CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android » : Security Vulnerabilities

Cpe Name:cpe:/o:google:android
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9685 416 2017-08-18 2017-08-26
9.3
 None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After Free condition.
2 CVE-2017-9684 416 2017-08-18 2017-08-21
7.6
 None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.
3 CVE-2017-9682 362 2017-08-18 2017-08-21
2.6
 None Remote High Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in two KGSL driver functions can lead to a Use After Free condition.
4 CVE-2017-9680 200 +Info 2017-08-18 2017-08-21
5.0
 None Remote Low Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.
5 CVE-2017-9679 200 +Info 2017-08-18 2017-08-21
5.0
 None Remote Low Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.
6 CVE-2017-9678 119 Overflow Mem. Corr. 2017-08-18 2017-08-21
9.3
 None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().
7 CVE-2017-8272 787 2017-08-18 2017-08-22
6.8
 None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write.
8 CVE-2017-8270 416 2017-08-18 2017-08-22
5.1
 None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a driver potentially leading to a use-after-free condition.
9 CVE-2017-8268 119 Overflow 2017-08-18 2017-08-22
9.3
 None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.
10 CVE-2017-8267 190 Overflow 2017-08-18 2017-08-22
7.6
 None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.
11 CVE-2017-8266 416 2017-08-18 2017-08-22
5.1
 None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
12 CVE-2017-8265 415 2017-08-18 2017-08-22
5.1
 None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.
13 CVE-2017-8263 19 2017-08-18 2017-08-22
9.3
 None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace.
14 CVE-2017-8262 416 2017-08-18 2017-08-23
7.6
 None Remote High Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition.
15 CVE-2017-8261 264 2017-08-18 2017-08-23
6.8
 None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.
16 CVE-2017-8260 787 2017-08-18 2018-03-06
6.8
 None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later.
17 CVE-2017-8257 264 2017-08-18 2017-08-23
6.8
 None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use.
18 CVE-2017-8256 264 2017-08-18 2017-08-23
6.8
 None Remote Medium Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.
19 CVE-2017-8255 190 Overflow 2017-08-18 2017-08-23
9.3
 None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.
20 CVE-2017-8254 200 +Info 2017-08-18 2017-08-23
4.3
 None Remote Medium Not required Partial None None
In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid.
21 CVE-2017-8253 264 2017-08-18 2017-08-23
9.3
 None Remote Medium Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.
22 CVE-2017-8243 119 Overflow 2017-08-16 2017-08-20
9.3
 None Remote Medium Not required Complete Complete Complete
A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file.
23 CVE-2017-8242 362 2017-06-13 2017-07-07
4.3
 None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.
24 CVE-2017-8241 119 Overflow 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.
25 CVE-2017-8240 119 Overflow 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.
26 CVE-2017-8239 200 +Info 2017-06-13 2017-11-16
4.3
 None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.
27 CVE-2017-8238 119 Overflow 2017-06-13 2017-06-16
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.
28 CVE-2017-8237 119 Overflow 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.
29 CVE-2017-8236 119 Overflow 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.
30 CVE-2017-8235 254 2017-06-13 2017-07-07
4.3
 None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.
31 CVE-2017-8234 284 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.
32 CVE-2017-8233 787 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.
33 CVE-2017-7373 415 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
34 CVE-2017-7372 119 Overflow 2017-06-13 2017-07-07
7.6
 None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.
35 CVE-2017-7371 416 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.
36 CVE-2017-7370 416 2017-06-13 2017-07-07
7.6
 None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.
37 CVE-2017-7369 20 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.
38 CVE-2017-7368 362 2017-06-13 2017-07-07
7.6
 None Remote High Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.
39 CVE-2017-7367 191 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
40 CVE-2017-7366 20 2017-06-13 2017-07-07
4.3
 None Remote Medium Not required None Partial None
In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.
41 CVE-2017-7365 119 Overflow 2017-06-13 2017-07-07
9.3
 None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.
42 CVE-2017-7364 416 2017-08-18 2017-08-21
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition.
43 CVE-2017-6421 264 Overflow 2017-08-16 2017-08-20
5.8
 None Local Network Low Not required Partial Partial Partial
In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow.
44 CVE-2017-0865 264 2017-11-16 2017-12-07
4.6
 None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.
45 CVE-2017-0864 264 2017-11-16 2017-12-07
4.6
 None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.
46 CVE-2017-0863 264 2017-11-16 2017-12-07
4.6
 None Local Low Not required Partial Partial Partial
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.
47 CVE-2017-0862 264 2017-11-16 2017-12-07
7.2
 None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.
48 CVE-2017-0843 264 2017-11-16 2017-12-07
7.2
 None Local Low Not required Complete Complete Complete
An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. References: M-ALPS03361488.
49 CVE-2016-10392 119 Overflow 2017-08-18 2018-04-18
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory.
50 CVE-2016-10391 20 2017-08-18 2017-08-23
10.0
 None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity.
Total number of vulnerabilities : 219   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.