Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-15850 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, userspace can read values from audio codec registers. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-15848 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-15847 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the SPCom kernel driver, a race condition exists when creating a channel. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.0 HIGH V2.0: 4.4 MEDIUM |
CVE-2017-15845 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-14879 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-14873 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-14870 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-14869 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-11081 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-11080 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-11079 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-11066 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-11003 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size. Published: January 10, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-15849 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition. Published: January 10, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-11069 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow. Published: January 10, 2018; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2018-5298 |
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. An attacker can gain access to locally stored user data more easily by leveraging access to the preferences XML file. Published: January 08, 2018; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-16905 |
The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. Published: January 05, 2018; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1000498 |
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution Published: January 03, 2018; 9:29:00 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-17715 |
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. Published: December 16, 2017; 2:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-3190 |
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. Published: December 15, 2017; 9:29:10 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 2.9 LOW |