Google

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-15862 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially le...Show more In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a buffer overflow.Show less
CVE-2017-15861 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
CVE-2017-15860 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.
CVE-2017-15829 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a GPU Driver which can potentially lead to a Use After Free condition.
CVE-2017-15820 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, in a KGSL IOCTL handler, a Use After Free Condition can potentially occur.
CVE-2017-15817 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authen...Show more In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.Show less
CVE-2017-14884 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur...Show more In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg.Show less
CVE-2017-7376 3Debian GoogleXmlsoft 3Android Debian LinuxLibxml2 Nov 21, 2024 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
CVE-2017-7375 3Debian GoogleXmlsoft 3Android Debian LinuxLibxml2 Dec 3, 2025 Feb 19, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Dependin...Show more A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).Show less
CVE-2017-13273 1Google 1Android Nov 21, 2024 Feb 15, 2018 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Pr...Show more In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158.Show less
CVE-2017-13247 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not neede...Show more In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645.Show less
CVE-2017-13246 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.
CVE-2017-13245 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.
CVE-2017-13244 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.
CVE-2017-13243 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
CVE-2017-13242 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
CVE-2017-13241 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.
CVE-2017-13240 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.
CVE-2017-13239 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.
CVE-2017-13238 1Google 1Android Nov 21, 2024 Feb 12, 2018 N/A· v4 4.2 MEDIUM· v3 4.7 MEDIUM· v2 In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privil...Show more In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940.Show less

Previous 1...522523524...688 Next