| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-9493 |
89 |
|
Sql |
2018-10-02 |
2018-11-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 |
|
2 |
CVE-2018-6254 |
125 |
|
|
2018-05-10 |
2018-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. |
|
3 |
CVE-2018-5895 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
4 |
CVE-2018-5865 |
191 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. |
|
5 |
CVE-2018-5864 |
119 |
|
Overflow +Info |
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. |
|
6 |
CVE-2018-5836 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. |
|
7 |
CVE-2018-3579 |
119 |
|
Overflow |
2018-06-12 |
2018-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not properly validated which can lead to a buffer over-read |
|
8 |
CVE-2018-3574 |
20 |
|
|
2018-09-19 |
2018-11-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS. |
|
9 |
CVE-2017-18281 |
125 |
|
|
2018-10-29 |
2018-12-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel |
|
10 |
CVE-2017-17769 |
200 |
|
+Info |
2018-03-30 |
2018-04-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver. |
|
11 |
CVE-2017-15844 |
125 |
|
|
2018-09-18 |
2018-11-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash. |
|
12 |
CVE-2017-15824 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the function UpdateDeviceStatus() writes a local stack buffer without initialization to flash memory using WriteToPartition() which may potentially leak memory. |
|
13 |
CVE-2017-15814 |
125 |
|
|
2018-03-16 |
2018-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in msm_flash_subdev_do_ioctl of drivers/media/platform/msm/camera_v2/sensor/flash/msm_flash.c, there is a possible out of bounds read if flash_data.cfg_type is CFG_FLASH_INIT due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
|
14 |
CVE-2017-14893 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
15 |
CVE-2017-14872 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
16 |
CVE-2017-13290 |
125 |
|
|
2018-04-04 |
2018-05-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124. |
|
17 |
CVE-2017-9693 |
119 |
|
Overflow |
2018-03-30 |
2018-04-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_change_station in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-06 being less than the actual lenth of StaParams.extn_capability results in a read for extra bytes when a memcpy is done from params->ext_capab to StaParams.extn_capability using the sizeof(StaParams.extn_capability). |
|
18 |
CVE-2017-9682 |
362 |
|
|
2017-08-18 |
2017-08-21 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition. |
|
19 |
CVE-2017-9676 |
416 |
|
|
2017-09-21 |
2017-09-26 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. |
|
20 |
CVE-2017-8281 |
362 |
|
|
2017-09-21 |
2017-12-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI. |
|
21 |
CVE-2017-6288 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-65482562. Reference: N-CVE-2017-6288. |
|
22 |
CVE-2017-6287 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate.Product: Android. Version: N/A. Android: A-64893264. Reference: N-CVE-2017-6287. |
|
23 |
CVE-2017-6285 |
125 |
|
|
2018-03-12 |
2018-04-04 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285. |
|
24 |
CVE-2017-6284 |
326 |
|
|
2018-03-06 |
2018-03-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate. |
|
25 |
CVE-2017-0532 |
200 |
|
+Info |
2017-03-07 |
2017-07-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32370398. References: M-ALPS03069985. |
|
26 |
CVE-2017-0498 |
284 |
|
DoS |
2017-03-07 |
2017-07-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311. |
|
27 |
CVE-2017-0451 |
200 |
|
+Info |
2017-02-08 |
2017-07-24 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129. |
|
28 |
CVE-2017-0423 |
264 |
|
|
2017-02-08 |
2017-07-24 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. |
|
29 |
CVE-2017-0388 |
200 |
|
Bypass +Info |
2017-01-12 |
2017-01-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490. |
|
30 |
CVE-2016-8472 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31531758. References: MT-ALPS02961384. |
|
31 |
CVE-2016-8471 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528890. References: MT-ALPS02961380. |
|
32 |
CVE-2016-8470 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31528889. References: MT-ALPS02961395. |
|
33 |
CVE-2016-8462 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383. |
|
34 |
CVE-2016-8414 |
200 |
|
+Info |
2017-02-08 |
2017-07-24 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407. |
|
35 |
CVE-2016-6774 |
200 |
|
Bypass +Info |
2017-01-12 |
2017-01-17 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489. |
|
36 |
CVE-2016-6769 |
284 |
|
|
2017-01-12 |
2017-01-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physical access to an unlocked device where Smart Lock was the last settings pane accessed by the user. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-29055171. |
|
37 |
CVE-2016-6708 |
284 |
|
Bypass |
2016-11-25 |
2016-12-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is rated as High because it is a local bypass of user interaction requirements for any developer or security setting modifications. Android ID: A-30693465. |
|
38 |
CVE-2016-5858 |
200 |
|
+Info |
2017-08-16 |
2017-08-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. |
|
39 |
CVE-2016-5855 |
200 |
|
+Info |
2017-08-16 |
2017-08-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. |
|
40 |
CVE-2016-5854 |
200 |
|
+Info |
2017-08-16 |
2017-08-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. |
|
41 |
CVE-2016-5347 |
200 |
|
+Info |
2017-08-16 |
2017-08-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. |
|
42 |
CVE-2016-3888 |
264 |
|
Bypass |
2016-09-11 |
2017-08-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123. |
|
43 |
CVE-2016-3761 |
200 |
|
+Info |
2016-07-10 |
2016-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to obtain sensitive foreground-application information via a crafted background application, aka internal bug 28300969. |
|
44 |
CVE-2016-2457 |
264 |
|
Bypass |
2016-05-09 |
2016-07-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179. |
|
45 |
CVE-2016-2107 |
310 |
|
+Info |
2016-05-04 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. |
|
46 |
CVE-2016-0823 |
200 |
|
+Info |
2016-03-12 |
2016-11-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. |
|
47 |
CVE-2015-6641 |
200 |
|
+Info |
2016-01-06 |
2016-12-07 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. |
|
48 |
CVE-2015-6627 |
200 |
|
+Info |
2015-12-08 |
2015-12-09 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743. |
|
49 |
CVE-2015-3840 |
284 |
|
|
2017-06-27 |
2017-07-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. |
|
50 |
CVE-2015-3839 |
476 |
|
DoS |
2017-08-07 |
2017-08-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). |
