Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Android
Total 7791 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9718 1 Google 1 Android 2017-12-15 4.4 MEDIUM 7.0 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in a multimedia driver can potentially lead to a buffer overwrite.
CVE-2017-9722 1 Google 1 Android 2017-12-15 4.6 MEDIUM 7.8 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs.
CVE-2017-0851 1 Google 1 Android 2017-12-07 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-35430570.
CVE-2017-0850 1 Google 1 Android 2017-12-07 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-64836941.
CVE-2017-0849 1 Google 1 Android 2017-12-07 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62688399.
CVE-2017-0848 1 Google 1 Android 2017-12-07 5.0 MEDIUM 5.3 MEDIUM
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217.
CVE-2017-0840 1 Google 1 Android 2017-12-07 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62948670.
CVE-2017-0839 1 Google 1 Android 2017-12-07 5.0 MEDIUM 7.5 HIGH
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64478003.
CVE-2017-8281 1 Google 1 Android 2017-12-06 2.6 LOW 4.7 MEDIUM
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition can allow access to already freed memory while querying event status via DCI.
CVE-2016-5341 1 Google 1 Android 2017-12-06 7.1 HIGH 5.9 MEDIUM
The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554).
CVE-2011-4863 2 Google, Tencent 2 Android, Qqpimsecure 2017-12-06 5.8 MEDIUM N/A
The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application.
CVE-2017-9701 1 Google 1 Android 2017-12-01 5.0 MEDIUM 7.5 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volatile memory.
CVE-2017-9719 1 Google 1 Android 2017-12-01 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.
CVE-2017-11092 1 Google 1 Android 2017-11-30 9.3 HIGH 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the KGSL driver function kgsl_ioctl_gpu_command, a Use After Free condition can potentially occur.
CVE-2017-11091 1 Google 1 Android 2017-11-30 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early.
CVE-2017-11085 1 Google 1 Android 2017-11-30 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c
CVE-2017-11058 1 Google 1 Android 2017-11-30 5.0 MEDIUM 7.5 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.
CVE-2017-11032 1 Google 1 Android 2017-11-30 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg().
CVE-2017-11029 1 Google 1 Android 2017-11-30 4.6 MEDIUM 7.8 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.
CVE-2017-11028 1 Google 1 Android 2017-11-30 5.0 MEDIUM 7.5 HIGH
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the ISP Camera driver, the contents of an arbitrary kernel address can be leaked to userspace by the function msm_isp_get_stream_common_data().