CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » 5.1.1 : Security Vulnerabilities

Cpe Name:cpe:/o:google:android:5.1.1
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2018-15835 200 +Info 2018-11-30 2019-10-02
5.0
None Remote Low Not required Partial None None
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
2 CVE-2017-14496 191 DoS 2017-10-02 2018-05-10
7.8
None Remote Low Not required None None Complete
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
3 CVE-2017-13269 200 +Info 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034.
4 CVE-2017-13268 200 +Info 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064.
5 CVE-2017-13266 119 Exec Code Overflow 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941.
6 CVE-2017-13262 125 2018-04-04 2018-05-08
3.3
None Local Network Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284.
7 CVE-2017-13261 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292.
8 CVE-2017-13260 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251.
9 CVE-2017-13259 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546.
10 CVE-2017-13258 125 2018-04-04 2018-05-08
5.0
None Remote Low Not required Partial None None
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755.
11 CVE-2017-13257 416 2018-04-04 2018-05-08
4.3
None Remote Medium Not required Partial None None
In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692.
12 CVE-2017-13256 787 Exec Code 2018-04-04 2018-05-08
8.3
None Local Network Low Not required Complete Complete Complete
In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966.
13 CVE-2017-13255 787 Exec Code 2018-04-04 2018-05-08
8.3
None Local Network Low Not required Complete Complete Complete
In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054.
14 CVE-2017-13243 200 +Info 2018-02-12 2018-03-01
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
15 CVE-2017-13241 200 +Info 2018-02-12 2018-03-07
5.0
None Remote Low Not required Partial None None
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
16 CVE-2017-13235 476 2018-02-12 2018-03-08
4.3
None Remote Medium Not required None None Partial
A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866.
17 CVE-2017-13234 772 DoS 2018-02-12 2019-10-02
7.1
None Remote Medium Not required None None Complete
In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767.
18 CVE-2017-13233 400 DoS 2018-02-12 2018-03-13
7.1
None Remote Medium Not required None None Complete
In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602.
19 CVE-2017-13232 787 2018-02-12 2018-03-07
7.8
None Remote Low Not required Complete None None
In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950.
20 CVE-2017-13230 787 Exec Code 2018-02-12 2018-03-13
9.3
None Remote Medium Not required Complete Complete Complete
In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665.
21 CVE-2017-13229 20 Exec Code 2018-02-12 2018-03-06
10.0
None Remote Low Not required Complete Complete Complete
A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703.
22 CVE-2017-13212 2018-01-12 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.
23 CVE-2017-13210 787 Exec Code 2018-01-12 2018-01-30
7.2
None Local Low Not required Complete Complete Complete
In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345.
24 CVE-2017-13208 119 Exec Code Overflow 2018-01-12 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.
25 CVE-2017-13206 200 +Info 2018-01-12 2018-02-02
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.
26 CVE-2017-13202 200 +Info 2018-01-12 2018-01-25
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.
27 CVE-2017-13201 200 +Info 2018-01-12 2018-01-25
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.
28 CVE-2017-13200 200 +Info 2018-01-12 2018-01-26
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.
29 CVE-2017-13198 20 2018-01-12 2018-02-01
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.
30 CVE-2017-13196 772 DoS Exec Code 2018-01-12 2019-10-02
7.8
None Remote Low Not required None None Complete
In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.
31 CVE-2017-13195 835 DoS 2018-01-12 2019-10-02
7.8
None Remote Low Not required None None Complete
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.
32 CVE-2017-13194 20 2018-01-12 2019-05-06
7.8
None Remote Low Not required None None Complete
A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.
33 CVE-2017-13193 835 DoS Exec Code 2018-01-12 2019-10-02
7.8
None Remote Low Not required None None Complete
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.
34 CVE-2017-13192 835 DoS 2018-01-12 2019-10-02
7.8
None Remote Low Not required None None Complete
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.
35 CVE-2017-13191 835 DoS Exec Code 2018-01-12 2019-10-02
7.8
None Remote Low Not required None None Complete
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403.
36 CVE-2017-13188 200 +Info 2018-01-12 2018-01-25
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786.
37 CVE-2017-13187 200 +Info 2018-01-12 2018-01-26
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.
38 CVE-2017-13185 200 +Info 2018-01-12 2018-01-25
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.
39 CVE-2017-13177 119 Exec Code Overflow 2018-01-12 2018-02-01
10.0
None Remote Low Not required Complete Complete Complete
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413.
40 CVE-2017-13176 20 Bypass 2018-01-12 2018-01-29
9.3
None Remote Medium Not required Complete Complete Complete
In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.
41 CVE-2017-13159 200 +Info 2017-12-06 2017-12-18
7.8
None Remote Low Not required Complete None None
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879772.
42 CVE-2017-13158 200 +Info 2017-12-06 2017-12-18
7.8
None Remote Low Not required Complete None None
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32879915.
43 CVE-2017-13157 200 +Info 2017-12-06 2017-12-18
7.8
None Remote Low Not required Complete None None
An information disclosure vulnerability in the Android system (activitymanagerservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-32990341.
44 CVE-2017-13156 434 2017-12-06 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
45 CVE-2017-13154 416 2017-12-06 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573.
46 CVE-2017-13152 200 +Info 2017-12-06 2017-12-18
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability in the Android media framework (libmedia drm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62872384.
47 CVE-2017-13149 200 +Info 2017-12-06 2017-12-19
8.5
None Remote Low Not required Partial None Complete
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65719872.
48 CVE-2017-7376 119 Exec Code Overflow 2018-02-19 2019-05-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
49 CVE-2017-7375 611 2018-02-19 2018-03-18
7.5
None Remote Low Not required Partial Partial Partial
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
50 CVE-2017-3750 2017-06-29 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
Total number of vulnerabilities : 254   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.