-12
4.6
None Local Low Not required Partial Partial Partial
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, possible buffer overflow or information leak in the functions "sme_set_ft_ies" and "csr_roam_issue_ft_preauth_req" due to incorrect initialization of WEXT callbacks and lack of the checks for buffer size.
34 CVE-2017-11028 200 +Info 2017-11-16 2017-11-30
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().
35 CVE-2017-11022 200 +Info 2017-11-16 2017-11-30
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of information elements using ini file.
36 CVE-2017-11002 200 +Info 2017-09-21 2017-09-26
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing a vendor sub-command, a buffer over-read can occur.
37 CVE-2017-11001 200 +Info 2017-09-21 2017-09-26
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length of the MAC address is not checked which may cause out of bounds read.
38 CVE-2017-10996 200 +Info 2017-09-21 2017-09-26
7.1
None Remote Medium Not required Complete None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, out of bounds access is possible in c_show(), due to compat_hwcap_str[] not being NULL-terminated. This error is not fatal, however the device might crash/reboot with memory violation/out of bounds access.
39 CVE-2017-9701 200 +Info 2017-11-16 2017-12-01
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.
40 CVE-2017-9696 200 +Info 2017-11-16 2017-12-01
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".
41 CVE-2017-9680 200 +Info 2017-08-18 2017-08-21
5.0
None Remote Low Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
42 CVE-2017-9679 200 +Info 2017-08-18 2017-08-21
5.0
None Remote Low Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
43 CVE-2017-9245 200 +Info 2017-07-18 2017-09-15
5.0
None Remote Low Not required Partial None None
The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
44 CVE-2017-8279 200 +Info 2017-11-16 2017-11-30
5.0
None Remote Low Not required Partial None None
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information.
45 CVE-2017-8269 200 +Info 2017-08-11 2017-08-16
4.3
None Remote Medium Not required Partial None None
Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory.
46 CVE-2017-8254 200 +Info 2017-08-18 2017-08-23
4.3
None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
47 CVE-2017-8239 200 +Info 2017-06-13 2017-11-16
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
48 CVE-2017-6275 200 +Info 2017-11-14 2017-11-29
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the Thermal Driver, where a missing bounds checking in the thermal driver could allow a read from an arbitrary kernel address. This issue is rated as moderate. Product: Pixel. Versions: N/A. Android ID: A-34702397. References: N-CVE-2017-6275.
49 CVE-2017-5119 119 Overflow +Info 2017-10-27 2017-12-30
4.3
None Remote Medium Not required Partial None None
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
50 CVE-2017-5117 200 +Info 2017-10-27 2017-12-30
4.3
None Remote Medium Not required Partial None None
Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Total number of vulnerabilities : 350   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.