| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-11293 |
125 |
|
|
2018-09-18 |
2018-11-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large. |
|
2 |
CVE-2017-15835 |
835 |
|
DoS |
2018-12-07 |
2019-10-02 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service. |
|
3 |
CVE-2017-13305 |
125 |
|
|
2018-04-04 |
2019-10-02 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. |
|
4 |
CVE-2017-13269 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034. |
|
5 |
CVE-2017-13268 |
200 |
|
+Info |
2018-04-04 |
2018-05-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064. |
|
6 |
CVE-2017-13262 |
125 |
|
|
2018-04-04 |
2018-05-08 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284. |
|
7 |
CVE-2017-6295 |
125 |
|
DoS |
2018-03-06 |
2018-03-27 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
NVIDIA TrustZone Software contains a vulnerability in the Keymaster implementation where the software reads data past the end, or before the beginning, of the intended buffer; and may lead to denial of service or information disclosure. This issue is rated as high. |
|
8 |
CVE-2017-0792 |
200 |
|
+Info |
2017-09-08 |
2017-09-12 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37305578. References: B-V2017052301. |
|
9 |
CVE-2017-0785 |
200 |
|
+Info |
2017-09-14 |
2018-07-27 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. |
|
10 |
CVE-2016-0830 |
119 |
|
DoS Overflow Mem. Corr. |
2016-03-12 |
2016-11-28 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. |
|
11 |
CVE-2015-8956 |
476 |
|
DoS +Info |
2016-10-10 |
2018-01-04 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. |
|
12 |
CVE-2015-5310 |
200 |
|
DoS +Info |
2016-01-06 |
2018-02-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. |
|
13 |
CVE-2014-8610 |
264 |
|
|
2014-12-15 |
2014-12-16 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. |
|
14 |
CVE-2014-6060 |
399 |
|
DoS |
2014-09-04 |
2016-06-23 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. |
