Total
7791 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5298 | 2 Google, Mozilla | 2 Android, Firefox | 2018-07-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox < 50. | |||||
| CVE-2017-0785 | 1 Google | 1 Android | 2018-07-28 | 3.3 LOW | 6.5 MEDIUM |
| A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. | |||||
| CVE-2017-6294 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69316825. Reference: N-CVE-2017-6294. | |||||
| CVE-2017-6292 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. User interaction is not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69480285. Reference: N-CVE-2017-6292. | |||||
| CVE-2017-6290 | 1 Google | 1 Android | 2018-07-27 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed. User interaction not needed for exploitation. This issue is rated as high. Version: N/A. Android: A-69559414. Reference: N-CVE-2017-6290. | |||||
| CVE-2017-13218 | 1 Google | 1 Android | 2018-07-19 | 4.7 MEDIUM | 4.7 MEDIUM |
| Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845. | |||||
| CVE-2018-5845 | 1 Google | 1 Android | 2018-07-17 | 7.6 HIGH | 7.0 HIGH |
| A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-3578 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
| Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-3565 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
| While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow can occur. | |||||
| CVE-2018-3562 | 1 Google | 1 Android | 2018-07-17 | 7.1 HIGH | 5.5 MEDIUM |
| Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5850 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
| In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5846 | 1 Google | 1 Android | 2018-07-17 | 9.3 HIGH | 7.8 HIGH |
| A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2017-7817 | 2 Google, Mozilla | 2 Android, Firefox | 2018-06-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56. | |||||
| CVE-2018-4925 | 4 Adobe, Apple, Google and 1 more | 5 Digital Editions, Iphone Os, Mac Os X and 2 more | 2018-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2018-5827 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event. | |||||
| CVE-2018-3568 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur. | |||||
| CVE-2018-3567 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages. | |||||
| CVE-2017-15855 | 1 Google | 1 Android | 2018-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow. | |||||
| CVE-2018-6254 | 1 Google | 1 Android | 2018-06-14 | 2.1 LOW | 3.3 LOW |
| In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. | |||||
| CVE-2017-6293 | 1 Google | 1 Android | 2018-06-14 | 7.2 HIGH | 7.8 HIGH |
| In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 TZ contains a vulnerability in Widevine TA where the software writes data past the end, or before the beginning, of the intended buffer, which may lead to escalation of Privileges. This issue is rated as high. Android: A-69377364. Reference: N-CVE-2017-6293. | |||||